Tuesday, January 02, 2007

Identity management would be a breeze...

A recent article in NetworkWorld recounted what four veteran enterprise network executives would do and how if they had a magic wand. Christopher Paidhrin's quote caught my eye for obvious reasons: "...identity management would be a breeze..."

He states that strong, transparent identity access control is critical as the perimeter dissolves and we move towards the service provider and virtual network models. I can't disagree with him there. However, he goes on to "recommend the adoption of an international standards body model for identity management, where differing technologies and solutions could build on a common set of protocols, encryption algorithms and interfaces to vastly simplify the individual's experience".

Personally, I think we already have many of the standards in place that we need today like SAML, WS-*, LDAP, DSML, AES, PKCS, etc. Many of these standards are IETF, NIST or industry standards versus international standards like those set by the ISO.

I remember the days when X.500 and DAP - both ISO standards - were going to take over the world and solve all of our problems. Anybody out there using DAP to communicate with and between their directories or still using X.400 for e-mail? Not many are because LDAP and SMTP rule; neither of which are "international standards".

We don't need more standards - we need vendors to use the standards that exist today and build better products.

Technorati Tags:

2 comments:

Will Sheward said...

"Anybody out there using DAP to communicate with and between their directories or still using X.400 for e-mail?"

Yup. Don't make the mistake of thinking that because a standard is unfashionable it's not still being adopted. At Isode we're still selling X.500 directories (to governments and militaries) and X.400 based messaging systems (to militaries and the aviation industry). And these are new, not replacement, sales. There's still plenty of life in these old dogs!

Unknown said...

Wow, there's a blast from the past - Isode. Is Steve Kille still there?

Don't get me wrong. The world would be a better place if X.400 had flourished, and maybe X.500 too. There'd certainly be less spam. I came from Zoomit where we built our own X.400 stack for Banyan VINES so I am a big believer but just because they were a standard didn't mean that they were embraced.

LDAP pretty much killed the X.500/DAP wave in 1996. The rise of SMTP killed off X.400. Sure, they're still used in certain scenarios as you point out but commonly used? Nope.