by Linda Elliott
The exhibition floor at a conference can tell you a lot about the state of development of the topic. Exhibitors front and center on the exhibit floor at Digital ID World this week are MSFT, Novell, Oracle, AOL, while the smaller players, who were the only ones a few years ago: Ping, Radiant, Securent are there, but not as prominent. Many of the original companies in this space have been acquired by the powerhouses of IT infrastructure.
Is this show old news? Well Digital Identity has hit mainstream…the early adopters (Mike Beach at Boeing for example) are attending the conference to track the nuances of where identity has gone…such as how to best define ‘roles’ for users and tie that to their identities so that permissions are granted appropriately.
Identity is now woven into the fabric of systems management and security…its part of the infrastructure. This isn’t to say that there isn’t a lot going on, but the need to define authentication requirements for corporate assets in data and applications is taken for granted. The FFIEC Strong Authentication for Internet Banking forced the tipping point for mainstream deployments. Federations are used for commercial communities, like GM and their suppliers, Boeing and their customer airlines, GSA and their contractor community, and health care networks that include clinics, hospitals, doctors, and drug companies.
Will there ever be a large-scale third party identity provider that consumers use?… the digital equivalent of their drivers’ licenses? The problem with that, as Mike Beach points out, is that each application has its own requirements for identity ‘assurance’ and attributes, and its really difficult for any community to accept another community’s authentication. For non-sensitive applications, which are not risky from a fiduciary or information steward point of view, the identity assurance of Facebook may be enough.
But as Doc Searls, one of the authors of the Cluetrain Manifesto, points out in a new ‘clue’ : private ‘social networks’ do not make a marketplace. A real market is about ‘transactions’. For economic markets where more assurance is required, liability still looms as the great inhibitor. Don’t look for broad third-party authentication services in areas with compliance or financial risk anytime soon.