There’s more to identity than security

I’m feeling somewhat disillusioned because of some conversations I had last week, but before getting to that I have a follow-up to the last newsletter.

Last time, you’ll recall, I was talking about the release of SPML 2 and commented that the Provisioning Services Technical Committee Web pages seemed a bit out of date. I did hear from the committee co-chair, BMC’s Jeff Bohren, who pled “guilty as charged with not keeping our TC [technical committee] home page up-to-date. Raj Sohdi (the other co-chair) and I are working with OASIS to try to get that resolved.” I’ll keep my eye on it to make sure that happens!

Last week, I visited with Sai Allavarpu, director, product management and marketing of HP’s identity and security management, and Jonathan Martin, chief marketing officer of PortWise. I also listened to Novell CEO, Jack Messman during the announcement of his company’s acquisition of e-Security. What I heard from all three was what caused the disillusionment.

PortWise’s Martin seemed to equate identity management with authentication. Messman called identity a “subset” of security. Allavarpu – who does understand identity and its uses – told me that he’s hearing from customers that identity is simply a part of their security infrastructure. Even the group of “personal identity” evangelists known as the “Identity Gang” often seem to think that authentication is the be-all and end-all of identity.

You and I know that that’s not the case and that identity is a rich platform not only for enabling security but also for enabling individualization and personalization of the complete online experience. Single sign-on isn’t primarily about security; it’s about ease of use and reduction of help desk expense. Federation deals with authentication, it’s true, but only as a means of furthering ease of use between organizations and among their personnel. Provisioning is primarily facilitating a user’s productivity from day one in the enterprise. And those are just the well-known uses of identity.

Just as good public relations people know exactly which stories I’d be interested in hearing – and, especially, which ones I wouldn’t – so too do Web sites like Amazon, American Airlines, Land’s End, the Sunnyvale Public Library, OpenTable.com, and even Google News know what things I’d be interested in and, hopefully, which ones I’m not interested in. It’s all about knowing me, my preferences, my choices – my identity.

When the day comes that identity is reduced to a simple username/password combination then I’ll know it’s time to move on to some more interesting area. Until then, please drop me a note and let me know that you’re working on something identity-related that isn’t driven by security or authentication. Give me a life line!

For more on Novell’s acquisition of e-Security see this week’s NetWare newsletter. I’ll get back to PortWise and what it’s up to in the weeks to come, but stay tuned for the next issue where I’ll share what HP’s Allavarpu found out when visiting customers.