Authentiation? That’ll do nicely

There were a lot of good responses to the recent newsletter highlighting Wook Lee’s haikus about Active Directory. During the Directory Experts Conference at which Lee waxed poetic, others also rose to the challenge including Gil Kirkpatrick, NetPro’s CTO, who penned:

Authentication.

Sometimes it works very well.

Sometimes it doesn’t.

Seventeen syllables, which pretty much sums up the whole identity management business. In the past, we’ve seen examples of what happens when identity management doesn’t work (or, probably more correctly, when it isn’t implemented properly, if at all) by looking at de-provisioning horror stories. We spend less time looking at the successes because, well, when something works the way it’s  supposed to then it really isn’t news. But maybe it should be.

I thought of this the other day when I walked up to my bank’s ATM machine and found an “out of order” sign on it. I use this machine (or one of its brethren) a couple of times a week – it’s quick, it’s easy and it always works. I get authenticated, it checks to see that I’m authorized for the resources I wish to access (e.g., cash) and delivers the goods with a minimum of fuss.

On this trip, though, the machine wasn’t working. I did need some cash. I could have gone to another ATM (there’s one just a couple of blocks away), but the bank branch was open so I went in. It was then that I realized that I hadn’t actually withdrawn money from a real live bank teller in possibly 10 years. I didn’t have a checkbook with me and there are no longer withdrawal slips at the little tables in the bank lobby. I was in a quandary.

Fortunately the teller was able to help me and – taking only about five times as long as using the ATM – I was soon on my way. While we might not think of an ATM as an identity management processor, in reality that’s exactly what it is. So is the automatic boarding pass machine at the airport.

I usually fly American Airlines. I can book my flights online 24 hours a day, 365 days a year, while choosing the flight, the hub city and even the seat that works best for me. When I get to the airport, I go to a machine, swipe a card, tap some keys and get not only a boarding pass for me but also luggage labels for the bags I wish to check through to my final destination. I employ a username/password combination on the Web site and a card-based authentication system at the airport. I’m authenticated and authorized quickly and I get access to the resources I need (and have permission to use). It’s quick, it’s easy and it’s efficient.

Soon, I hope, the benefits of federated identity management will allow me when I’m on my way to yet another conference (like, say, NetPro’s Directory Experts Conference) to sign in with, say, the bank and then book my flight, rent a car, check my bags, check-in to my hotel and print out my conference credentials – all from my computer, all without needing to interact with an all too fallible (and certainly slower than the computer) human. Authentication. Sometimes it works very well.