Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

This year's Catalyst Conference, very Oprah, very Cosmo

We need to model our online identity behavior after our real world identity behavior
Security: Identity Management Alert By Dave Kearns , Network World , 07/02/2008
Kearns
Sign up for this newsletter now!

Dave Kearns provides the information you need to evaluate, install and maintain your corporate identity management system.

  • Share/Email
  • Tweet This
  • Comment
  • Print

Last week's Burton Group Catalyst Conference might have been subtitled "The Oprah Year" ("Get Health, Beauty, Recipes, Money, Decorating and Relationship Advice on Oprah.com") because the buzz was all about relationships. Burton Vice President and Research Director Bob Blakley even illustrated his presentation with what could have been pictures clipped from Cosmo.

The theme was introduced by Burton CEO Jamie Lewis in his opening keynote when he said “We need to think differently - It’s the relationships, stupid.” Blakley reiterated that theme and proposed that we stop talking about “trust” when what we really mean is cryptography; and stop thinking of our vendors, clients, partners, employees and customers in terms of risks to be assessed. Not, he hastened to add, that risk shouldn’t be taken into account but that risk acceptance and risk avoidance are simply one small factor in a relationship. “Relationship is the context which protects the security and the privacy of identity information,” is how he put it.

Bob went on to characterize three possible relationships: Custodial, Contextual and Transactional. He illustrated these in this way:

Custodial identity: An enterprise holds the identity data for its employees, creates and maintains the records and controls its use and distribution.
Contextual identity: The entity needing identity data relies on a partner or known identity provider for data, perhaps through federation or the use of user-driven systems such as InfoCards.
Transactional assurance:
No actual exchange of identity information, just an assurance (e.g., “of legal drinking age”) that discloses minimal information. This ties in to Blakley’s “Identity Oracle” concept, a service to assess (and supply) the minimal data necessary to satisfy a need for data which could be used as an identifier.

In a rare presentation by someone who is neither a Burton analyst nor a Burton client, Sun Principal Engineer Eve Maler spoke to the relationship model in terms of user-driven identity, with particular reference to the Higgins Project’s “R-Card” construct.

The thrust of these sessions is that we need to model our online identity behavior after our real world identity behavior and that trust naturally flows from a relationship. The R-Card is an intriguing concept in line with that model, one which we’ll explore in more depth in the not too distant future.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comments (1)
Login
Forgot your account info?

Relationships and TrustBy Allan Milgate on July 3, 2008, 2:00 amBob Blakley is partly right when he says "It's the relationships, stupid." But then he proposed that we stop talking about "trust" when what we really mean is cryptography...

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed