Wednesday, May 21, 2008

Identity and Beyond!!

No, I haven't turned into Buzz-Lightyear. 

I found this diagram today, by accident, by searching information on WAM architecture, it is not into the details I was looking for, but I actually really like it!  Obviously its not just was Web Access Management...  check it out...

This is a logical layer you might see related to identity, security, virtual directory, etc - but could be used for much more.  IdM would just be one consumer of the service layers that are pictured below. 

I have two purposes posting it here:

1) Has anyone seen this diagram before?  I would like to give reference to the owner, but can not find him/her, and see if they have published anything else related here.  (and no, it is not in CISSP Exam Guide, 4th edition - I have a copy and I've already looked.. twice)

2) Let everyone else see this diagram, as I think it is very useful in understanding how virtual directories can be used to solve a lot of problems in the enterprise.  It is a great tool to use as a virtualization engine, and if you have cache involved (amazingly noted also in the diagram) then you have a very performant (yeah, i know its not "officially" an English word, but it should be!) and scalable solution. 

With this approach, you have all the things the "identity gang" has been arguing about - meta, virtual, synch, provisioning, performance, key mapping, etc.

VERY COOL!  So, who is the brilliant one out there?  Come forward and claim your honor due.  :)

Thursday, May 15, 2008

Identity Infrastructure Discussion

Its been awhile since I posted, so here is something I've been wanting to blather about for a couple weeks.  Perhaps when I have more time I can come back and give more specific examples in this conversation where these guys (the "identity gang" or perhaps "the identity thugs" lol) unknowingly are arguing the same point.  Listen to this discussion (link below) and see if you too can pick up on it also.  It is a matter of terminology and perspective. 

This discussion, at least appears to be, an impromptu group conversation on identity bus at the European Identity Conference. Click on the link and go to the Kuppingercole blog and check out the video clip series.

What struck me was the differences in terminology. If you listen carefully, you may also notice that often they are talking about the same thing, just from a different perspective. (remember the story about the blind men asked to describe an elephant, having never seen one)OF COURSE the solutions will be based on a different patterns!  (e.g. loosely coupled vs tightly coupled if they are external or internal to a specific security domain). These guys know this and I'm sure they would agree, but the conversation gets tricky to follow when they switch back and forth.

SO, what is all the fuss around the identity bus? It would give us a way to at least "plug-in" all our related services, so we can transport information in a uniform manner.  You add transformers / connectors (I've given you one of those 'different description for the same thing for free) to plug into the bus and then begin to define how we can interact with the other systems.  THIS IS HUGE.

Increasingly we need to interact with external resources (e.g. remove services, partnerships, federations, etc) and the solutions will look different than what we need to solve identity interoperability inside the enterprise (where we have relatively tight control). 

One thing is clear.  These topics are not an easy ones.  First we need a way to discuss the topic using accurate and consistent terms (at least better than we do now).  We need to build upon ideas and find solutions, without a common communication model, this will never happen.  This goes far beyond just the "bus", we need to define the components and this will help define the conversation.

It is a heterogeneous jungle out there. There is a new project, initiative, concept, etc everyday it seems.... we need to learn and build on concepts.... and move forward. 

(Yes, this was quick and dirty, sorry if I lost anyone, as always contact me if you want more clarification on anything, and thank you for reading my post!)