Digital Identity World & Identity in 2006
Hello from DIDW 2006 in Santa Clara, CA (that's California in the USA for our international friends).
For those that don't know of this conference yet, DIDW is a relatively new, but important conference for anyone involved or interested in the world of Identity. Notice the last word of the previous sentence – "Identity". This isn't a conference about security. It is a conference focusing on the multi-faceted and pressing issues relating to how you identify yourself to others through the many technologies available today … and tomorrow.
I am finding DIDW to be a very interesting conference for many reasons, but one key observation leaps out at me – it's pretty clear that nobody really has a solution to the problems that identity introduces. There are many (many, many) vendors here promoting their technologies and approaches attempting to solve individual facets of the identity problem, but nowhere do I see a comprehensive, cohesive solution.
It feels to me that the Digital Identity industry is today where internet and network security felt circa 1996. If you cast your mind (or browser) back to the issues faced in the mid-late 90's, they were mostly about how to build and secure the paths between your user's machines and your servers. Switches, routers and firewalls were the hot topic of the day, closely followed by load-balancers, etc. By the late 90's, the internet had reached critical mass; adoption was skyrocketing. The profusion of network routing, firewall, etc. technologies drove them into the realms of commodity.
The first 5 years of the second millennium has seen the whole industry focus on providing solutions to the problems of how to protect server farms and their applications from attack and protect users from malicious attack. Technologies from a seemingly endless list of vendors provide powerful, flexible, adaptive protection of network assets and client machines alike. While we'll never be "done" in this sphere, we're no longer without options.
Simultaneously, existing products and technologies have been dramatically strengthened. Whilst Windows has its security and availability problems, it's now faring pretty well in relation to UNIX/Linux for example. Despite what some would have you believe, Microsoft does take security extremely seriously and it is clear our focus and effort in this space are improving the safety of our platforms and products, and therefore, our users. This is a trend we are hoping will leak beyond our borders (through increased transparency and through books like this and this, tools etc), and I am certain the whole industry will (eventually) rally around the call to action to strengthen your apps, systems, platforms and technologies from the growing variety of attacks.
As I just pointed out in a prior post we're almost done with WS-* v1.0 and the Open Specification Promise (OSP) opens up the opportunity for us all to build applications which interoperate across platforms and technologies in a secure, reliable manner.
So here we are in 2006 with a rich, secure communication fabric at our disposal and we need to start answering the question "who are you?" with a great deal more consistency and safety than we do today.
Opening up this identity landscape and driving adoption of technologies which aim to resolve the issues users are facing today is the responsibility of the entire industry and is a landscape rich with opportunities to create applications we've not even yet thought of once we can ask that imperative question: "who are you?"
What are YOU going to do to help make this happen?
