• United States

Identity management convergence

Dec 03, 20033 mins
Access ControlNetworking

* Another way to describe the identity management 'ball of wax'

In the last newsletter, I spoke about “convergence” with regards to the differing standards for identity federation. Immediately after writing that one, a check of my inbox showed an e-mail dealing with “identity convergence”. But it wasn’t about the Liberty Alliance, WS-Federation or even Shibboleth specifications. No, this was about an earlier topic – what to call the whole identity management “ball of wax,” which began when Waveset President Mark McClain talked to me about the “identity grid.”

The Pathmaker Group is a Dallas-area consulting and training organization that is now concentrating in the realm of identity, identity management and all the related technological areas. Chris Fields is the company’s vice president for Security Strategy, but it wasn’t security he wanted to stress in his e-mail but a different view of the whole identity megillah.

Fields told me he likes “…Waveset’s identity grid concept, but it focuses primarily on the capabilities that their product suite provides. We like to approach identity management first from a business perspective to frame what it is and why it is becoming an imperative for businesses. We call this the ‘Identity Management Convergence’ – or ‘IdM Convergence’.” (See for a graphic illustration of the concept.)

IdM Convergence brings together the three areas of technology (represented by pervasive computing, Web services and content) business (represented by collaboration and privacy and security regulations) and identity (represented by provisioning and access management) all intersecting in identity management. We could call this the IdM Nexus. We could, that is, except RSA Security already co-opted “Nexus” for its identity management product line.

So IdM Convergence it is, which Fields thinks is adequate to demonstrate the abilities of identity management services. It’s his contention that businesses will have to deal with the identity issue whether they like it or not, and that the IdM Convergence model paints a pretty solid picture of why they will have to confront it.

In discussing businesses that have yet to implement identity management practices, Fields can be quite persuasive:

“The decision they have is whether to 1) deal strategically with it and address it proactively, before it becomes too unwieldy with the growth of pervasive computing, government regulations and the other trends depicted in the IdM Convergence or 2) magnify the continued inefficient and less-secure processes around managing identity islands, which leaves millions of dollars on the table compared to competitors who choose the more strategic route. With Option 2, businesses will eventually have to respond reactively when they realize the existing processes and tools will not scale with the pace of computing and identity growth, spending 2 to 3 times more to get the right identity management architecture in place.”

Looks good to me, certainly. Note that “IdM Convergence” is a registered service mark of the Pathmaker Group. The phrase is registered, the picture is copyrighted, but the concept is one we are all free to use.