After last week's Burton Catalyst conference in San Diego, it is clear that the topic of Identity Management is alive and well and still very, very controversial.
It is notable that in this one area of information systems technology most organizations have embraced the "lowest common denominator" solutions and at the same time made all parties unhappy with the results.
Individuals dread identity theft and at the same time are forced to provide their names and addresses to hundreds of websites, give social security numbers to numerous employers and financial services firms and share emails addresses with everyone. Yet none of the consumers of personal identity information can know if an individual's contact information is currently correct.
Corporate IT employs countless staff whose primary task is to provision user accounts, handle lost password requests and manage groups, roles and access to information and applications. They may even occasionally get around to cleaning up old accounts and dreaming of SSO.
Companies that do business online lose millions because of bad delivery addresses, fraudulent credit card transactions, phishing, viruses, trojans and man-in-the-middle attacks that render their investments in SSL certificates meaningless.
Marketing, yellow page and directory companies have no choice but to lobby for unpopular violation of privacy regulations because they do not how else to stay in business. One cannot but giggle when reading the typical web account registration form that simultaneously claims to "protect your privacy" and also ask your permission to "allow affiliates to send information on their products and services".
The credit reporting agencies are both the curse and blessing of the American economy – yet most individuals clearly understand that they are powerless to control their own identity – personal property that the credit agencies profit from with no recourse or compensation to the individual.
An individual's identity is an ephemeral and ever-changing reflection of one's collection of "friends", posts, comments, pictures and links across social networking sites.
SaaS vendors have no really practical way of knowing or controlling how many individuals use the same username and password and are dreadfully exposed to liability if and when authentication and authorization fails.
Regulatory compliance to numerous government and industry standards is a maze of contradictions spanning machine-to-machine authentication and authorization, employee provisioning, W3C standards of web services security and great variations in international and regional security and privacy requirements.
This interplay of competing yet complimentary business, social and technology needs represents a tremendous opportunity to provide impactful and very necessary systems integration services in the areas of identity management, systems and applications security and enterprise business process optimization.
