The identity management projects are jointly addressed by members of the Security Forum
with the Identity Management Forum. The whole Wednesday of the Security Forum meeting was
devoted to participation in the Identity Management Forum agenda.
Future Plans
Review of the relationship and future of our Identity Management Forum with the Governing
Board in the Washington DC meeting noted that there is very little distinction now
between the agenda of the Identity Management Forum and the Security Forum. The
participants are also the same, and this has been the case since early in the transition
of the Directory Interoperability Forum (DIF) into it becoming the Identity Management
Forum. Members recalled the evolution of the IdM Forum from the DIF, and how the Security
Forum and IdM have run joint projects ever since review of the Identity Management
Business Scenario. Since identity management seems part of the Security Forum's program,
and most of the participants are members of the Security Forum, it seems to make sense to
the members of both Forums that we should integrate into a single
Forum. Even so,
there is value in maintaining visibility of identity management as a separate entity in
The Open Group's portfolio of forums. All agreed there is no urgency here, so we will
consider our options and their implications, with a view to resolving it in due course.
Framework for Identity Management
Ian will coordinate existing comments and solicit new ones, on the current review draft
from SC27 of the Framework for Identity Management, and compile them into a single
submission to SC27 by the due deadline of August 30 2006.
Architectures for Identity Management
Ian will review the revised edited draft with appropriate other IdM Forum members, and
present proposals for adding missing description required to complete it as a draft that
is satisfactory for submission to Company Review and approval for publication.
Common Core Identifiers
All will support the CCI WG in concluding final review and completion of the CCI Framework
(including Matrix of Identifiers). Also Ian to follow up with ISO SC27 secretariat on a
proposal to submit to them the CCI Framework as a basis for develop a Common Core
Identifiers Framework standard.
IdM Design Patterns
Changes agreed to the draft definition for our 3rd Party Identification Pattern, based on
review feedback and discussion in the Miami meeting, will be applied and the resulting
revised draft patterns will then be reviewed again by the IdM Forum members. Ian will call
a teleconference for members to approve the revised 3rd Party Identification pattern
definition and contribute input to its Consequences, Known Uses (add a forensic example),
and Related Patterns sections, so this pattern can be completed. The completed 3rd Party
Identification pattern definition will then be used to derive a definition for a 2nd Party
Identification pattern, this being a subset of the 3rd Party case.
A draft for an Authenticator design pattern was reviewed, and this will be further
developed based on review feedback and discussion in the Miami meeting.
IdM Catalog
The project leader and his team have continued to encourage vendors to
complete their entries in to Catalog database, and also encourage the development of the
proposed web-based display for information entries from the database. Sadly, neither of
these efforts have produced the good progress we had hoped for on exiting the previous
(Washington DC) meeting in April 2006, when we were planning to launch the first version
of the IdM Catalog in this Miami Conference.
The team reported that to date we have 17
product entries from 10 different IdM product vendors. Only one of these entries is
satisfactory in terms of providing direct and credible answers to all the questions in our
entry template, and only one (Novell) of the 10 product vendors can be viewed as a major
IdM product vendor in the marketplace. Despite the team sending submitters specific lists
of issues over the past three months, pointing out the deficiencies in their answers and
requesting they revise their entries, none have yet responded. The team suspects that the
respondents in these vendor companies are marketing rather than technical people, and
these marketing people have a product description script which they do not depart from,
and if that script does not give the direct answer then they select the nearest one that
makes their product seem best. Discussion on this concluded that vendors will not
willingly declare deficiencies in their products. This is a learning experience, that
vendors are not willing to provide comparison data on their products unless that data shows
them as best, or at least as in the top percentile. It was suggested that when the
proposal to start this IdM Catalog program started, the idea was possibly to produce a
database of information on available IdM products that enabled users to obtain "works
with" information similar to the "works with LDAP" certification scheme.
Regarding the web-based display system for rendering comparative information on
products in the Catalog database, a single-product display system has been developed, but
the desired multiple-product selected-items display is not yet available.
So the present position is that we do not have substantive meaningful entries of IdM
product information in the IdM Catalog at this time, and neither do we have an acceptable
display system for comparing information on selected products in the Catalog. Furthermore,
the effort put in by the team over the past three months - particularly
in encouraging vendors
to revise their Catalog entries - has not yielded effective results. Discussion on this
concluded that further effort on this is unlikely to achieve the desired results, and in
the light of our experience here possibly the goal we set ourselves for this project may
be unachievable. The members expressed their appreciation of the persistent efforts of the
team who have done much to try to make this project a success; if their efforts could not
achieve the desired outcome, then probably no amount of effort would achieve it. An
analogy was drawn with what we characterized as the "grade B beef" problem - no
vendor wants to have his IdM product shown as having deficiencies, just as no meat vendor
finds he can sell his customers low-grade beef.
In the light of all this debate, the members decided to close this project. Accordingly
appropriate closing actions were agreed:
- Explain the situation to the vendors who have provided entry information into the IdM
Catalog - that after much effort it has proved to be impossible to assemble sufficient
information to represent the intended purpose of the IdM Catalog, at the quality level
required by The Open Group Identity Management Forum, so we have reluctantly decided not
to continue with this project at this time, we thank them for their willingness to
participate, and guarantee the information they have provided will not be used now or in
the future without their express permission
- Provide a similar explanation, thanks, and undertaking to the developer of the IdM
Catalog web-based display system
- Archive the project materials
Identity & Access Management
The project leader was unavoidably unable to attend the meeting, and none of the declared
interested parties was available either. Ian will co-ordinate members to get this IAMF
project underway.
IdM Standards Entry in SIB
Ian will complete ballot for the two CRs submitted during Company Review, and conduct due
process leading to installation of the IdM Standards list into the Standards Information
Base.
