Moving On…..

Its the end of an era!

I have been at Enline plc for nearly 10 years now (must be nearly a record), working predominantly in a consulting role at a number of different levels from implementation through to architecture. During that time I have seen a lot of changes within the company as well as number of changes for me personally. However, I have now decided that it is time to move on and take the next big step on that career ladder.

Therefore, as a result, I have accepted a position as a Senior Technical Strategy Consultant with Cap Gemini and will be starting with them mid-September. My role will still be in the Identity Management space with an initial focus on Federation working as a Federated Identity Architect. I see this as a very positive move for me and one that I think I will find challenging but at the same time rewarding.

As far as Enline goes, I have nothing but respect for the people who work there and show the dedication and commitment required to make a small company as successfully in a competitive market as Enline has been for over 20 years and continues to be. I have had the opportunity to work with some very skilled and talented people who have taught me a lot, not just professionally but also personally. I have made some great friends at Enline who I will stay in touch with.

I wish Enline every success for the future in the same way that they have done for me.

Meanwhile, I look forward to seeing what challenges and opportunities my new role presents in the coming months.

DON’T FORGET MY BLOG HAS NOW MOVED TO HTTP://BLOG.PDTOAL.COM

Advertisements

Moving On…..

Its the end of an era!

I have been at Enline plc for nearly 10 years now (must be nearly a record), working predominantly in a consulting role at a number of different levels from implementation through to architecture. During that time I have seen a lot of changes within the company as well as number of changes for me personally. However, I have now decided that it is time to move on and take the next big step on that career ladder.

Therefore, as a result, I have accepted a position as a Senior Technical Strategy Consultant with Cap Gemini and will be starting with them mid-September. My role will still be in the Identity Management space with an initial focus on Federation working as a Federated Identity Architect. I see this as a very positive move for me and one that I think I will find challenging but at the same time rewarding.

As far as Enline goes, I have nothing but respect for the people who work there and show the dedication and commitment required to make a small company as successfully in a competitive market as Enline has been for over 20 years and continues to be. I have had the opportunity to work with some very skilled and talented people who have taught me a lot, not just professionally but also personally. I have made some great friends at Enline who I will stay in touch with.

I wish Enline every success for the future in the same way that they have done for me.

Meanwhile, I look forward to seeing what challenges and opportunities my new role presents in the coming months.

More from Jason Kolb on Reinventing the Internet

Jason Kolb has posted the fourth part of his series on “Reinventing the Internet”. I have blogged about two of his previous three posts here and here.

I don’t know where Jason gets his inspiration but I continue to be impressed.

However, there are a couple of queries I have about his most recent flash of genius.

Firstly, he talks about how applications will no longer work in the traditional sense:

“Thus, instead of a user registering to use an application as it
typically done with Web applications these days, we need to turn this
concept around and the application now needs to register with the user.”

My question around this would be how the application would deal with users’ permissions. If I own my private server and therefore my own online Identity, are the only claims that I hold on the server self-asserted ones? Therefore, when I launch and application, how does it know what permissions to give me in the application? Is this just based on the self-asserted claims that I make? Alternatively, does Jason envisage this private server plugging into something like CardSpace so that I could use third-party verified claims instead of just my own when accessing external applications.

Furthermore, Jason talks about the uses of the private server:

“The user can use it to administer their public Web presence, send and
receive messages, launch applications, and a bunch of other fun stuff
which I’ll talk about another time.”

I wonder if the launching of applications could be done by using something like Heartbeat-ID that I have talked about previously? Is this the sort of way Jason was thinking about launching and running applications or has he not gone to that level of detail yet. Plus, it does rely on Heartbeat-ID open-sourcing their software used to launch applications.

Jason has clearly thought through his idea well and I can’t wait to see a working prototype put out to the wider Identity community for comments, feedback and input.

DON’T FORGET MY BLOG HAS NOW MOVED TO HTTP://BLOG.PDTOAL.COM

More from Jason Kolb on Reinventing the Internet

Jason Kolb has posted the fourth part of his series on “Reinventing the Internet”. I have blogged about two of his previous three posts here and here.

I don’t know where Jason gets his inspiration but I continue to be impressed.

However, there are a couple of queries I have about his most recent flash of genius.

Firstly, he talks about how applications will no longer work in the traditional sense:

“Thus, instead of a user registering to use an application as it
typically done with Web applications these days, we need to turn this
concept around and the application now needs to register with the user.”

My question around this would be how the application would deal with users’ permissions. If I own my private server and therefore my own online Identity, are the only claims that I hold on the server self-asserted ones? Therefore, when I launch and application, how does it know what permissions to give me in the application? Is this just based on the self-asserted claims that I make? Alternatively, does Jason envisage this private server plugging into something like CardSpace so that I could use third-party verified claims instead of just my own when accessing external applications.

Furthermore, Jason talks about the uses of the private server:

“The user can use it to administer their public Web presence, send and
receive messages, launch applications, and a bunch of other fun stuff
which I’ll talk about another time.”

I wonder if the launching of applications could be done by using something like Heartbeat-ID that I have talked about previously? Is this the sort of way Jason was thinking about launching and running applications or has he not gone to that level of detail yet. Plus, it does rely on Heartbeat-ID open-sourcing their software used to launch applications.

Jason has clearly thought through his idea well and I can’t wait to see a working prototype put out to the wider Identity community for comments, feedback and input.

Using your Online Identity

Jason Kolb has blogged the third part of his idea of how to give an online identity to the masses and what they can do with it. This extends his previous postings (here and here) which I commented on here.

I find this whole concept of his very interesting indeed. What he seems to be doing is taking the existing URI based Identity services (e.g. OpenID, LID etc) and extending them so that, in his words:

As cool and ingenious as technology like OpenID
is, it’s really a band-aid of sorts to fix the fact that people’s data
doesn’t currently live at their own domain.  When everyone owns their
own domain (the how of which I posted about in part two), the problem just goes away.”

According to his post, Jason has started working on getting the software for the sites needed up and running. I will be following this with great interest to see where it goes. On the face of it, his idea seems very solid and looks to only extend the hard work that Netmesh and other people have put into protocols like OpenID and take it to the next level.

DON’T FORGET MY BLOG HAS NOW MOVED TO HTTP://BLOG.PDTOAL.COM

Using your Online Identity

Jason Kolb has blogged the third part of his idea of how to give an online identity to the masses and what they can do with it. This extends his previous postings (here and here) which I commented on here.

I find this whole concept of his very interesting indeed. What he seems to be doing is taking the existing URI based Identity services (e.g. OpenID, LID etc) and extending them so that, in his words:

As cool and ingenious as technology like OpenID
is, it’s really a band-aid of sorts to fix the fact that people’s data
doesn’t currently live at their own domain.  When everyone owns their
own domain (the how of which I posted about in part two), the problem just goes away.”

According to his post, Jason has started working on getting the software for the sites needed up and running. I will be following this with great interest to see where it goes. On the face of it, his idea seems very solid and looks to only extend the hard work that Netmesh and other people have put into protocols like OpenID and take it to the next level.

OpenID added

After moving my blog to its new location, I have started to look at how I can customise it and add functionality.

As an advocate of Identity Management and user-centric identity, I thought it only fitting that I add OpenID support as my first plugin. As a result, you will now find that in order to leave a comment on my blog you can either:

1) Register as normal
2) Use your OpenID.

This plugin is courtesy of Snaky and can be found here.

Application-Centric IdM – Is this not already here?

Defining Application-Centric IdM

Whilst catching up with everyones feeds after my recent holiday, I came across this post by Nishant Kaushik of Oracle about Application-Centric IdM and its definition.

During his post he states:

“The idea is that instead of each application having to build these
infrastructures as part of their functionality, they can just avail of
them as ready made, standards-based services. Application-centric IdM
moves away from the traditional system management style of IdM,
focusing instead on the creation of an IdM infrastructure that
customers deploy to expose these services for their applications to
plug into their own business processes. It makes identity (and
security) an integral, yet abstracted part of the development process.”

I’m not sure I fully understand the difference between what he is describing as Application-Centric IdM and Enterprise IdM as we have known it for some time.

He seems to be saying that you abstract the IdM and security requirements of the application out into a separate, open standards based layer and then use this from within your application. To me, this is what your access management application (a la SiteMinder, CoreID, Tivoli Access Manager etc) have been doing for years and what each of these vendors have further developed (mainly through acquisition) to encompass IdM as well (a la Identity Manager (CA), Identity Manager (Sun), Tivoli Identity Manager etc). Do these vendors not already provide the functionality that Nishant is referring to in this new term of Application-Centric IdM. Through the use of provisioning, it is already possible to manage application permissions from an abstracted and centralized platform.

I may have missed the point of Nishant’s post. If so, please feel free to correct me but at the moment I aren’t sure why there seems to be this new term for something that has been around for some time.

DON’T FORGET MY BLOG HAS NOW MOVED TO HTTP://BLOG.PDTOAL.COM

Application-Centric IdM – Is this not already here?

Defining Application-Centric IdM

Whilst catching up with everyones feeds after my recent holiday, I came across this post by Nishant Kaushik of Oracle about Application-Centric IdM and its definition.

During his post he states:

“The idea is that instead of each application having to build these
infrastructures as part of their functionality, they can just avail of
them as ready made, standards-based services. Application-centric IdM
moves away from the traditional system management style of IdM,
focusing instead on the creation of an IdM infrastructure that
customers deploy to expose these services for their applications to
plug into their own business processes. It makes identity (and
security) an integral, yet abstracted part of the development process.”

I’m not sure I fully understand the difference between what he is describing as Application-Centric IdM and Enterprise IdM as we have known it for some time.

He seems to be saying that you abstract the IdM and security requirements of the application out into a separate, open standards based layer and then use this from within your application. To me, this is what your access management application (a la SiteMinder, CoreID, Tivoli Access Manager etc) have been doing for years and what each of these vendors have further developed (mainly through acquisition) to encompass IdM as well (a la Identity Manager (CA), Identity Manager (Sun), Tivoli Identity Manager etc). Do these vendors not already provide the functionality that Nishant is referring to in this new term of Application-Centric IdM. Through the use of provisioning, it is already possible to manage application permissions from an abstracted and centralized platform.

I may have missed the point of Nishant’s post. If so, please feel free to correct me but at the moment I aren’t sure why there seems to be this new term for something that has been around for some time.