- Microsoft Windows chief decries standards grandstanding
- The 5 best, and 5 worst, features of Google Chrome OS
- Federal government using PS3 to crack pedophile passwords
- 10G Ethernet cheat sheet
- Top 10 free Windows tools for IT pros, at a glance
Dave Kearns provides the information you need to evaluate, install and maintain your corporate identity management system.
I'm sometimes asked why there's a division between so-called "user-centric" identity and "enterprise-centric" identity. And as it's true that both approaches have a lot in common, I’ve struggled a bit to find the definitive differentiator, but I think a couple of friends have given me the pointers I need.
I’ve been friendly with both Kim Cameron of Microsoft and Jackson Shaw of Quest for a few years now, but they’ve known each other since even before they were partners at Zoomit a dozen years ago. They also worked together at Microsoft before Shaw left to join Vintela, which has since acquired by Quest. They ended up in different identity “camps” – Cameron in the “user-centric” space (which he helped define with his “Laws of Identity”) and Shaw smack dab in the middle of the “enterprise-centric” space with Quest’s Active Directory enablers for non-Windows platforms. They both are also relatively regular bloggers and it was a post from each this week that I want to talk about.
Kim finally got around to posting something he’s been promising for a while: an abridged version of the Laws “…accessible to busy people without a technical background.” One sentence struck me: “It should NOT be possible to automatically link up everything we do in all aspects of how we use the Internet. A single identifier that stitches everything up would have many unintended consequences.”
A day or so later, I was reading a note Jackson had posted, which commented on a new report about Red Hat’s push into the identity management space. In part it reads: “Steve [Coplan, who wrote the report] is the first analyst who I've seen state that ‘identity consolidation’ is a market… ‘…centralization is essentially the first step toward applying a uniform set of controls on all users and establishing the foundation for defining and enforcing identity management policies in an automated fashion’.”
And there you have it. Enterprise-centric identity management is really all about tying together all the activities and attributes of a single entity into a readily accessible (and reportable and auditable) form. User-centric identity is about keeping various parts of your online life totally separated so that they aren’t accessible and no report can be drawn.
Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (4)
I don't quite see thisBy James Benedict on August 25, 2008, 10:48 amSo the Internet wants to link "some", but never "all" whereas the Enterprise wants to link "all", but inevitably only ends up with "some". From my standpoint...
Reply | Read entire comment
Identity Model - Enterprise AND User Centric?By Anonymous on August 25, 2008, 5:02 pmI've been wondering if the model we're building (see http://identityhappens.blogspot.com/) applies to both, and I think it does. But of course I'd like to hear your...
Reply | Read entire comment
Enterprise and user centric identity modelsBy Anonymous on August 25, 2008, 5:05 pmThe two don't have to be necessarily mutually exclusive (at least from my perspective). I've blogged about what I call the 'theory of identity relativity' which...
Reply | Read entire comment
I've been thinking more on this...By Anonymous on September 2, 2008, 2:55 pmI've been thinking more on this. I'm wondering if there's not a private and public identity with different but potentially related uses. I've put some thoughts...
Reply | Read entire comment
View all comments