• United States

The politics of identity projects

Jan 21, 20043 mins
Access ControlEnterprise Applications

* Overcoming the political objections that arise from identity projects

I received a note this week from a reader asking for suggestions to a problem that had come up with an identity project. Specifically, the reader said: “We are looking into federation to help with political roadblocks that derailed our first solution of having a single Global Core Directory Service with edge directories and databases using meta connectors.” In other words, the technology was the easy part.

Meta- and virtual directory technologies were supposed to take the politics out of directory consolidation projects. The whole point of a virtual directory is to NOT replace existing identity datastores but to give users, applications and services one interface to write to in order to use the identity data. Ownership of the data remains where it always was (and that can vary widely from organization to organization) based on the political climate of the enterprise. Only authorized people – typically the same ones who were the authorized people before the start of the project – are allowed to create, maintain or remove data.

The virtue of the virtual system is that the data I own can be amalgamated with the data you own so that anyone we give permission to can view that consolidated data, and use it to get real work done.

That should have overcome the political objections, but there are two major problems that still need to be solved.

On the one hand, for some people mere ownership of the data isn’t enough. Not only must they own and manipulate it, but they must also be the only conduit for disseminating it. Only they can decide how and when that data can be used (think of the Recording Industry Association of America and digital music as an illustration of this thinking).

On the other hand, users are becoming more aware of how much data about them can be available in the virtually consolidated directory. Think of the outcry over the U.S. government’s plan to consolidate the databases at its disposal in order to find evidence of terrorist activity. No matter how you explain the safeguards on use, and penalties for misuse, of the virtual directory data there will always be some people (and often, oddly enough, those with the least to hide) who will object that because misuse is possible (no matter how unlikely), then it will eventually occur.

Technology can’t solve these problems. In fact, the fear of technology helps fuel these problems. We need social scientists, not computer scientists, to address these issues. I’m a technologist, so I’m not much help. But if you know of any projects or documents addressing the social needs of people involved in identity projects please drop me a line at the address below. I’ll pass on any that appear to offer hope in overcoming political objections.