The seven flaws of identity

* Burton Group highlights what we need to pay attention to in identity mgmt.

One highlight of the annual Catalyst conference put on by the Burton Group is the address by Mike Neuenschwander, who was recently promoted to associate research director. He's usually good for a few outrageous remarks as well as some predictions that are memorable, if not always accurate. Nevertheless, he almost always provides a breath of fresh air and an entertaining diversion from the product spotlight sessions delivered by vendors or the interesting, but usually uninspiring, case studies from Burton clients.

Neuenschwander's new role, though, seems to have inhibited his presentation just a tad  - or, perhaps, left him less time to prepare - as outside of destroying a cell phone and a guitar he seemed somewhat muted. He did manage some subtle jests in trying to bring a light hand to some heavy principles, though. One example was his "Seven Flaws of Identity" a not-so-subtle play on Kim Cameron's "Seven Laws of Identity" (http://www.identityblog.com/stories/2004/12/09/thelaws.html). The glib title shouldn't mask the importance of Neuenschwander's "Flaws," which we all need to pay attention to. They are:

1) Failure of the weakest links mustn't lead to catastrophe - encrypting the channel doesn't stop dumpster diving.

2) Not putting the role before the start role engineering is important, but it doesn't drive the project.

3) Not every identity nail requires the technology hammer - technology may be fine, but without governance, it will fail.

4) Use of a system invites abuse of it so test the architecture with attack vectors.

5) Identifying things doesn't make them more secure - identification can improve security, but it's not the inevitable outcome.

6) Identity isn't about the individual - it's about the relationship; identity management encompasses the services communities need for organization.

7) There are a lot more than seven flaws.

In fact, there are probably a huge number of flaws but as Neuenschwander concludes identity management empowers organizations to flourish, so it's worth the trouble and worth the effort to root out the flaws and correct them. These are good points to ponder, things to remember, and - dare I say it - laws you should follow when undertaking any identity project.

Learn more about this topic

HP pumps up ID management suite

Network World, 07/18/05

Sun grows open source offerings

Network World, 07/18/05

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2005 IDG Communications, Inc.

IT Salary Survey: The results are in