NIdM, AIdM, and NAC
No I didn’t intentionally try to start the day in acronym hell, it just sort of worked out that way. I’m sitting here at Digital ID World catching up on things and it appears that Eric Norlin is continuing his thoughts on a conversation started in July around NAC and its relationship to the identity management space in general. He writes:
As I’m reading through the confusing acronyms (NAC, NAP, etc) - I’m wondering if it isn’t time for the group of innovative vendors in this space (Forescout, ConSentry, TNT, Identity Engines, Apere, Caymas, Juniper, etc) to rename their offerings with a more descriptive term: “Network Identity Management,” or “N-IdM.”
I agree but have one wrinkle to add: identity has always existed on the network, just not in the terms that the IdM folks typically think about. If I put back on my networking hat for a moment, identity in the network can be lots of things:
- MAC Address
- IP Address
- DNS Hostname
- IPsec digital certificate
- User identity (password, OTP, smartcard, etc.)
Identity in the IdM space typically means “user” while in the networking space it simply means “identifier” which is a superset of “user.” I say all this because one of the challenges to using the term “network identity management” is when you say “network identity” to a networking guy they think of the above with the last two items barely on the list if they make it at all. At my company we’ve been speaking to press and analysts about “network identity management” (using that exact phrase) for about a year and we certainly run into a fair number of analysts who “get it” and we quickly continue down the conversation. However, we also run into folks who think of DNS and DHCP appliances as network identity and think about NAC as the new thing we are trying to talk to them about.
I agree with Eric that NIdM is the correct term and that AIdM and NIdM are both subsets of the broader IdM space. Similarly, NAC is a subset of NIdM, just like guest management and secure wireless are.
As an aside, let’s be honest: NAC is just a newer word for AAA. AAA sounds stodgy and old, NAC sounds new. Think of all the words that are used instead of “firewall” these days and you’ll have another example of the phenomenon. For still another, IDS became IPS. NAC has the mind-share for the moment, but I’d be amazed if it stuck around as a term for the long haul.
Technorati Tags: NAC
April 24th, 2007 at 3:44 pm
[...] The notion of applying the same concepts to networks as found in IdM for applications is gaining momentum. As I talk to prospective customers and at speaking events I get questions like, “How is this different from a RADIUS server?” much less often. Folks are starting to grasp the interdependency of identity, policy, authentication and authorization and the requirement to add a layer of intelligence to networks in a heterogeneous way. Last year Eric Norlin started a conversation about the linkages between NAC and identity management and suggested the terms NIdM and AIdM to describe the two elements and their relationship to the broader IdM space. One of my posts from September of 2006 has all the relevant links. He’s staying abreast of the topic as well with a related post just last month. [...]