Well that was an interesting three days with a fair amount of typing. Hopefully the session notes were helpful to everyone. There is some good analysis of specific sessions over at Phil Windley’s blog. In all I thought the conference was well done and it was interesting to discuss the nascent blurring of the NAC and Identity space. The hot topic of the conference was not NAC though, but rather the user-centric identity efforts from Microsoft, Higgins, and others.
These initiatives, if you are unfamiliar with them, promise to simplify the user experience of sharing identity information on the Internet. Through a visual representation, users choose the identity profile they wish to share with a given site and can control what information is presented. These identity profiles can either be self-asserted or signed by an identity provider. Think of it as a signed version of your web browser’s auto-fill feature with a selector in advance of submitting the data.
There were a couple presentations on the enterprise applications of this functionality and most of the conversations were clothed in the trappings of web 2.0 virtues like user-centricity and distributed workflow. There were no immediate killer applications that I saw. Interestingly enough, the most compelling reason to imagine that this functionality will hit the enterprise is that consumers will like the user experience at home and will ask for it at work. What then, will user-centric identity mean in an enterprise networking context?
These systems seem to be very much like a PKI at their heart. Identities are signed and can be presented without a challenge / response from some authority each time. This is good and if it can be extended to include information within the signed identity about the role and attributes of the user, then network access decisions can be made without consulting a user directory. Of course role changes, revocation, and other intricacies threaten the simplicity of the system but the overall idea of embedding more information in a certificate is not particularly new. If these user-centric efforts produce something substantially easier to deploy and use, then a signed identity throughout the enterprise is possible and could significantly change network identity management.
Technorati Tags: Digital ID World, higgins, Identity 2.0, Infocards