40 likes | 100 Views
Do We Really Need More ID related Standards?. www.KeyPairTech.com. Where are we now?. Technology/mechanism. Solutions/Vendors. ID Management. Password OTP – RSA, OATH Smart Card/ Certificate Biometrics Cookie/Session Id Kerberos Ticket Card Space, STS SAML 1.0, 1.1, 2.0
E N D
Do We Really Need More ID related Standards? www.KeyPairTech.com
Where are we now? Technology/mechanism Solutions/Vendors ID Management • Password • OTP – RSA, OATH • Smart Card/ Certificate • Biometrics • Cookie/Session Id • Kerberos Ticket • Card Space, STS • SAML 1.0, 1.1, 2.0 • OpenID, GoogleID, • YahooID, LiveID, etc • MAC, IP Authentication • Workflows • Life cycle management of different credentials and tokens • M & A causes tremendous problems • Rip & Replace – WILL NOT WORK • Change is very very ... hard – if not impossible • Microsoft • Sun, IBM • Oracle, CA • Novell • EMC/RSA • Upek, Precise Biometrics • Ping Identity • Yahoo, Google, AOL • Activ Identity, Gemalto • Open Source Software Key Pair Technologies: IDTrust 2009
What has been our response? • Customer you need: <password, OTP, X509, SAML vX, etc> for this service • Customers don’t understand why this need this here versus something different elsewhere • Enterprises has invested in infrastructure which are not flexible – change in algorithm – wait for a new version of this product, BTW, you will need the rest of this kitchen sink • Technologies talk technology, Sales and CxOs talk Value. Both are right and both don’t connect – you do your thing, I will do mine. Where is the MBA course on selling technology to non-technical business folks. Note that the ultimate customer is non-tech person. • Regulation is seen by CxOs as a pain and expense and not as how it saving them money or making them more secure, etc. Identity is the main driver for Regulations today. Key Pair Technologies: IDTrust 2009
Next Steps [1] http://middleware.internet2.edu/idtrust/2009/slides/05-neumann-context.pdf Develop a Vision for IDentity1 Develop lessons learnt from developing and deploying each of these ID technologies Now we can think about more ID related Standards if they don’t address needs, but, also develop a deployment and migration plan I am very interested in this topic. You can contact me: shivaram@KeyPairTech.com Key Pair Technologies: IDTrust 2009