The future of ID mgmt. is identity providers and user-centric identity

* The thoughts of MaXware's Marcus Lasance

It seems that user-centric, user-controlled identity is claiming more people's attention all the time. Last issue, I told you about an awakening moment that Roger Sullivan of Oracle and Liberty Alliance had. Today, I want to present evidence from another bastion of enterprise-centric identity.

Marcus Lasance is MaXware's managing director for the Europe, Middle East and Africa (EMEA) region. He recently wrote a paper called "E-commerce and User-Centric Identity Management". The article says, in part:

"CIOs are relying on meta directory technology to solve one of the industry's thorniest problems: how to maintain information about the same individual scattered over different databases and directories nevertheless perfectly synchronized. Corporate-managed updates are effectively replicated using standards based connectors and schema mapping between systems.

"However, what this technology cannot solve is the ability to provide updates we don't know about. In the real world, our customer's circumstances are constantly changing, yet businesses and (most) government agencies are not automatically alerted. This is an ongoing problem, because no matter how good we are at synchronizing data across platforms and applications, it doesn't matter when the data becomes rapidly obsolete."

Now you have to remember that MaXware is one of the biggest providers of virtual directory services, so when Lasance talks about a meta directory problem, everyone should listen.

For decades, database gurus have preached GIGO - Garbage In, Garbage Out. That is, if the data you enter into the database is wrong then the reports and relations you draw from it will also be wrong. And a directory, even a meta or virtual directory, is just a specialized database. But Lasance points up a new situation for the database. Good data goes in, but overtime becomes garbage.

Even using virtual directory technology, as MaXware does, can't ensure that the data doesn't become garbage if the location of the authoritative version of the data doesn't get updated. Lasance goes on in the article to talk about user-centric initiatives such as Microsoft's CardSpace and the Higgins Project, a framework for building user-centric identity into applications. Identity providers are key to the system that products like CardSpace will inhabit.

Lasance concludes: "However, in my opinion, the really big money will be made by a few, select organizations with the financial clout and public-trusted brand names to become the default public identity providers. Remember an InfoCard does not store the actual information, just the links to it. The information itself has to be stored and secured and backed up somewhere. Some kind of identity meta system will emerge, backed by a few powerful players. Organizations will emerge with similar roles that Swift, BACS, MasterCard and Visa now perform for financial services network."

That's very similar to Sullivan's sentiment, voiced in the last newsletter: "As a consumer, I would have paid good money for the service!"

Identity providers and user-centric identity - that's where the business is going over the next 18 months.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2006 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)