Thursday, March 27, 2008

Every day I get in the queue...

Eve Maler is a pretty good guitar player & singer who also happens to work for Sun and is a Liberty Alliance evangelista. She posts today about the Identity bus/hub and states, succinctly, "I don’t get it."

"I get that people would like identity information to be understandable across widely disparate systems, and that people would like services related to (deep breath) identity, authentication, attribute lookup, authorization, and auditing tasks to be widely available so that developers can concentrate on writing secure applications rather than security applications.

It’s fair to call this an “identity layer”. But that layer is more about semantics than about simple conveyance methods or syntax, because identity is way up in the stack. These aren’t random TCP/IP packets or HTTP messages, but information about us that we want our applications to understand and treat with care and consistency."

Exactly, Eve. And that's what the proposed "Identity Hub" would do - transform protocols and data from one system and schema to another. It's not a lightweight project, there's a great deal of heavy lifting that needs to be done. But we did it for email and we did it for databases - and identity isn't that much more difficult, if at all. In fact, it's more of a synthesis of those two.

But Eve doesn't just say that and leave it alone. Oh no. She then has to get all Microsoft on us. Not, I hasten to add, that she advocates the "identity metasystem" (one of her bête noires) but she goes on to claim that if we would only all adopt SAML and the Liberty Alliance specs all of our problems would be solved.

Well, rock musicians have always been idealists, but getting to everyone using SAML? World peace is probably easier to achieve.

What usually makes these discussions fall apart is that people just don't seem to get that the identity problem is more about process than it is about technology. If it was only about technology, LDAP would have become the need-all solution for identity.

The identity bus is about putting in place the process that ties the solutions and technologies together into a usable fabric for application development, deployment and execution. That is the concept at the very heart of the identity services message (see my orignal blog post defining this, and how it has evolved over time into the talk I gave at DIDW).
