• United States

How would you describe this ‘identity mgmt.’ thing?

Oct 15, 20033 mins
Access ControlEnterprise Applications

* Identity anarchy, web, grid, matrix - what are your suggestions?

Whenever I speak to Waveset President Mark McClain I come away with an image that proves the old adage “A picture is worth a thousand words.” Last spring he came up with “There’s no such thing as a free cat,” which was the genesis of one of my Wired Windows columns in Network World (see link below).

In July, when we were talking about roles, personas and identity, McClain coined the term “identity anarchy” to refer to the multiplicity of identities and attributes that a single person could have in multiple datastores – the darkside of roles within the identity management space.

So I expected that when Mark called me last week that he’d have a new area, or new terminology, that he’d like to discuss and I wasn’t disappointed.

Sure enough, Mark, ably abetted by marketing vice president Kevin Cunningham, wanted to talk about the entire spectrum of identity management. In particular, Mark had been fretting about finding a way to better explain the interlocking parts of the identity management framework to not only technical people without background in identity but also to those with no firm understanding of technology.

As McClain explained, what we have looks, to some people, like a stack – the datastore/directory layer at the base, a middleware/messaging/transaction layer above it, management programs on top of that and finally the presentation/application layer at the top. The stack is similar in design, at least, to the OSI network model. The other oft-used analogy is the water and plumbing system with the water tower (datastore), lead pipes (middleware) and brass/gold fixtures (presentation/application) presenting the image.

The problem with both is that they appear to show a linear stack and identity management is anything but linear.

Ideally, the interrelationship of all the parts would show best if it were diagramed as a “web” but that word carries too much denotational baggage (World Wide Web, Web services) which would simply confuse the issue even more. It doesn’t help that identity is a large part of any Web services scheme. 

Mark proposed “identity grid” as a way of showing that all parts of the “stack” are equally important while also allowing for multiple entry points for each particular facet – transactions to and from the datastore, for example, as well as transactions among the applications at the presentation layer.

I offered “identity matrix” as an alternative since I felt that “grid” conjured up a two dimensional image. That, of course, carries its own semantic baggage.

In the end, we decided to think about it some more. Which means I get to ask you what you think. Send me your ideas of the best way to describe the entire identity management “thing” and we’ll present the best ones in a future issue. Just don’t get the blind men of Indostan who tried to describe the elephant (