- 12 myths about how the Internet works
- Smartphone smackdown: Storm vs. iPhone
- IETF: Should we ignore the Kaminsky bug?
- Top 10 wicked cool algorithms
- How to recession-proof yourself
Dave Kearns provides the information you need to evaluate, install and maintain your corporate identity management system.
I'm sometimes asked why there's a division between so-called "user-centric" identity and "enterprise-centric" identity. And as it's true that both approaches have a lot in common, I’ve struggled a bit to find the definitive differentiator, but I think a couple of friends have given me the pointers I need.
I’ve been friendly with both Kim Cameron of Microsoft and Jackson Shaw of Quest for a few years now, but they’ve known each other since even before they were partners at Zoomit a dozen years ago. They also worked together at Microsoft before Shaw left to join Vintela, which has since acquired by Quest. They ended up in different identity “camps” – Cameron in the “user-centric” space (which he helped define with his “Laws of Identity”) and Shaw smack dab in the middle of the “enterprise-centric” space with Quest’s Active Directory enablers for non-Windows platforms. They both are also relatively regular bloggers and it was a post from each this week that I want to talk about.
Kim finally got around to posting something he’s been promising for a while: an abridged version of the Laws “…accessible to busy people without a technical background.” One sentence struck me: “It should NOT be possible to automatically link up everything we do in all aspects of how we use the Internet. A single identifier that stitches everything up would have many unintended consequences.”
A day or so later, I was reading a note Jackson had posted, which commented on a new report about Red Hat’s push into the identity management space. In part it reads: “Steve [Coplan, who wrote the report] is the first analyst who I've seen state that ‘identity consolidation’ is a market… ‘…centralization is essentially the first step toward applying a uniform set of controls on all users and establishing the foundation for defining and enforcing identity management policies in an automated fashion’.”
And there you have it. Enterprise-centric identity management is really all about tying together all the activities and attributes of a single entity into a readily accessible (and reportable and auditable) form. User-centric identity is about keeping various parts of your online life totally separated so that they aren’t accessible and no report can be drawn.
Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (4)
I've been thinking more on this...By Anonymous on September 2, 2008, 2:55 pmI've been thinking more on this. I'm wondering if there's not a private and public identity with different but potentially related uses. I've put some thoughts...
Reply | Read entire comment
Enterprise and user centric identity modelsBy Anonymous on August 25, 2008, 5:05 pmThe two don't have to be necessarily mutually exclusive (at least from my perspective). I've blogged about what I call the 'theory of identity relativity' which...
Reply | Read entire comment
Identity Model - Enterprise AND User Centric?By Anonymous on August 25, 2008, 5:02 pmI've been wondering if the model we're building (see http://identityhappens.blogspot.com/) applies to both, and I think it does. But of course I'd like to hear your...
Reply | Read entire comment
I don't quite see thisBy James Benedict on August 25, 2008, 10:48 amSo the Internet wants to link "some", but never "all" whereas the Enterprise wants to link "all", but inevitably only ends up with "some". From my standpoint...
Reply | Read entire comment
View all comments