|
|
|
|
|
PLENARY
|
Summary |
|
Allen Brown, President & CEO, The Open Group |
At the end of the conference plenary, Allen Brown summarized what had been presented and achieved in this conference plenary. His summary report is available for the convenience of those who wish to gain an overall picture of the plenary meeting without needing to read the reports on each presentation.
Welcome & Introduction |
|
Allen Brown, President and CEO, The Open Group |
Allen welcomed everyone to this conference, recalled the objectives for the conference plenary, and introduced each presenter throughout the Monday sessions.
Keynote: Enabling Business within and between Domains |
 |
Jamie Lewis, CEO & Research Chair, Burton Group |
In building the virtual enterprise network, Jamie observed that integration and
security pressures are different facets of the same problem - serving business needs on
networks. We need an infrastructure that supports both. Jamie explained that he intended
to talk about IdM within domains and between domains (federated identity).
Justifying IdM requires a well-formed business case. He identified five basic groups of
business drivers - cost containment, operational efficiency, business need, regulatory
compliance, and risk management. In current practice, IdM amounts to three fundamental
activities - authentication, access management, and user management. IdM responds well to
mapping to an architecture - the Burton Group shares The Open Group's architectural
approach in this area.
In market and product trends, there is much less mystery in product selection than a year
ago. Now it's about integrating products and finding the right combinations that make
sense, and this will take more work to get right. Looking at IdM product trends, security
and IdM are cross-cutting concerns which become evident as we move from the product to the
platform. As solutions evolve, we will be looking for reduced integration effort to put
all these point solutions together into a cohesive system.
Longer term, SOA is not just about re-factoring applications. It requires an
SOA-based
approach to infrastructure services, separation of concerns that will distribute
development burden, and recognition that services themselves need services. The Burton
Group's network services model provides the right approach. They have evolved this model
to its present state in which they identify three main layers - core services, control
services, and platform services. This model represents part of a long-term evolution of
application architecture. So a reality check would say that SOA evolution will take years
- the backlash will come over the next 12-18 months, but the architectural shift is
coming. Also, understanding SOA and risk management can streamline security.
Moving to the federated identity issues, Jamie thought that agreements, standards, and
technologies will make identity and entitlements portable across autonomous domains. In
the standards area, interoperability is not a given, but things are getting better. SAML is
unifying SAML, Liberty ID-FF, and Shibboleth. WSF is creating a composable framework that
includes identity-based security. A sticking point is WSF versus Liberty
WSF.
A reality check on this is that building blocks for trust in federation requires a sound
business relationship, legal contracts, key management, assertions, shared policies,
technical assurance, and audit & accreditation. Business has to calibrate trust to
these building blocks.
Jamie closed by summarizing lessons to be learned from deployments so far of IdM within
and between domains:
Q: It is said that IdM is 80% politics and 20% technology - would we get a clearer
picture in the continuum if we address the politics and governance issues as a problem
that also requires an architected approach?
A: Broadly agree.
Q: (Allen) Are there not a lot of issues in Jamie's presentation that we should take into
the Architecture Forum work?
A: Agree members of the Architecture Forum must look again at Jamie's presentation.
Keynote: Identity-Driven Enterprise for an On-Demand World |
|
Stuart McIrvine, Director, Corporate Security Strategy, IBM |
Stuart began by asking the question: "On the Internet, how do we know who we communicate with?" In fact, why do we want to know? Collecting the reasons why is itself interesting. The problem only becomes evident when we lose personal contact. In these situations we revert to fundamentals - something you have (a token), something you know (a password), something you are (biometrics).
Today, identity is handled using badges (photos), magnetic strip & PIN (2-factor identification), and then of course there are passwords. Good passwords are hard for people to remember, and demanding inclusion of one or more numbers ends up with people using meaningful words with easy to predict numbers substituting letters - 1 for i or l, 3 for e, 5 for s, etc. Biometrics are only useful when we select a human characteristic that cannot be shared and which is reliably measurable - physiological (face, fingerprint, hand, eye) or behavior (gait, keystrokes, signature, voice).
As collaboration increases, accurate identity establishment becomes harder. Poor IdM poses significant business threats. Current inefficiencies with poor IdM include:
Market trends are that 9/11 and the US Dept of Homeland Security increased interest in IdM. Stuart reviewed trends, including moves towards combining physical and logical application areas, then considered some key issues and challenges, before considering what is required of a good IdM system:
But there's more to IdM than this. Customers have real pain with how to handle
outsourced providers, business partners, customers, etc. The answer is federation.
National government Passport Authorities are an example of federation that works - it
depends on trust between each nation's authority whose responsibility is in the same
domain. Trust is acquired through success in transactions, and increasing trust brings
reduced risk. As always, of course, the watchword here is "trust but verify".
Stuart reviewed the value of federating the management of identities. Looking at the roles
involved, we have an identity provider and a service provider, and in particular the role
of provisioning. He illustrated this using an example of a telecoms company providing an
integrated mobile IdM portal, or a healthcare system, or compliance in a regulated
environment.
Q: Stuart talked about auditing - this seems to be a big issue that is often missed.
Enforcement seems to get the lowest priority.
A: This is an extremely valid point. Auditing is a major customer demand: "How can I
present audit information that will satisfy a Sarbanes-Oxley audit?" is a frequently
asked question.
Keynote: Identity Management - A Strategic Analysis |
|
Gene Shultz, Principal Engineer, Lawrence Berkeley National Laboratory |
Gene presented his "10 Premises and Prescriptions for Identity Management". He explained that he works a lot in intrusion detection, so he feels well qualified to offer several case studies that illustrate important lessons to remember.
A break-in at the University of California resulted in the compromise of 1.4 million California residents. The University made a mass notification. Their IT systems administrator had gone on record as warning his superiors about the need for action to correct the lack of acceptable information security, but had been told that security costs money they don't want to spend and gets in the way of performance, so they preferred to live with it. Not surprisingly, they were condemned.
A person who had enabled defrauding 10's of thousands of Georgia residents by stealing their identities and selling them on to others had enabled them to inflict damage amounting to over US$100K. A lot of this was due to individual victims not bothering to report and pursue the frauds. When finally caught and convicted, the thief was sentenced to 14 years' imprisonment.
Phishing attacks are escalating - tricking consumers into revealing passwords, bank account numbers. and other sensitive information. Consumers need to be more aware and less trusting of requests for their personal information.
IdM is a problem that goes back a long time. Gene does not think it is a specialty area within information security. Selling IdM to business executives is easy these days - regulatory compliance requirements and fear of the penalties for non-compliance are the prime drivers. An established base of use is evolving, particularly in the Government and military domains. The relationship to business needs is very obvious, including electronic purchases over the Internet. New technologies like Bluetooth are emerging all the time and encouraging new ways to use new technologies. So why is IdM not keeping pace? Gene presented his 10 Premises & Predictions that he believed will help it get back up-to-speed:
In conclusion - Gene recommended that keeping these basic principles in mind can make the difference between success and failure of effective IdM. He observed that, sadly, the vendor-proprietary factor invariably looms as making solutions not interoperable, so the market fragments and fails to mature. He hoped vendors would follow the more sensible open standards approach for IdM and so grow the market.
Identity Management - Open Standards from OASIS |
|
Patrick Gannon, President & CEO, OASIS |
Patrick observed that businesses have to deal with "basic shock" daily. The way businesses have to deal with such rapid change is to look for de-perimeterization solutions, where you try to open up your business IT resources in a safe manner to facilitate business, yet maintain security of your key information.
Standards matter for e-business because businesses require solutions that can be readily integrated and which will interoperate, to enable them to deploy a cost-effective IT strategy that enables them to be agile in response to changing business needs and to make the best decisions on deployment of available solutions when they wish to upgrade. All this amounts to reducing risk for e-commerce.
"Standard" is a specification published with clear rules, freely available, transparent in operations, and subject to explicit and fair Intellectual Property Rights (IPR) terms. However, to be successful, standards must be used. Adoption is most likely when a standard is relevant, freely available, and tractable, with a reference implementation also available to ease adoption and development of products. Patrick has found that a formula for sustainable standards does require collaboration with appropriate other standards groups, to make the resulting standard as useful as possible.
OASIS is best known for e-business and security standards. Looking at the Web Services security area in particular, OASIS has a lot of activities underway. These are geared to what e-businesses require, what IT operations demand, and how dealings between divisions of a business can best be integrated.
Security can be viewed as identity authentication, encryption, and protection against
interception, and control of access and authority. Most people can understand this simple
supply chain view. The federated identity models seem the way to go for identity
authentication. SAML provides a standard way to convey identity and authorization data.
WS-Security is the standard way to attach security to web data. XCBF (eXtensible Common
Biometric Format) defines how to securely convey biometric data. For encryption and
protection against interception and intrusion, OASIS has working groups on
DSS, PKI TC,
and more. In short, OASIS is working to make solutions into open standards. He
encouraged people to participate.
Q: What relationships does OASIS have with de jure standards bodies like ITU and ISO, and
de facto industry groups like IETF?
A: OASIS has formed collaborations with these and other standards groups wherever they
have identified benefits. They see collaboration on standards work as crucial to the
success in promoting adoption of OASIS's XML-based standards.
Federated Identity - The Liberty Alliance |
|
Conor Cahill, Chief Architect, AOL |
Conor described Network Identification as the fusion of network security and authentication, user provisioning and customer management, SSO technologies, and web services delivery. A federated identity is one that is portable and potable.
Why federation? An individual has multiple identities. These are usually held in separate islands. Federation aims to connect these islands of identity information in ways that preserve confidentiality and privacy of the individual. The Liberty Alliance architecture defines how identity information can be communicated between domains in a secure way.
The Liberty Identification Federated Framework (ID-FF) is a privacy-oriented identity federation and SSO. Conor illustrated the basic use case scenario in his slides. ID-FF and SAML 2.0 have now converged and are about to go forward for approval to publish.
ID-WSF is a framework for locating and invoking identity-based web services. It uses permissions-based attribute sharing to enable sharing of a user's web services profile. The core components of ID-WSF are a discovery service, an interaction service, a SOAP binding, and a data services template.
Connor showed AOL's Liberty implementation, and their system in production.
Web Services Framework and Federated Identity Update |
|
Anthony Nadalin, Distinguished Engineer, Chief Security Architect, IBM |
Anthony described WSF as a construct that is rooted in the principle of delivering a complete lifecycle management for Web Services. He showed a diagrammatic representation of the functional layers in WSF. Looking at the security aspects, he explained how IBM led taking WS-Security through the OASIS standards process. This standard provides a framework for building security protocols. It was designed for end-to-end security of SOAP messages. It leverages existing XML security specifications, and it provides constructs for transmitting security tokens. WS-Trust defines how to broker trust relationships, and how to exchange security tokens. WS_SecureConversation provides for single message security. WS_SecurityPolicy is a set of policy assertions related to concepts defined by other WS-Security specifications. WS-Federation defines a model for SSO access across trust domains using identities from the different domains.
WS-Policy is a flexible and extensible grammar for Web Services that communicates requirements, preferences, and capabilities. WS-Policy/Attachments provides a standards mechanism for attaching.
Anthony presented the complete picture of the technologies and standards involved, and illustrated how the WS-Security set of facilities is used in different application environments - C2B, E2B, B2B. They have been careful to provide federation solutions within a business requirements context, ensuring they are directly relevant to business needs and making them relate well to the end-user identity experience. They acknowledge that this is key to the WS-Security set of standards being widely adopted.
Identity Management - it's More than the Technology |
|
Mary Dixon, Deputy Director, Defense Manpower Data Center (DMDC) |
Mary said that contrary to the claim in an earlier presentation, the US DoD are using PKI. Anonymity is not an option for the DoD. Their friends in the NSA say "keep everyone out", but that is not an option either. DoD personnel use their credentials for both physical access to buildings and logical access to IT systems. They recognize that possession of a SmartCard does not prove you are who the card says you are, but rather that as the possessor of the card you can be traced (audited). With 23 million people who are entitled to access to some aspect or other of the DoD facilities, no personal recognition system is possible - it has to be a digital authentication system. These days we can buy an identity on the Internet - a social security card, a driving license, etc. - albeit an illegal transaction - so the problems are significant and must be resolved.
Identity is at the heart of defense in depth. So the DMDC spends time identifying holes in their system and plugging them. Ways they approach this include:
The DoD operates a continual vigilance system to audit unusual changes in credential data. They certify operators, develop web-based training, all the time evolving a policy to accommodate the changing user population, as well as developing new technology to automate detection of irregular changes. Technology helps, but cannot replace the human evaluations in the auditing process.
Visitors and interactions with agencies are a special category of person requiring authorization for access to Government facilities. This needs to be handled without issuing multiple credentials. The ideal is for the credentials for a person to stay with the person, so their approach is that the data stays with the employer, so that the challenge/response needs minimal information, and revocation is easier to check and implement. This is their implementation of identity federation. Federation requires trust. Trust has to be verifiable, and performed using operating rules that are strictly followed.
Q: How does the DoD handle multiple identities?
A: Each individual has a unique identity - multiple affiliations, but only one person. Yes
this means that at present a person can hold several cards, but the goal is to resolve
this to one card with multiple authorities.
Comment: Thank you for pointing out that the registration process is the key component in this process, because it is crucial but is so often glossed over.
SAML and its Positive Impacts on Business and Users |
|
Gavenraj Sodhi, eTrust Brand Product Manager, Computer Associates International, Inc. |
Gavenraj explained that SAML is all about making SSO solutions interoperable between service providers. This then allows these service providers to make valid business and technical decisions. He translated this into a list of statements that describe SAML's value proposition.
So SAML makes business sense. It helps improve the overall user experience, encourages reduction of help desk calls, and enables automation of business and technical decisions. Gavenraj illustrated typical scenarios to show how SAML improves the process to the benefit of users and business operations, including SSO, value-add reseller, and authorization.
He went on to consider SAML in what he called the "security puzzle", as enabling the permissions management infrastructure framework for trust and security, and as part of the XML-based security standards family.
Digital Identity Strategy |
|
Justin Taylor, Chief Strategist, Digital Identity Office of the CTO, Novell Inc. |
Justin listed the components involved in his digital identity model. He explained he likes triangles, so has assembled his representation diagrams using them. He noted that as more components become involved, integrating them into a cohesive solution becomes harder. The challenges of business today add complexity, so it is not surprising that integrating them well becomes increasingly difficult. To make this problem tractable we need to change the way we think.
They decided to define identity as the distinguishing characteristics of an entity (rather than a person) in a digital system. From this concept, Justin built up a triangle of entities. He then considered an identity-driven computing model, and assembled a triangle of common services utilized by today's as well as next generation systems and applications, enabling integration through a services-oriented architecture. He recommended the www.novell.com/identity site for further information, and also a report from digitalidentityworld for further explanation on the message he has presented here.
Q: In the context of protocols, when you come down to the operating system what will you
use?
A: SOAP will stay as the base.
Q: You gave an example of the Grid going down because the person not the application was
authenticated - how do you propose authenticating the application?
A: The concept is that we will use the same processes to authenticate the application as
we do the person.
Securing the Return on Identity Management |
|
Steve Zamek, Senior Manager, Identity Management, Entrust |
Steve noted there is an increasing number of identities to be managed - customers, employees, partners, regulators, investors - so the challenges are similarly increasing. The main business drivers for secure Identity Management are lowering costs and increasing efficiency, regulatory compliance, better governance, and improving service levels in all areas. His definition for Identity Management covers authentication, authorization, and provisioning, plus preserving the integrity of the Identity Management system itself. An enterprise has many needs. In successive slides, Steve discussed considerations that arise under each of these headings. He closed with a case study using Clerical Medical to demonstrate the need and then the solution architecture to meet that need.
Identity Management Requirements |
|
John Mori, VP, Visa USA |
John asserted that the identity business problem is that management of identity is management of assurance - trust. Greater assurance or trust means greater cost. So the business problem is balancing the asset value against risk. Asset protection is absolutely centric to Visa's operations. So the technical problem is to harness technology to support this aspect of the business. John showed the present global range of regulatory requirements their Visa business has to respond to. He listed five functional areas that they have to address, and how these impact their business operations, including legal and regulatory issues, and mitigation. Issues contributing to costs are the vetting process - higher levels of assurance increases costs, both in the level of vetting and the strength of the credential.
John listed the steps that Visa follows to establish risk, including establishing the business impact in the event of a breach, evaluating the likelihood of a breach or vulnerability, and determining the controls options they can use. Determining the business value has to include assessments of the CIA in minimum, low, medium, and high risk of loss or damage. The nature of the user or entity is very important in this assessment, because the risk has a large dependency on this. Another issue is what is the identity token? The strength of the required authentication is naturally geared to the value of the transaction. Putting together all of this in the most effective way is key to successful management of risk.
Considering where identity should be managed, Visa considers that:
John gave a business model example illustrating this, in the case of how a Visa business partner authenticates their own user to use their application, and their application is then authorized by Visa to give access to use a Visa resource.
In summary, the level of assurance has to be consistent with the business value of the transaction, it also has to be consistent with the business's trust model, and it has to be extensible to future requirements.
Q: With increasing sophistication of phishing, etc, how do you deal with rapidly changing
challenges?
A: Visa's business risk model is flexible enough to accommodate most situations, and
we are continually evolving it to meet new business challenges.
Identity Management Beyond People |
|
Fred Wettling, Architecture Manager, Bechtel Corporation, and Chair of the Network Applications Consortium (NAC) |
Fred posited that it is identities beyond people that we need to manage, and end-to-end, many-to-many relationships are evolving. What do we do with identities - we AFCOMS them:
The scope and complexity is increasing, as we move from personal, to local, to enterprise, to galactic, scale of operations. As we move from one to the next, we must remember to mind the gaps. We must also handle changes in our identity attributes as we progress through life. It is useful to appreciate how policy (policy decisions and policy enforcement) impacts management of identity. Fred went on to consider the following identity challenges:
He closed by noting that the NAC, DMTF, and other sponsors listed for this conference are interested in open standards for Identity Management, and will be participating in meetings later this week to work out how we can collaborate to leverage respective strengths towards achieving common agreement on what they need to be.
Requirements for a Common Core Identity |
|
Jim Hosmer, Principle Architect, Chief Technology Office, Enterprise Information Systems (EIS), Lockheed Martin Corporation |
Jim presented his topic as a common engineering requirement for Identity Management. He began with a brief overview of Lockheed Martin, illustrating the nature of the very substantial organization he works in. It has a large number of employees, and has huge dependency on business relationships with outside organizations and business partners, including the US DoD, US Government, and global business relationships that make them a truly international operation. He also explained how close and secure collaboration is an essential part of these business relationships.
Jim pointed out that user-friendly names and systemic identity are very different. The problem is there is no single recognized standard for the assertion of systemic identity, and this causes inconsistent, confusing, and complex representations of identity. In considering names in a real-world environment, we have to take into account legacy names, as well as a variety of proprietary vendor and non-interoperable standard names. This results in an impossible situation for unifying all these names. Globalization and collaboration drive the proliferation of identity assertions, as does non-interoperability of transfers of identity across domains. What is needed is a globally usable common core identity. The basic requirements for this common core identity are that it must:
Jim discussed each of these features in some detail to explain why they are valid requirements.
He closed with a challenge to The Open Group: this issue has plagued the industry for a long time - a solution is becoming increasingly urgent, particularly in a federated management world - so he hopes The Open Group will accept the challenge to produce an acceptable open standard by the end of 2005.
Secure Mobile Architecture - Boeing Prototype Demonstration |
|
Richard Paine, Advanced Computing Technologist, Boeing |
Richard began his presentation with a video showing how Boeing are working to improve the efficiency of their manufacturing process for their commercial airplanes. He brought out in this video how a secure mobile computing facility that is able to continue to maintain continuous communications with no loss of security of data gathering and communication as the mobile worker crosses network boundaries on the production lines, enables greater continuity of workflow and improved productivity.
Richard explained that he wanted this video to have its first outing at an Open Group conference because the Secure Mobile Architecture (SMA) on which their secure mobile computing facility is based was developed in the Mobile Management Forum of The Open Group - the SMA Guide was published early in 2004. The key elements in the SMA include Public Key Infrastructure (PKI), Host Identity Protocol (HIP), and Network Directory Service (NDS).
In further slides, Richard described how their process works - how they issue and process the temporary PKI certificates, how HIP enables secure communications in which the host identity is a public/private key pair, how the NDS directory supports the required information flow, and also the provisioning process to connect the mobile user to the required directory. His mobile network is now part of the Boeing Intranet with its own DNS.
Richard then gave a live demonstration of how this works, connecting from the conference to the Boeing internal network. His demonstration included showing how a mobile worker who moves out of bounds of the network is disabled from the network, and then how he is automatically re-enabled when he moves back within the network boundary.
In 2005, Richard plans to take this work into the IETF standards track, and to integrate this SMA into the Boeing enterprise. Further development work is needed to test the scalability, and to assess its value in some real-time operations.
Identity-Enabled Networks |
|
Rakesh
Radhakrishnan, Enterprise IT Architect, Sun Client Services
|
Rakesh gave an overview of his approach to Identity Management from a network viewpoint, and introduced his view of identity infrastructure services in the context of a Service-Oriented Architecture. They presented their concept of Identity-Enabled Networks (IDEN) and how it relates enterprise systems to the telecommunications environment. (See also their joint paper, Identity-Enabled Networks.) Ram explained that currently we are seeing the proliferation of networks - and the challenge is to transcend all types of access networks and devices, to provide true mobility. He described what he considers are the characteristics of "true mobility" - including device mobility, user mobility, and access network mobility. Today, many access management systems are fragmented, insecure, and costly. He presented a proposed architecture that uses the Liberty model for federation. In their IDEN system, identity acts as a distributed firewall, protecting devices and system components.
They aim to offer identity that is tightly embedded in the network. They categorized IDEN services into three areas, with a "glue" that integrates all three areas.
Q: Given this flexibility from Sun, how well is it integrated with the OASIS standards -
SAML, etc.
A: SAML is a very important component, and yes this IDEN system does deploy
SAML.
Identifier Management Architecture and Practice - the Burden of Identity Providers |
|
Ron Williams, Senior Enterprise Architect, IBM Corporation |
Ron described identity is an entity in a system, and this may be associated with a name and with a set of characteristics. He discussed these in the context of both enterprise Identity Management and federated Identity Management.
Why "Identity" Management? An application runtime fulfills a business purpose; that is, access control. Application management is another application, concerned with managing (add, change, delete) the artifacts of the application's data. In the access control model, we have an identity (managed by Identity Management) wanting to access a secured application - controlled by a resource manager, with the resource manager being managed by an access policy management system (access management). The driver for doing this is corporate governance and policy enforcement, and if we abstract patterns of similarities of user administration then we can create a heterogeneous administration layer. Typical instances of administration patterns are user self-care, user administration, autonomic computing (identity feed, workflow and provisioning, reconciliation, and account remediation), and accountability and reporting.
Ron presented his view of a logical architecture for enterprise Identity Management based on these concepts, and discussed them in some detail.
Q: Who resolves conflicts if there are two or more policy managers?
A: This is a very good question - it has to be resolved by governance decisions - not by
IT.
Model-Driven Identity Management Architecture - A Work-in-Progress |
|
Ed Harrington, Executive VP, Data Access Technologies, Inc. (DAT) |
Ed explained that unfortunately the case study he had anticipated presenting in this conference is not yet complete, so he has relegated it to a work-in-progress presentation.
Standards are coming - Ed listed the main ones. He also noted that while there is convergence in several areas, in the WS space there seems to be a divergence. Current reconciliation efforts include work in the e-Authentication Partnership (EAP - www.eapartnership.org) and in the Financial Services Technical Consortium (FSTC). The GSA participates in both the EAP and FSTC, and Ed noted that the OMG's Model Driven Architecture (MDA) approach offers an approach to resolution of the standards proliferation dilemma. So those involved are looking at MDA as the liberator here, and Ed presented a detailed slide that explained why.
Additionally, Ed gave an update on the joint OMG and The Open Group architecture activity to establish synergy between OMG's MDA and The Open Group's TOGAF. A further open meeting is scheduled for the Saturday following this conference, in Burlingame, San Francisco, to take this forward. Ed welcomed interest and participation from attendees to this conference.
Q: How important is Shibboleth as an Identity Management standard?
A: It seems to be prevalent in the academic community, so to that extent it is a
significant standard.
Q: IBM is part of the EAP and the FSTC - and they are curious as to how Ed got involved in
GSA and his role there.
A: Ed explained that his new company is under contract with the GSA, and his contact with
OMG's MDA work has brought him into a further aspect that is of common interest.
Q: Moving from platform-independent to platform-specific architecture, what tools exist to
facilitate this?
A: There are many tools available, which Ed will identify if asked separately.
Q: Will QVT become standardized?
A: Believe it is unlikely to be standardized before next year.
The Open Group Architectural Framework (TOGAF) |
|
Chris Greenslade, Frietuna Consultants Limited |
Chris noted we have had many presentations on various aspects of the theme "Architecting Identity Management". He wanted to give an introduction to how to use TOGAF to architect Identity Management - or anything else.
He presented the mission of the Architecture Forum. Recently they have added certification for architects. He noted that architecture is not rocket science; rather it is largely common sense. He went on to describe what Enterprise Architecture is, and introduced TOGAF 7 "Technical Edition" which addresses the technology architecture, and TOGAF 8 "Enterprise Edition" which addresses the information architecture. TOGAF's Architectural Development Method (ADM) defines the steps you go through to develop an organization-specific architecture.
Chris noted the helpful ANSI/IEEE standard 1471 -2000, which defines what an architecture is. The important thing in this definition is the last line, which clearly differentiates architecture from design. He went on to describe TOGAF's characteristics and benefits as a tool for architecting any IT requirement, pointing out that it extends the Zachman framework, it is freely available as download, vendor-neutral, comprehensive, the result of 10 years' experience, and a way to cut up-front costs and avoid re-inventing what already exists. Besides continuing development to produce TOGAF 9 by the end of 2005, Chris also noted the collaboration with the OMG to merge their MDA (Model Driven Architecture) with TOGAF's ADM.
Chris recommended TOGAF as The Open Group's architecture tool of choice.
Closing Summary |
|
Allen Brown, President & CEO, The Open Group |
At the end of the conference plenary, Allen Brown summarized what had been presented and achieved in this conference plenary. This summary report is available for the convenience of those who wish to gain an overall picture of the plenary meeting without needing to read the reports on each presentation.
Allen acknowledged the good work of Chris Harding and members of the DIF and the Security and Messaging Forums in putting together this plenary.
The first Open Group open meeting on Identity Management took place three years ago, in January 2002, as part of our conference in Anaheim on Integrated Information Infrastructure. This led to Boundaryless Information Flow™, and integration of IT solutions. The IT world was focused on the new phenomenon of web services. Microsoft had announced their Passport initiative to deliver single sign-on to web services consumers, and the Liberty Alliance had been formed to counter what many perceived as the threat of domination by a single global identity provider. At that time, we saw three years as the timescale for the solution of the Identity Management problem.
So here we are three years later – what has been achieved? There has been massive progress in identity management standards development, based on a growing understanding of the issues. Products are emerging that conform to those standards. The difficulty for enterprises is how to use those standards to develop architectures that deliver effective identity management.
In our plenary we looked at three areas: at the requirements, at the standards and technology, and at how to pull it all together in enterprise architecture. What have we learnt?
At our meeting in Anaheim, we summarized the requirement in these words: “To develop a global framework for identity management in which the communities that an individual belongs to can operate - and cooperate - effectively, while maintaining the right of the individual to privacy, to dignity, and to be in control of his or her destiny.”
From today’s perspective, we see two important modifications to that. The first is that we have some specific issues to contend with, as well as generalities. We have got far enough into the swamp to find the alligators. Maintaining the right of the individual to privacy, to dignity, and to be in control of his or her destiny is all very well. But before this we have to deal with something that hits them where it really hurts – in their wallets. Identity theft is a major problem. Gene Schultz gave some graphic examples: the break-in to a research database at the University of California that compromised personal information of 1.4 million people; the help-desk staff member who sold passwords that gave access to consumer credit reports. Estimates are that 57 million US adults have been reached by phishing attacks.
As far as organizations are concerned, CIOs do of course want to establish effective operation and co-operation. But CIOs are probably more immediately worried about the company being ruined by security breaches, and about keeping out of jail.
An estimated 88% of companies have been the victims of some kind of cyber attack, though many will not admit to the true scale of the problem. Insider attacks probably pose a more serious danger than external hackers. Stuart McIrvine quoted an average cost of $2.7 million for insider attacks, and gave the specific example of the brokerage where an ex-employee transferred many accounts to his new company. The risk is serious and growing. Indeed, Gene Schultz suggested that it may be growing faster than our ability to control it.
There is an explosion of personal privacy and financial probity legislation worldwide, and compliance is at the front of most CIOs’ minds. Sarbanes Oxley has resulted in boom times for information security professionals. This is a major driver for implementation of identity management.
The second modification to our original understanding of the requirements is that we have found new basic requirements that are not being addressed by current standards activities. Specifically, we need to identify things as well as people, and we need systemic identifiers that are common across systems and stable over time.
Justin Taylor put forward a vision of the Identity Driven enterprise, based on identification of silicon-based, as well as carbon-based, life forms, and Fred Wettling described in detail the requirements for managing identities of things beyond people. Stuart McIrvine pointed out the need to be able to trust the devices that people use, as well as the people themselves, giving the specific example of patches to automobile engine-management systems that can be downloaded over the Internet - what does this do to warranties, and to liability?
Jim Hosmer discussed the need for systemic identifiers, from the perspective of a major corporation with a very large number of customers and business partners. Systemic identifiers, used by system components, must be distinguished from user-friendly identifiers used by people; their fundamental characteristics are very different. He pointed out the drawbacks of commonly-used systemic identifiers, especially their lack of stability over time. Examples like visual changes brought this point out.
Once the alligators have been dealt with, and before we start looking at new areas, yes - we do want to address the currently understood requirements and drain the swamp. There is a clear business case for identity management, and it becomes more important as collaboration increases. Identity management is a showstopper problem that gains the interest of high-level management.
As many speakers pointed out, for the communities that an individual belongs to to operate - and cooperate – effectively, there must be trust. This is the context for federation based on business relationships.
Steve Zamek listed the fundamental business drivers – lower administration costs, increased efficiency, lower risk, audit and reporting for regulatory compliance and governance, improved service levels. Indeed many of the questions to speakers raised the importance of audit.
Cost savings are important. An Aberdeen Group estimate is that enterprises spend an average of $300-$350 per user annually on identity systems. But, as John Mori pointed out, there is a trade-off to be made between cost and risk.
The achievement of the Identity Standards community over the last three years has been impressive.
XML is now the de facto way to represent information of all kinds, identity information being no exception. OASIS is the body where most XML-based standards are developed. Patrick Gannon – in a most artistic presentation that used the difference between Mondrian to Jackson Pollock to illustrate de-perimiterization – described the OASIS standards related to Identity Management and Web Services, including WS-S, XCBF, DSS, AVDL, WAS, SPML, XACML, and particularly SAML. Standards matter because they give businesses risk-reduction for e-commerce, and help businesses to deal with “future shock”. But standards must be open, and successful standards must be adopted in product solutions so they have to be relevant and implementable. They must also produce consistent results, implying a need for assured conformance.
Conor Cahill described the work of the Liberty Alliance, which had created the key concept of federated identity. The Identity Federation Framework – ID-FF – is the basis of the Liberty standards. This was originally built on version 1.1 of SAML. Its features have now been incorporated in SAML 2.0. The Identity Web Services Framework – ID-WSF – has been added to ID-FF; it is a framework for locating and invoking identity-based web services. Layered on top of ID-FF and ID-WSF are identity service interface specifications: personal profile, contact book, and others.
Not all standard trust frameworks are new. PKI has been around for many years. Some doubt how well it has done as a technology solution – Gartner has estimated that 50% of all PKI software is shelfware. However, Mary Dixon pointed out that the DoD has developed PKI and smart cards over the last five years, and is using PKI successfully. She remarked that technology does not solve all the problems – it can only make it harder for attackers to break the process. She stressed the importance of identity proofing as the basis of the whole process. These are principles that apply to technology of all kinds, not just PKI. As John Mori put it, if you don’t know who you are talking to, other security controls don’t matter. The vetting process is key.
Anthony Nadalin described the Web Services Framework, which addresses the whole lifecycle of web services – application development, deployment, service delivery, and management - not just identity. Key elements are WS-Trust, which specifies how to broker trust relationships, and WS-Federation, which defines a model for single sign-on based on the WS-Security specifications. The Web Services Framework incorporates the idea that the federation framework must be independent of the security token technology. This enables the framework to encompass legacy trust systems, and PKI.
There is some overlap between the Web Services Framework and the Liberty Alliance, but they also cover areas that are different. Jamie Lewis remarked that every important vendor (with one notable exception) has committed to both the Web Services Framework and Liberty; and we will see coexistence and convergence emerge.
Products that conform to the standards are emerging. Conor Cahill listed a number of client and server implementations of the Liberty profile that are in production and were demonstrated at a recent consumer electronics show. Gavenraj Sodhi explained how federation can be implemented through SAML using production products. Steve Zamek described a case study at Clerical Medical where identity management products had helped deliver increased automation and lowered costs.
The underlying security technology must be kept under review. 90% of companies use passwords as their primary access control method. Stuart McIrvine forecast that biometrics will become more prevalent, replacing passwords over the next 5-10 years. But keystroke logger attacks raise questions for static credentials of all kinds – including biometrics.
As Jamie Lewis pointed out, there has been a wave of consolidation among product suppliers, which is now almost complete. But the products are mainly bundles right now; they are not integrated yet. Good, well-integrated product suites should emerge over the next couple of years. In the longer term (5-8 years), identity federation features will “seep into” the platform, although cross-platform management will still be needed.
Justin Taylor also stressed the need to be able to integrate identity and security features into products, so that developers can build identity and security services into applications.
Jamie Lewis supported the proposition that Identity Management is mainly an architectural issue for enterprises. And enterprises are surprised at how much customization is required. Today, federation is a custom integration project.
Gene Schultz stressed the need to "Keep It Simple" and to try to induce some order into the “controlled mayhem” of the IT environment. Architecture must also result in systems that are easy-to-use: usability is probably the most neglected aspect of IT security. This was reinforced by John Mori, who warned of the danger of turning customers into enemies.
Many speakers, starting with Jamie Lewis, spoke of the value of the Service-Oriented Architecture (SOA) approach to infrastructure services. Jamie painted the architectural picture of identity services and application services plugging into the same services bus. There has been a lot of hype over SOA – but the underlying architectural shift is probably real.
Standards so far address protocol interfaces but not application interfaces. Connectors to access control systems, with simpler interfaces, are needed. While we understand how to communicate between identity systems, we do not yet agree on what identity services and components can be used to build these systems, or how to plug them into a services bus.
Rakesh Radhakrishnan and Ramaswami Rangarajan presented a proposal that shows specific identity infrastructure services, in the context of a Service-Oriented Architecture. Their presentation addressed another key aspect of today’s enterprise environment: mobility. Their concept of Identity-Enabled Networks (IDEN) relates enterprise systems to the telecommunications environment.
Richard Paine described a project that addresses support for mobility within the enterprise – an implementation by Boeing of the Secure Mobile Architecture (SMA) that was developed by The Open Group Mobile Management Forum and published early in 2004. The SMA leverages the power of directories to store location and network information in addition to identity information. This enables identity-driven features to be incorporated into the network infrastructure.
Ron Williams explored the differences between Enterprise and Federated Identity Management, and described the practical business of architecting identity-based systems.
The relation of services to a service bus will in practice be in the context of a development environment such as J2EE or .NET. From an architectural perspective, environment-independent components would be more desirable. The Model-Driven Architecture (MDA) approach, described by Ed Harrington, enables a solution description to be developed at the environment-independent level, and to be used to generate the implementation in the appropriate platform.
It is a truism that knowing the answers is of little use unless you ask the right questions – and this is particularly valid for enterprise architecture. The Open Group Architecture Framework – TOGAF – described by Chris Greenslade incorporates an Architecture Development Method (ADM) that encourages the architect to ask the right questions at the right time. It also includes a resource base that the architect can use in the development of enterprise architectures. When identity management components are defined and included in that resource base, TOGAF will provide the framework for development of effective architectures for identity-based enterprise systems.
Things have moved fast over the last three years. There is now a substantial body of
identity management standards, and products that conform to those standards are emerging.
At the same time we are becoming aware of new requirements that are not covered by the
existing standards.
Pulling the standards and products together into effective enterprise architectures is a
key issue. The architectural principles are not yet completely clear, but they are
beginning to be understood.
Two areas for future work stand out.
The first is the development of our understanding of architecture for identity management.
Service-Oriented Architecture may provide the basic principle, but we need clearer
definitions of the building blocks - the identity management components that plug into the
services bus. With these in our resource base, we can use TOGAF to create effective
enterprise architectures for identity-based enterprise systems.
The second is the development of our understanding of new requirements, and the creation
of standards that help vendors to address them. A meeting session jointly sponsored by the
DMTF, NAC, and The Open Group, later in this Conference, looked at the requirements
for common core identity representations for systemic identifiers, including identifiers
for things as well as for people. The challenge that Jim Hosmer gave us in his
presentation was to achieve a standard on this by the end of 2005.
There has been substantial and real progress in the last three years. Let’s hope that
this continues, so that by the end of the next three years the deployment of
identity-enabled systems in the enterprise has become a matter of routine for IT
architects.
Home · Contacts · Legal · Copyright · Members · News |
|||
© The Open Group 1995-2012 Updated on Thursday, 28 July 2005 |
|||
|
|