- FBI warns Hit Man e-mail scammer back
- 20 tech habits to improve your life
- Industry mourns slain Cisco exec
- 10 Firefox add-ons for better browsing
- Wireless LANs face scaling challenges
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Dave Kearns provides the information you need to evaluate, install and maintain your corporate identity management system.
Last week's Burton Group Catalyst Conference might have been subtitled "The Oprah Year" ("Get Health, Beauty, Recipes, Money, Decorating and Relationship Advice on Oprah.com") because the buzz was all about relationships. Burton Vice President and Research Director Bob Blakley even illustrated his presentation with what could have been pictures clipped from Cosmo.
The theme was introduced by Burton CEO Jamie Lewis in his opening keynote when he said “We need to think differently - It’s the relationships, stupid.” Blakley reiterated that theme and proposed that we stop talking about “trust” when what we really mean is cryptography; and stop thinking of our vendors, clients, partners, employees and customers in terms of risks to be assessed. Not, he hastened to add, that risk shouldn’t be taken into account but that risk acceptance and risk avoidance are simply one small factor in a relationship. “Relationship is the context which protects the security and the privacy of identity information,” is how he put it.
Bob went on to characterize three possible relationships: Custodial, Contextual and Transactional. He illustrated these in this way:
Custodial identity: An enterprise holds the identity data for its employees, creates and maintains the records and controls its use and distribution.
Contextual identity: The entity needing identity data relies on a partner or known identity provider for data, perhaps through federation or the
use of user-driven systems such as InfoCards.
Transactional assurance: No actual exchange of identity information, just an assurance (e.g., “of legal drinking age”) that discloses minimal information.
This ties in to Blakley’s “Identity Oracle” concept, a service to assess (and supply) the minimal data necessary to satisfy a need for data which could be used as an identifier.
In a rare presentation by someone who is neither a Burton analyst nor a Burton client, Sun Principal Engineer Eve Maler spoke to the relationship model in terms of user-driven identity, with particular reference to the Higgins Project’s “R-Card” construct.
The thrust of these sessions is that we need to model our online identity behavior after our real world identity behavior and that trust naturally flows from a relationship. The R-Card is an intriguing concept in line with that model, one which we’ll explore in more depth in the not too distant future.

Aging network systems and old habits have dictated how businesses spend their IT budgets. As a...
Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch OfficesThis paper reviews the problem of creating a network where the dynamic availability of services is...
Enterprise Data Center Network Reference ArchitectureUsing a High Performance Network Backbone to Meet the Requirements of the Modern Enterprise Data...

The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
Stay out of the headlines: Detecting and preventing network intrusionsHow do YOU stay out of the headlines? There is no denying that risk exists in our computer-driven...

We have so many holes punched in our firewalls today that many industry insiders question the value...
IP address management in 2008 - six things to knowRead this Network World Special Brief to learn how Enterprise IT managers must update their...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comments (1)
Relationships and TrustBy Allan Milgate on July 3, 2008, 2:00 amBob Blakley is partly right when he says "It's the relationships, stupid." But then he proposed that we stop talking about "trust" when what we really mean is cryptography...
Reply | Read entire comment
View all comments