Thursday, November 15, 2007

Identity as Application Infrastructure: Evolution or Revolution?

It's the second day of Gartner's conference and I'm sitting in this talk being given by Earl Perkins and Neil MacDonald. Neil focused on the vision of the service-oriented enterprise and how abstraction and de-coupling of identity services (provisioning, authorization, "security") is the way that we introduce fluidity to the enterprise. Of course, identity is at the center of this fluidity - or, to put this another way, enabling fluidity depends on driving application-enabled identity services. Folks need to check out the "Services Modeling Language" draft standard that helps to abstract this.

Earl spent some time talking about how roles-based access control is the linchpin for process security models and how there's an impedance mismatch in a lot of cases between roles in HR, groups in your directory (role proxies) and general inconsistency. RBAC is critical to this evolution but, as they say, the devil is in the details here. I personally am not sold that we have solved this problem from a business perspective yet. However, there are no problems - only opportunities, right?!

I see how we are moving from the "metadirectory" approach to identity to the "proxy"-based approach to SOA for delivering the security and identity characteristics and functions that the applications require. So will we have the same types of problems we have experienced except now at the SOA level? Vendor A provisions well to Oracle but lousy to Active Directory?

I do believe this will be the future. However, I remember that in 1996 Netscape's LDAP Directory server started to take off and customers started demanding integration in order to externalize authentication. Here we are nearly 12 years later and we still have lots of problems here. What Earl and Neil are talking about is a much bigger change - where will we be in 2019 twelve years from now? Will we be further ahead than where we are today with externalizing authentication? By then I won't care because I'll be on a beach somewhere with an umbrella-decorated cocktail in my hand - retired.

I'm not making light of what Earl and Neil are saying. They are sharp guys and I do agree that we need to get there but inertia can be a very, very, very powerful force.

Do you think that virtualization might be the force that can overcome the inertia? Maybe, maybe.

What do you think?

Technorati Tags:

No comments: