I'm sometimes asked why there's a division between so-called "user-centric" identity and "enterprise-centric" identity. And as it's true that both approaches have a lot in common, I've struggled a bit to find the definitive differentiator, but I think a couple of friends have given me the pointers I need.
I'm sometimes asked why there's a division between so-called "user-centric" identity and "enterprise-centric" identity. And as it's true that both approaches have a lot in common, I’ve struggled a bit to find the definitive differentiator, but I think a couple of friends have given me the pointers I need.
I’ve been friendly with both Kim Cameron of Microsoft and Jackson Shaw of Quest for a few years now, but they’ve known each other since even before they were partners at Zoomit a dozen years ago. They also worked together at Microsoft before Shaw left to join Vintela, which has since acquired by Quest. They ended up in different identity “camps” – Cameron in the “user-centric” space (which he helped define with his “Laws of Identity”) and Shaw smack dab in the middle of the “enterprise-centric” space with Quest’s Active Directory enablers for non-Windows platforms. They both are also relatively regular bloggers and it was a post from each this week that I want to talk about.
Kim finally got around to posting something he’s been promising for a while: an abridged version of the Laws “…accessible to busy people without a technical background.” One sentence struck me: “It should NOT be possible to automatically link up everything we do in all aspects of how we use the Internet. A single identifier that stitches everything up would have many unintended consequences.”
A day or so later, I was reading a note Jackson had posted, which commented on a new report about Red Hat’s push into the identity management space. In part it reads: “Steve [Coplan, who wrote the report] is the first analyst who I've seen state that ‘identity consolidation’ is a market… ‘…centralization is essentially the first step toward applying a uniform set of controls on all users and establishing the foundation for defining and enforcing identity management policies in an automated fashion’.”
And there you have it. Enterprise-centric identity management is really all about tying together all the activities and attributes of a single entity into a readily accessible (and reportable and auditable) form. User-centric identity is about keeping various parts of your online life totally separated so that they aren’t accessible and no report can be drawn.
That’s certainly a sharp distinction, one which could be seen as forever keeping the two approaches separate. But do they have to be? Can’t there be a “grand unified theory” of identity which encompasses both? I think I know the answer, but you’ll have to come back next issue to see it. (Compare Identity Management products)