The difference between user-centric and enterprise-centric identity, explained

* Microsoft's Kim Cameron and Quest's Jackson Shaw offer up their views on user-centric and enterprise-centric identity

I'm sometimes asked why there's a division between so-called "user-centric" identity and "enterprise-centric" identity. And as it's true that both approaches have a lot in common, I've struggled a bit to find the definitive differentiator, but I think a couple of friends have given me the pointers I need.

I'm sometimes asked why there's a division between so-called "user-centric" identity and "enterprise-centric" identity. And as it's true that both approaches have a lot in common, I’ve struggled a bit to find the definitive differentiator, but I think a couple of friends have given me the pointers I need.

I’ve been friendly with both Kim Cameron of Microsoft and Jackson Shaw of Quest for a few years now, but they’ve known each other since even before they were partners at Zoomit a dozen years ago. They also worked together at Microsoft before Shaw left to join Vintela, which has since acquired by Quest. They ended up in different identity “camps” – Cameron in the “user-centric” space (which he helped define with his “Laws of Identity”) and Shaw smack dab in the middle of the “enterprise-centric” space with Quest’s Active Directory enablers for non-Windows platforms. They both are also relatively regular bloggers and it was a post from each this week that I want to talk about.

Kim finally got around to posting something he’s been promising for a while: an abridged version of the Laws “…accessible to busy people without a technical background.” One sentence struck me: “It should NOT be possible to automatically link up everything we do in all aspects of how we use the Internet. A single identifier that stitches everything up would have many unintended consequences.”

A day or so later, I was reading a note Jackson had posted, which commented on a new report about Red Hat’s push into the identity management space. In part it reads: “Steve [Coplan, who wrote the report] is the first analyst who I've seen state that ‘identity consolidation’ is a market… ‘…centralization is essentially the first step toward applying a uniform set of controls on all users and establishing the foundation for defining and enforcing identity management policies in an automated fashion’.”

And there you have it. Enterprise-centric identity management is really all about tying together all the activities and attributes of a single entity into a readily accessible (and reportable and auditable) form. User-centric identity is about keeping various parts of your online life totally separated so that they aren’t accessible and no report can be drawn.

That’s certainly a sharp distinction, one which could be seen as forever keeping the two approaches separate. But do they have to be? Can’t there be a “grand unified theory” of identity which encompasses both? I think I know the answer, but you’ll have to come back next issue to see it. (Compare Identity Management products)

Join the discussion
Be the first to comment on this article. Our Commenting Policies