Stephen Colbert, Identity and User 16006693

Stephen Colbert had a hilarious piece on tonight's Colbert Report regarding protecting identity while searching (he suggests typing with your weaker hand, to disguise your typing patterns), in response to the AOL debacle (if you haven't heard, they released about 3 months of search histories comprising of some 20 million searches...but don't worry, they replaced people's usernames with random numbers...so we are safe, right?)
Not exactly. Paul Boutin used splunkd.com to parse the heck out of the data - and arrived at seven patterns of searchers. According to him, according to the data - people fall into one of seven searcher categories: the pornhound, the manhunter (looks up a persons name again and again), the shopper, the obsessive (the person who searches for the same thing incessantly), the omnivore (the person who searches like crazy, and doesn't really have a pattern), the newbie and the basketcase.

The most interesting way that I found to look at the data is to pick out a specific user. It's damn interesting, comical, and scary as to how much insight you might get. Take a look at User 16006693 go from politics, to retirement, to politics, to religion, to sex, quickly back to religion (repent!), to food and finally to heartburn. Classic.

16006693 nak
16006693 nack
16006693 sharona
16006693 knack
16006693 knack downloads
16006693 oakrige boys
16006693 oakridge boys
16006693 oakridge boys downloads free
16006693 jokes about dick cheney
16006693 jokes about dick cheney but not george bush
16006693 dick cheney creep
16006693 dick cheney dickhead
16006693 rummy dickhead
16006693 where is iraq
16006693 where is lebenon
16006693 his bullets
16006693 his bullies
16006693 shiits
16006693 shee-ites
16006693 bush appruval
16006693 bush approvel
16006693 bush drops below
16006693 dead reporters
16006693 dead reporters fotos
16006693 dead reporters pix
16006693 disembowled reporters pix
16006693 disembowled new york times
16006693 love thine enemas
16006693 love thine enemies
16006693 bible quote of the day
16006693 insperation from bible
16006693 george bush great president
16006693 george w bush great president
16006693 dream on
16006693 oakridge boys lyrics dream on
16006693 how to run country
16006693 how to run country when not really inerested
16006693 people to run country for you
16006693 over work
16006693 overwork
16006693 stress
16006693 best place to retire
16006693 places like crawford but without cindy sheehan
16006693 crawford the town not cindy crawford
16006693 crawford tx
16006693 like crawford tx but not so hot
16006693 best places to retire not hot
16006693 best places to retire global warming
16006693 global warming mith
16006693 global warming myth
16006693 crawford hot
16006693 cindy crawford hot
16006693 rice hot
16006693 rice hot not recipes
16006693 rice naked
16006693 rice nude
16006693 bible quotes resisting temptation
16006693 oakridge boys i'll be true to you
16006693 oakridge boys trying to love two women
16006693 rice and beans
16006693 tex mex
16006693 tex mex not music
16006693 tex mex takeout
16006693 tex mex takeout dc
16006693 heart burn
16006693 heartburn

Technorati tags: Identity Management, AOL Leak, Privacy, Stephen Colbert

Open Source IdM Implementation

Kepak, a European Food Giant (well, 2000 folks doesn't qualify as a giant, does it?) has asked the Open Source gurus at Sirius Corporation to deploy "...an OpenLDAP-based Identity Management solution...".

The article doesn't mention which vendors were selected, although they do describe it as "...a secure, standards-based platform that will authenticate Windows users to all network services."

Who could they have selected? Don't know, but its probably somewhere in this Identity Management Open Source map put together by Jim Yang and the folks at Identyx. I love this thing. I wish someone would put together another one for vendors outside the open source space...any takers?

Technorati tags: Identity Management, Open Source, Jim Yang, Identyx, Sirius, Kepak

Identity Management Services Company Acquisition

I posted a few probing questions a while back regarding the Identity Management services market. Today, I read an interesting press release with the heading :

"Novacoast Announces Acquisition of eNvision Data Solutions, LLC"

Some excerpts below:

Novacoast, Inc., an IT professional services firm announces the acquisition of eNvision Data Solutions, LLC. eNvision, a systems integrator in Philadelphia, has served Pennsylvania and New Jersey since 2001. eNvision's core competence is in identity management, Linux, and Open Enterprise Server...

Paul Anderson, President and CEO of Novacoast said, "Our attention is constantly focused on acquiring the best engineering skill sets and delivering those skills to the market. Our acquisition of eNvision gives us top engineering skills in identity management and Linux.

So, this is some pretty interesting stuff. You don't hear of Identity Management professional services companies acquisitions every day. We've become accustomed to hearing about product companies getting acquired (there was another one by the way...Entrust announced its picking up Business Signatures on the 19th of this month) - but services companies haven't been having the same excitement. A few more of these, and things might start getting exciting. (At least for us!)

Technorati tags: Identity Management, Acquisition, Novacoast, eNvision, Novell, Entrust, Business Signatures

Excellent Blog for Entrepreneurs on Fund Raising

An excellent blog I've been frequenting lately is www.bostonvcblog.com by Jeff Bussgang. Besides the fact that he was part of some pretty large startups (Upromise) - he gives some excellent insight into the whole fund raising process. The best part of the blog is that Jeff doesnt shy away from giving numbers, percentages and the like...you know, the questions that really matter. He also discusses the mindset of VCs and entrepreneurs, and the possible clashes that could occur. Anyhow, I'll leave you with an excerpt to give you a taste and illustrate his insight into the numbers, but you should go take a look for yourselves:

...Let’s do the math on an example to see how this plays out. Let's say an entrepreneur owns 10% of their VC-backed start-up and someone comes and offers them $100 million. Thus, they stand to make $10 million if they proceed with the sale. Let's say a VC fund owns 20% and thus will take away $20 million, but assume they’ve invested $5 million already in the company, yielding a net capital gain of $15 million. Further, let’s say the VC’s “carried interest” is 20%. Therefore, the general partners of the fund take home $3 million. Let’s say there are 6 partners that split the carry evenly – that’s $500k for each general partner...

Technorati tags: Identity Management, VC, Fund Raising, Startup

ITIL and IDM Buzz (HP, BMC and Courion)

I just read a pretty interesting post by Archie Reed on HP utilizing identity management to align the enterprise with ITIL objectives via automation (or aligning ITIL and IdM through automation). The example he gives is self service password management.

ITIL (IT Infrastructure Library) is a framework of best-practices focused on service delivery. Perhaps that is too broad a definition, but a good place to read about it is here.

The last time I remember ITIL and IdM used together was by BMC's VP, Somesh Singh. In this article (back in December), he stated:

“Technology solutions that build and maintain an IT infrastructure are no longer sufficient. Customers now need to be able to demonstrate business value of investment in their IT infrastructure, only BMC offers a suite of solutions founded on the principles of ITIL and Business Service Management,”

Although he didn't focus on automation as Archie did, nonetheless he brought ITIL into the IdM scene. BMC claims its Identity Compliance Manager is rooted in ITIL principles, and is "a graphical dashboard to report on policy compliance." So obvious, the slant here is towards compliance instead of automation, but a relation exists nonetheless. This kind of intrigued me, so I decided to do a few searches on it, and I found that Courion is polling its clients about usage of ITIL and COBIT. From their press release on their Converge conference this year, the following quote is relevant:

"When asked about best practice methodologies their organizations are undertaking today, thirty-two percent identified ITIL while twenty-one percent identified COBIT; eleven percent identified both. When participants were asked if their organizations found ITIL or COBIT to be beneficial to their risk management, governance, and compliance initiatives, sixty-four percent were not certain about ITIL, while sixty-two percent found COBIT to be beneficial. Thirty-two percent responded that their organizations are not using a best practice methodology."

Interesting, considering they recently launched a Compliance tool and Role Management tool. It seems to me that as the market completes deployments on Password Management and Provisioning implementations, and starts making Role Management and Compliance Management a reality - ITIL and COBIT will become more relevant to the identity discussions.

Technorati tags: Identity Management, ITIL, IDM, COBIT, HP, BMC, Courion

EMC's Justification for RSA Acquisition

According to a number of reports, EMC has been getting criticism from investors and Wall Street regarding the whole RSA buy.
EMC's Rob Sadowski explains their reasoning for purchasing RSA by describing the storage market moving towards "holisitic" information management which is accomplished by Identity Management technologies. So instead of writing their own identity tools, why not buy and beat competitors to it?
Rob's analysis holds some truth. Think about Sun's integration of their storage and identity products earlier this year.
So does this mean we will see more storage and identity companies forging relationships?

EMC Buys RSA

I just posted yesterday that the M&A market in the identity space seems to be slowing down, and then POW, a huge acquisition is announced today (Over $2 Billion!!).

What does this mean?
Well for one, acquisitions are still somewhat alive in the identity market. It might be that this sets off a few more acquisitions. There are a number of boutique shops, and a number of large players with weaknesses here or there. For example, Microsoft could use a better provisioning solution, and a number of companies are weak on federation and such. So, there is room and need for acquisitions in the IdM space, although in my opinion, this would be the final round.

What does it mean for RSA and their partners? (We are, and unfortunately, this is the first I've heard about this deal). Well, in my opinion, its a positive thing. EMC is notorious for their aggressive sales machine. They might be able to give life to RSA sales.


Also, RSA has been pigeonholed as the "keyfob guys", and they have been unsuccessful in their attempts to rebrand themselves as a holistic identity company. This might give their other products (which are pretty damn good) a chance to shine. They have a great web access management tool that has been around forever (Cleartrust), they have a SSO solution (I believe they OEM Passlogix' V-Go), and a federation product (FIM) that desperately need some marketing attention.

Another possible positive is if EMC delivers on their promise to integrate RSAs product into their information management line of products. If this happens, in similar style to the way Oracle has been able to pull off the integration of the companies they acquired (even if only as a marketing ploy), then this is great news for RSAs product line.

All in all, a good move for RSA. As for EMC, that depends on what they do with it.

Technorati tags: Identity Management, RSA, EMC, Acquisition

Identity Management Services Market

A topic of recent interest to me is regarding the Identity Management Services Market, with forcasting and the whole nine. If you google "identity management market", or other similar searches, you'll a few papers on the topic, although their focus is naturally on the product side of things.

Radicati, about 9 months ago, released in their analysis "Identity Management Market, 2005-2009" that the Identity Management market, including all segments -- full-suites, provisioning, secure access/authentication, and federated identity solutions -- will reach over $1.2 billion in 2005 in worldwide revenues, and grow to over $8.5 billion by 2008. I recall Jamie Lewis back in 2004's Catalyst Conference provide a progress report on the IdM market, and he described it back then as the first round of M&A activity coming to a close (I wonder where that puts us today?...havent heard of a good acquisition lately). Anyhow, both were regarding the state of affairs of the software side of things. What about services? I'm sure the folks in Deloitte, PWC, etc. have thoroughly researched the topic - unfortunately, I'm unable to find anything directly on the matter.
Obviously, when the product market is hot, the services should necessarily follow - but that could be contingent on a number of issues. How difficult are the integrations? Are the products increasing in sophistication, thereby easing administrative and deployment burdens? Is ease of use even high on vendors' lists? If not, why? and when will it be? Lots of questions, few answers.
Anyhow, this is a topic that concerns me due to my profession, although I'm not losing sleep on it since the market seems like its chugging along at a decent pace. What does concern me are the questions: for how long? what are the trends in various verticals regarding the selection of professional services firms for services work? How many are outsourcing their deployment and support work? How many are utilizing in-house resources? What factors are affecting decisions regarding which firms to award the bid to? I personally have answers to some of these questions based on my experiences in the market, yet a more scientific study would be welcoming.

Technorati tags: Identity Management, Identity Management Market, Catalyst, Radicati

RSA and PassLogix in TransCanada Presentation (from Catalyst)

I just attended a really interesting presentation at Catalyst today by Martin Vant Erve of TransCanada Pipelines entitled "Implementing Enterprise Single Sign-On with Two Factor Authentication." Wow! What a great case study. Simple, honest, didn't hold any punches. The idea is pretty straightforward: a user uses his/her securid code, that gets forwarded to AD, which references RSA Authentication Manager - which is followed by the whole auth vs. AD (under the hood), finally the end user is authenticated and session is sent to the client. Once that whole thing is completed, PassLogix V-Go takes over by providing the SSO piece of it. He had excellent analytics in regards to reduction of help desk, which is often touted in front of customers. He said that help desk calls actually stayed the same, because they got new calls to the help desk for issues like "I left my token at home", and questions about the new deployed apps. Yet, TransCanada considered this as a win because they increased security which is what they were after. To make the bitter pill easier to swallow for end users, they coupled it with SSO. All in all, a solid case study.

Technorati tags: Identity Management, RSA, PassLogix, Catalyst, SSO, SecurID

Catalyst's Session on Provisioning, "The Vortex of IdM"

The upcoming catalyst conference has what looks like an interesting session conducted by Burton Group's Lori Rowland on Provisioning. The following excerpt from the session description caught my eye:

Compliance and security concerns are driving provisioning solutions into enterprise customer environments, however the sophistication of these customer deployments are lagging behind technology advancements.

What struck me was that on most deployments we've completed, a ton of "customizations" were needed in order to satisfy the customer. By customizations, I mean changes that would qualify as outright upgrade features - and I've heard similar complaints from colleagues in the field. Any way you slice it, this session is a must-see.

Technorati tags: identity management, identity, provisioning, catalyst

Novell Taking a Beating...

This article shows Novell's continuing problems in the past quarter. Although a series of press releases by Novell attempt to paint a different picture, the numbers don't lie. I think this sentence says it all, "Cashflow from operations was a negative $24m, up from a negative $25m."

What does this mean for Novell's identity offering? Well, nothing in the article focused on their identity offering, but they are not as visible as they once were (18 months ago) in third party reports and such. Anyhow, it's something to keep an eye out for.

Technorati tags: identity management

Notes on Laws of Identity (Part 3)

It's been a while, but I'm going to work on finishing unfinished business...

• The definition layed out thus far is flexible enough to cover all the known digital identity systems, allowing for the emergence of a metasystem embracing multiple implementations/ways of doing things.
• The usefulness of the claim is not inherent in the claim, but its evaluation/decision by the relying party.

The Laws (finally...):

1. User Control and Consent: Technical identity systems must only reveal information identifying a user with the user's consent. The system should also protect the user against deception, verifying the identity of any parties who ask for information, ensuring submitted information goes to the right place, and informing the user the reason for which the information is requested.

2. Minimal Disclosure for a Constrained Use: To mitigate risk, the solution should release the least amount of identifying information as possible. This ensures that there is less of a chance identifying a person accross multiple contexts.

3. Justifiable Parties: Information is only disclosed to those parties that have a "justifiable" place in the identity transaction. Although what exactly qualifies as "justifiable" is open to interpretation, this law does provide for a transparent transaction.

A Well Written Post on Common Virtual Directory Scenarios

Matt Flynn has written a concise post on VD scenarios... I've cut and pasted below:

Common Virtual Directory Scenarios

The discussion
regarding possible uses for Virtual Directory is on-going. The following are 8
easy-to-understand scenarios for Virtual Directory in no particular order. This
is by no means an exhaustive list, but I think it covers the simplest scenarios.
I look forward to questions or comments.

Protocol Translation - Provide
access to relational and other non-standardized data over standard LDAP and Web
Services protocols without altering the data.

Web Service Enablement -
Respond to identity data requests made via DSML, SPML or any other
service-oriented data format (standards-based or custom).

Multi-Repository Search - Enable a single search over standard protocols
to return a single clean result-set containing identity data that resides in
multiple repositories in multiple formats.

Joined Identity View - Enable
a search that returns a view of single identities that are comprised of data
from multiple repositories. e.g.) A single user record is presented with name
and phone number from the HR system and the email address from Active Directory.

Permission-Based Results - Enable a customized view into a single data
universe based on which application or which user is performing the search.
e.g.) Employees inside the corporate firewall see a full view of fellow
employees while customers accessing an external-facing application see a reduced
set of attributes and phone number is formatted using the (toll-free +
extension) format.

Dynamic DIT - Build an on-the-fly Directory
Information Tree based on identity data attributes. e.g.) The application calls
for LDAP views based on job title so the virtual directory dynamically presents
an OU for each job title in the database and presents employees within the
appropriate OU based on their job title.

Authentication - Enable
pass-through authentication from a single point of entry into multiple identity
data stores. e.g.) Authentication requests are directed to a single point. The
Virtual Directory authenticates non-employees against a back-end Sun Directory
and employees against Active Directory.

Real-Time Data Access - Provide
real-time access into back-end systems. Because requests are passed to the
originating data source, the search results can be as real-time as required.

Summary

Virtual Directory technologies eliminate boundaries.
Hassles related to LDAP object types, attribute definitions and other
schema-related issues are eliminated by virtualizing the view into the backend
identity stores. You're no longer limited by the existing data format or
database branding. There's no requirement to migrate the data from a relational
database into an LDAP directory in order to make the data LDAP- or Web Service-
accessible.

Sun, Identity Management, and Storage

I think this is going to be huge. I place my bet that Sun's Storage market share will increase significantly because of Identity. Unfortunately I'm not a betting man.

"For example, Sun has integrated the identity-management capabilities obtained via its Waveset acquisition with its StorageTek Enterprise Storage Manager software, allowing customers to discover, monitor, report and charge-back users for storage use. The company also is adding encryption to StorageTek storage devices and providing centralized key management for data and tapes via Waveset's technology."

Federation and 'How we got here'

Eric Norlin has a wonderfully concise post in regards to how we got where we are today in terms of federated identity. I know its a bit dated (as far as IdM technology discussions go) - it was seemingly written as a result of confusions that arose as a result of Higgins being released.
Note: under the heading 'SAML', when he refers to 'web access management' tools - he is referring to tools like cleartrust, siteminder, tivoli access manager, etc.
i think its important to appreciate those tools are really what paved the way for what we have today in terms of federation standards and such. Well, that and a little prodding. Nonetheless, the article gives great context to alot of discussions today regarding attention data, user-centric identity, and stuff like that.

IdM, MENA

Thisi is an interesting article featuring some of Sun's endeavors in the regions. The first line in the article states: "Sun Microsystems Middle East and Africa (MENA) has identified identity management as one of the three most significant issues facing IT management in the GCC in 2006."

The main driver seems to be coming from the push of some of these nations to make a national ID card system. Although the legal validity of these systems is heavily contested in Europe and America due to privacy infringement, the Middle East typically doesn't seem to having that problem (it's not like their actually asking for permission from anyone). The following quote is from Sun's Sales manager, Jamie Bliss:

“As GCC governments consider creating national identity card schemes and businesses in the region stand to lose considerable amounts of money if information or assets fall into the wrong hands, an increasing number of regional organisations are making a centralised, self-service-enabled and affordable identity management solution a top priority in 2006."

Dubai has already deployed such a system. This looks like an area that the Middle East will gain considerable experience in over the next 2-3 years, over their counterparts in western countries.

Here is another article on the same subject, which states:
"Sun will be meeting with regional IT heads at a security summits in the Kingdom of Saudi Arabia and Qatar this week to highlight the need for a federated or uniform approach to both physical and IT security. "
and
"The Sun identity management seminars will take place in Riyadh on April 9 and Doha on April 10. "

Phil Windley's Article on the Challenges of Federation Deployments

This is a pretty good article outlining some of the non-technical issues facing federation deployments.

Identity Management in the Middle East

After my recent trip to the region, and getting a chance to speak to a couple of Identity players in the UAE, I found the following article pretty interesting. I'd say they are a few years behind the US and European market in identity, but up and coming nonetheless...

http://www.ameinfo.com/80750.html

Sun To Intertwine Storage and Identity

This is really intriguing me. I'd like to know how far this goes...

http://www.computerworld.com/softwaretopics/software/story/0,10801,108884,00.html

Open Source Identity Management Map

Pretty cool stuff.

http://www.safehaus.org/map/