The call for a new identity standard

The foundation for security and enterprise management

For those of you who have just tuned in, we're in the midst of reviewing the recent Catalyst Conference and the various announcements made in and around that get together. Last week I told you about the major themes presented on stage, and later on we'll hear about the new products, new versions of old products and new start-ups that got announced. Today, though, I want to examine the organizational events that occurred - a new release from a standards body, a new promotional organization and the call for a new standard.

The Liberty Alliance released the first components of the Identity Governance Framework that it acquired from it’s initial developers at Oracle. In particular, this first release of the CARML (Client Attribute Requirements Markup Language) specification is very welcome. This is “…a policy format that applications, devices and services can use to characterize required identity data, coupled with privacy constraints governing use. It allows auditors and deployers to understand what identity information an application requires so that services can be deployed flexibly over enterprise identity architectures based on LDAP, Liberty SAML 2.0 Federation, WS-Trust and Liberty Web Services (ID-WSF)” according to the release documents. This is a very important step on the road to developing a true "identity bus”" or hub.

And speaking of the Identity Bus reminds me of Microsoft’s Stuart Kwan, which makes me think of Microsoft’s CardSpace and naturally links to the recent announcement of the InfoCard Foundation (ICF). This consortium of vendors (Microsoft, Novell, Ping Identity, Gemalto and a dozen others) and independent users (including Pamela Dingle, Ben Laurie, Drummond Reed, Mary Ruddy, Paul Trevithick and others who have graced this newsletter from time to time) is specifically NOT about producing specifications. Rather, its raison d’etre is to: “Advance the use of the Information Card metaphor as a key component of an open, interoperable, royalty-free, user-centric identity layer spanning both the enterprise and the Internet.” Certainly laudable, but purely marketing organizations tend to have a fairly short effective lifespan. The absence of Sun could be a problem – but possibly more of a problem for Sun (if they’re seen as obstructionist) than for the ICF. Time will tell, and we will be watching.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

For those of you who have just tuned in, we're in the midst of reviewing the recent Catalyst Conference and the various announcements made in and around that get together. Last week I told you about the major themes presented on stage, and later on we'll hear about the new products, new versions of old products and new start-ups that got announced. Today, though, I want to examine the organizational events that occurred - a new release from a standards body, a new promotional organization and the call for a new standard.

The Liberty Alliance released the first components of the Identity Governance Framework that it acquired from it’s initial developers at Oracle. In particular, this first release of the CARML (Client Attribute Requirements Markup Language) specification is very welcome. This is “…a policy format that applications, devices and services can use to characterize required identity data, coupled with privacy constraints governing use. It allows auditors and deployers to understand what identity information an application requires so that services can be deployed flexibly over enterprise identity architectures based on LDAP, Liberty SAML 2.0 Federation, WS-Trust and Liberty Web Services (ID-WSF)” according to the release documents. This is a very important step on the road to developing a true "identity bus”" or hub.

And speaking of the Identity Bus reminds me of Microsoft’s Stuart Kwan, which makes me think of Microsoft’s CardSpace and naturally links to the recent announcement of the InfoCard Foundation (ICF). This consortium of vendors (Microsoft, Novell, Ping Identity, Gemalto and a dozen others) and independent users (including Pamela Dingle, Ben Laurie, Drummond Reed, Mary Ruddy, Paul Trevithick and others who have graced this newsletter from time to time) is specifically NOT about producing specifications. Rather, its raison d’etre is to: “Advance the use of the Information Card metaphor as a key component of an open, interoperable, royalty-free, user-centric identity layer spanning both the enterprise and the Internet.” Certainly laudable, but purely marketing organizations tend to have a fairly short effective lifespan. The absence of Sun could be a problem – but possibly more of a problem for Sun (if they’re seen as obstructionist) than for the ICF. Time will tell, and we will be watching.

The third event was the announcement of a proposal for a new group to form and develop a brand new specification. Sailpoint’s CTO, Darran Rolls, issued a call for the formation of the Open Role Exchange Forum. He coupled this with an open letter to the trade outlining his proposal and inviting them to an interactive Webinar on July 16 at 1 p.m. CDT to further discuss this topic and relay up to date information on this proposal. The nub of the argument is that, “Defining one single, global authoritative role model for all systems, in all ‘domains’ is rarely, if ever possible. Separate ‘models’ will always need to coexist. Therefore, the industry must open and enable the collaborative exchange of roles, as part of a framework for Identity Governance.” Another laudable effort, one which deserves a chance to succeed. If you have anything to do with roles or role-modeling you ought to be on that call next week.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.