Identity definition hard to pin down

The foundation for security and enterprise management

One think I can say about the IdM discipline and those who practice it -- we do love to keep chewing the same bone over and over. Earlier this month, on the "community" mailing list for Identity Commons, a public list that used to be the private domain of the Identity Gang, someone raised what I'm sure he considered to be an innocent question: "I looked around to get a good definition of identity and am finding somewhat narrowly scoped definitions. …What I am looking for is a definition that encompasses non-silicon and silicon-based entities. Role identities as well as servers and services should be included. … Does anyone have a definition they would be willing to share."

Well, that's like asking a preachers' convention if they know the way to heaven!

Some 60 e-mails later, there still was no resolution. But that particular group of individuals had been talking about that definition off and on for more than five years.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

One think I can say about the IdM discipline and those who practice it -- we do love to keep chewing the same bone over and over. Earlier this month, on the "community" mailing list for Identity Commons, a public list that used to be the private domain of the Identity Gang, someone raised what I'm sure he considered to be an innocent question: "I looked around to get a good definition of identity and am finding somewhat narrowly scoped definitions. …What I am looking for is a definition that encompasses non-silicon and silicon-based entities. Role identities as well as servers and services should be included. … Does anyone have a definition they would be willing to share."

Well, that's like asking a preachers' convention if they know the way to heaven!

Some 60 e-mails later, there still was no resolution. But that particular group of individuals had been talking about that definition off and on for more than five years.

Identity management provisioning tools

I was reminded of this discussion (and many others like it over the years) while writing the last issue about Canada's "Directive on Identity Management", which includes this definition:

"Identity (identité) -- A reference or designation used to distinguish a unique and particular individual, organization or device."

While most people would look to add considerable baggage to that definition it has the admirable quality of being applicable to both a digital presence and a "real world" (or "meat space") presence.

Too many of the arguments we've had about terms over the years seek to differentiate digital presence from "real world" presence. But, really, this is a distinction that needn't be drawn. If there's a point where we absolutely have to differentiate --  so that we can more clearly discuss events in cyberspace, for example-- then modifiers ("digital identity") or other terms ("persona," "role," and so on) can be used.

Otherwise, we end up with turgid prose such as "In theory an identity is the summation of all the attributes attached to an entity -- not just some subset of specific attributes (which might be useful in any particular namespace), but all of the extremely large number (but still finite) attributes so associated. However in practice all that is needed is the group of attribute-value pairs which, taken together, are unique within a given namespace and thus establish an identity within that namespace." I know it's turgid because I wrote it!

It might be time to take Henry David Thoreau's words to heart: "Our life is frittered away by detail. Simplify, simplify."

Upcoming event: The Experts Conference in Berlin is coming soon, and the keynote lineup has been announced. TEC for directory and identity will be keynoted by a group of top leaders from the identity program management teams at Microsoft: Alex Weinert, group program manager for Forefront Identity Manager; Nathan Muggli, senior lead program manager for Active Directory; and Matt Steele, senior program manager, Active Directory Federation Services. I'll be in the audience; you should be also.

Read more about security in Network World's Security section.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.