Explaining the importance of context in ID mgmt.

The foundation for security and enterprise management

Last week, I asked if an identity needed to be unique, and answered that yes, it does, within a given context. That seems like an excellent segue to a discussion of context and how it relates to identity.

I can think of no one better qualified to lead this discussion than Michel Prompt, founder of Radiant Logic (http://www.radiantlogic.com) and the man who introduced me to the vital importance of context. Prompt believes that context-driven identity is so important that he's built an entire virtual directory business around the concept and has now patented the process.

Prompt's biggest problem over the years is that he is passionate about identity, virtual engines and context. Unfortunately, the more passionate he gets the harder he is to understand. He'll lapse into a hybrid language that we call "Franglish" which neither French speakers or English speakers can fully comprehend. Once in a great while, Prompt will take the time to set his thoughts to paper (well, virtual paper at least) where some of us can hope to try to comprehend the truths he presents.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Last week, I asked if an identity needed to be unique, and answered that yes, it does, within a given context. That seems like an excellent segue to a discussion of context and how it relates to identity.

I can think of no one better qualified to lead this discussion than Michel Prompt, founder of Radiant Logic (http://www.radiantlogic.com) and the man who introduced me to the vital importance of context. Prompt believes that context-driven identity is so important that he's built an entire virtual directory business around the concept and has now patented the process.

Prompt's biggest problem over the years is that he is passionate about identity, virtual engines and context. Unfortunately, the more passionate he gets the harder he is to understand. He'll lapse into a hybrid language that we call "Franglish" which neither French speakers or English speakers can fully comprehend. Once in a great while, Prompt will take the time to set his thoughts to paper (well, virtual paper at least) where some of us can hope to try to comprehend the truths he presents.

Prompt has allowed me to share with you an extended version of an article that appeared in the April/May issue of Digital ID World. The extended version titled "Virtual directory and identity integration: The second wave" and subtitled "Linking digital identities to contexts," can be viewed at http://vquill.com/prompt/ (or downloaded as a Word file from http://vquill.com/prompt.doc).

It is Prompt's thesis that for realistic identity management "...not only do we need a formal, operational and simple definition of what is an identity ('Who'). We also need also a good representation of the situation, the context  (the 'What') in which an identity operates. Finally we need to know how to represent, what an identity 'is doing' in a given context, which means establishing a relationship at the appropriate time between an identity and a specific context."

Context is important, and virtualization makes it easier. As Prompt says, "If we exploit virtualization correctly, by building an abstraction layer not only for objects but also for relationships between objects we can derive from our existing applications a world of information related to our identity. We can understand how these different identities are linked to the different processes, which are automated by a specific application. We have found a way to link an identity to the specific 'context' of an application."

Why is this important? According to Prompt, "By virtualizing not only objects, but also relationships and metadata between these different entities, the second generation of directory virtualization is opening a whole new field of applications and uses cases for the identity management space. This new generation pushes even further the inversion of the paradigm that the first generation brought. Rather than trying to reconcile the whole world of applications with a rigidly defined schema and data model  the one size fits all solution, this approach turns each application into a contributor, a specific context publisher for the global enterprise tree. Instead of one monolithic view of the world, we can have has many as needed as dictated by the business contexts."

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.