NETWORK WORLD NEWSLETTER: DAVE KEARNS ON IDENTITY MANAGEMENT
08/10/05
Today's focus: Users should be in control of their own identity
attributes
Dear security.world@gmail.com,
In this issue:
* The benefits of user-centric identity
* Links related to Identity Management
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Akamai
Download the Network World Special Report: Accelerating
Web-based Applications: Managed Services Offer Benefits Without
Infrastructure Headaches
Look at most companies and you'll find one thing in common, a
move to Web-enable mission critical applications. A new breed of
managed services, aimed directly at accelerating performance and
availability of Web-based applications, helps companies attain
their goals of profit and growth - no matter how far or wide the
audience they are trying to reach. Learn how Web-based
applications can allow your company to boost the bottom line.
Download this Special Report today!
http://www.fattail.com/redir/redirect.asp?CID=110103
_______________________________________________________________
Today's focus: Users should be in control of their own identity
attributes
By Dave Kearns
User-centric identity revolves around a small set of core
principles. Among those are the ideas that the user should be in
control of their own identity attributes and that there should
be no central repository of their personal data controlled by a
third party. Kim Cameron's "Laws of Identity"
<http://www.identityblog.com/stories/2004/12/09/thelaws.html> go
into a lot more detail, but these are two of the basic ideas
that any user-centric identity system must have.
I'm on record (all over the place, but you could start at
<http://www.networkworld.com/newsletters/dir/2002/01331333.html>
) as favoring what I call the "personal directory" as the best
way to provide user-centric identity within the confines of a
standardized storage and access system. In terms of LDAP, x.500,
eDirectory, iPlanet, etc. - each user would have their own
organizational unit (OU), which would be under their direct
control. They would decide whether or not to reveal objects and
attributes to others outside their OU. That OU could be a part
of a larger OU (family, neighborhood, community, city,
enterprise, church, school, and so on) in a hierarchical
arrangement. But a physical hierarchy might prove too
constrained - you couldn't, for example, have your OU exist
within both the neighborhood and the school unless one was a
subset of the other.
A virtual hierarchy, though, would solve many of the problems.
Using a virtual system, with context-based views
<http://www.networkworld.com/newsletters/dir/2005/0606id2.html>
your personal OU could be a part of an endless number of higher
level OUs whenever you choose it to be. Or, rather, it would
always be a part of each hierarchy, but the person viewing the
data would see it in a different way based on the context in
which it is set. The combination of that context (e.g., work,
home, school, family, etc.) with the permissions you have
granted meet the requirements that are necessary for a working
user-centric identity system.
The major point of contention between the bottoms-up,
user-centric approach to identity and the top-down,
hierarchy-centric view has been data storage. The former view
wants no central storage; the latter view seems to require it.
Virtual directories, virtual hierarchies and context-driven
identity can help to bridge that gap and get us past the
philosophical but very important disagreements we have about
structure and get on with the delights, efficiencies and
benefits that a global identity system can offer. This will take
work, but the tools are available and if we approach the task
with an open mind and a willingness to compromise it should be
able to be accomplished in a relatively short time. The
enlistment office is open, what are you waiting for? Drop me a
note, then get to work.
The top 5: Today's most-read stories
1. New York courts find security in IP video
<http://www.networkworld.com/news/2005/080805-ip-video.html?t5>
2. Microsoft settles with 'Spam King' for $7 million
<http://www.networkworld.com/nldsv4744>
3. German bank launches new system to combat phishing
<http://www.networkworld.com/nldsv4745>
4. Anti-spyware firm warns of massive ID theft ring
<http://www.networkworld.com/news/2005/080505-id-theft.html?t5>
5. Crashing the 'Net
<http://www.networkworld.com/columnists/2005/080805buzz.html?t5>
_______________________________________________________________
To contact: Dave Kearns
Dave Kearns is a writer and consultant in Silicon Valley. He's
written a number of books including the (sadly) now out of print
"Peter Norton's Complete Guide to Networks." His musings can be
found at Virtual Quill <http://www.vquill.com/>.
Kearns is the author of three Network World Newsletters: Windows
Networking Tips, Novell NetWare Tips, and Identity Management.
Comments about these newsletters should be sent to him at these
respective addresses: <mailto:windows@vquill.com>,
<mailto:netware@vquill.com>, <mailto:identity@vquill.com>.
Kearns provides content services to network vendors: books,
manuals, white papers, lectures and seminars, marketing,
technical marketing and support documents. Virtual Quill
provides "words to sell by..." Find out more by e-mail at
<mailto:info@vquill.com>
_______________________________________________________________
This newsletter is sponsored by Akamai
Download the Network World Special Report: Accelerating
Web-based Applications: Managed Services Offer Benefits Without
Infrastructure Headaches
Look at most companies and you'll find one thing in common, a
move to Web-enable mission critical applications. A new breed of
managed services, aimed directly at accelerating performance and
availability of Web-based applications, helps companies attain
their goals of profit and growth - no matter how far or wide the
audience they are trying to reach. Learn how Web-based
applications can allow your company to boost the bottom line.
Download this Special Report today!
http://www.fattail.com/redir/redirect.asp?CID=110102
_______________________________________________________________
ARCHIVE LINKS
Archive of the Identity Management newsletter:
http://www.networkworld.com/newsletters/dir/index.html
_______________________________________________________________
FEATURED READER RESOURCE
HARD WORK, GOOD PAY
According to Network World's 2005 Salary Survey, network
professionals are enjoying substantial increases in pay,
especially at the highest- and lowest-tier job titles. But are
those increases coming with higher titles, more work or both?
Find out if compensation alone is keeping network professionals
happy in their careers - or is something else? Click here:
http://www.networkworld.com/you/2005/072505-salary-survey.html
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2
International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
No comments:
Post a Comment