CIS 2014 ~ Magical Meat and Automated Potatoes

This is a tale of two conferences on identity that I haven’t attended. Two conferences in the influence-wake of which I am left to wonder:  What new complexities will the next round of solutions add to the problems of producing digital identity services?

I have been watching the tweets roll in from the Cloud Identity Summit 2014 via the #CISmcc hashtag. (If there’s a contest for mentions, Ian Glazer seems to be doing quite well.) I do kind of wish I was there, but for now the time I have for travel and collaboration is better spent in my own neck of the woods.

From the Twitter back-channel, augmented by some quick-to-post bloggers, it appears that the dominant voices in the identity community, after platform vendors, are still those of engineers and security professionals. Design and management thinking get some mention, but nowhere near the attention they deserve.

There are a lot of engineering and security problems to be sorted out. And, as I keep reminding myself, the network transaction is where the work gets done. If that fails everything else was a waste of time. It was also nice to see tweets bubbling up that chimed with my own concerns…

@NishantK says “The old way of doing it is not going to scale –
Stop using humans as pieces of the architecture.”#CISmcc

@jimcwilhelm

An increase in policy based provisioning won’t address what happens between provisioning and recert.#CISmcc

@stavvmc

Metadata can be used to map what can be shared and what shouldn’t – the NSA has figured it out, you should too sez @NishantK at #CISmcc

@stevetout

@Apprity makes an appearance at #CISmcc via @NishantK in his talk Identity Management is a People Problem (But It Shouldn’t Be!)

@stavvmc

Moving your policies closer to your users is needed to reduce provisioning policy complexities, sez @NishantK at #CISmcc

@nwooler

Having done key rollover or cert changes in federation updates. At scale we need better models. #CISmcc

@adfskitteh

If IAM is too complex, you are discouraging the very people who should be using it, from doing so well.#CISmcc

All up, one clear message from the Twittersphere is that Identity is still constrained by legacy and entropy. Legacy is the state of affairs where the current state is the first second and third constraint on what your future state can be. I summed this up elsewhere as…

legacy and architecture

And I say Identity is entropic simply because entropy is inevitably what you get after years of incremental development under the legacy constraint, each solution, each attempt to ‘clean up the problem’ inevitably results in the addition of another doo-dad, another protocol, language or standard…

Comic panel on how standards proliferate.

And because there are more ways for a system to be disorganised than organised, a state of managed entropy ensues. The system functions. But Identity has long since taken the form of a Rube Goldberg engine.

For my part, I am not hopeful the engineers and vendors will sort out an auto-magical solution thats puts digital identity services into the ‘it-just-works’ box. Not for a while anyway.

In the meantime, I lean towards the ‘Meat and Potatoes’ strategy that Patrick Parker advocated at the 2014 European Identity and Cloud conference. (Bearing in mind, of course, the irony that Parker heads a company selling an automagical solution.)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s