A recent article in NetworkWorld recounted what four veteran enterprise network executives would do and how if they had a magic wand. Christopher Paidhrin's quote caught my eye for obvious reasons: "...identity management would be a breeze..."
He states that strong, transparent identity access control is critical as the perimeter dissolves and we move towards the service provider and virtual network models. I can't disagree with him there. However, he goes on to "recommend the adoption of an international standards body model for identity management, where differing technologies and solutions could build on a common set of protocols, encryption algorithms and interfaces to vastly simplify the individual's experience".
Personally, I think we already have many of the standards in place that we need today like SAML, WS-*, LDAP, DSML, AES, PKCS, etc. Many of these standards are IETF, NIST or industry standards versus international standards like those set by the ISO.
I remember the days when X.500 and DAP - both ISO standards - were going to take over the world and solve all of our problems. Anybody out there using DAP to communicate with and between their directories or still using X.400 for e-mail? Not many are because LDAP and SMTP rule; neither of which are "international standards".
We don't need more standards - we need vendors to use the standards that exist today and build better products.
Technorati Tags:identity management