• United States

All good things

Jan 07, 20043 mins
Access ControlEnterprise Applications

* Resolutions for the identity management industry

Last issue, I reviewed my New Year’s resolutions for 2003. The resolutions I made on behalf of the industry, that is, not my personal resolutions You’ll remember, I hope, that I noted the industry made a rather hapless effort in carrying out the resolutions but, undaunted, I’m back to propose a set that we should all try to carry out during 2004 (and beyond, of course). Hope, as they say, springs eternal. Or, as one Swedish proverb puts it:

“Fear less, hope more;

Whine less, breathe more;

Talk less, say more;

Hate less, love more;

And all good things are yours.”

In that light, let’s look at three resolutions that might bring “all good things” to our industry.

1. Consolidation is still important. We need to consolidate standards as well as vendors. While electronic provisioning, for example, fueled the identity management revolution it’s time to move on beyond that particular niche. Provisioning is now only a small part of the entire identity management spectrum and needs to be integrated with the rest of it and be part of vendor offerings.

2. Privacy needs to feature more prominently as a major factor in identity management. Too often in the past, we’ve relied on the difficulty of retrieving information to act as a barrier to its accessibility. Computers, online databases and vastly improved search facilities make all data easier to find for even the most casual searcher. Those with nefarious ideas, and stronger motives, can compile remarkably complete dossiers on just about anyone in a matter of hours – or even minutes. We need to strive to enable data owners to have the power of informed consent when revealing information while still allowing authorized access to necessary information on an “as needed” basis. It is a tightrope to walk, or perhaps more like a minefield, but privacy needs to be considered now before the backlash is upon us.

3. Ordinary users need to be empowered to control and maintain their own data consistent with prudent and legal practices (you don’t, for example, let users change their medical or banking records). Self-service for as much identity information as possible will go a long way towards winning the grudging acceptance of identity management by the great mass of people who, at heart, distrust computers, programmers, IT departments and vendors. Along with the empowerment, of course, we need to provide a strong education initiative to teach people how to use that power effectively and securely.

So there you have it, three resolutions for 2004: 1) consolidation; 2) privacy; and 3) user empowerment. It’s a tall order, but one that we can accomplish as long as we resolve to do it and work on it together.