Craig Burton

Logs, Links, Life and Lexicon: and Code

Craig Burton header image 1

It Takes a Community to Manage an API Ecosystem

November 27th, 2012 · Identity, The API Economy

go ahead and share


Intro

Starting at the EIC 2012 I have been talking and presenting a lot about The API Economy. The API Economy has become a strategic topic for organizations. As one can expect with a hot topic, there are many opinions and views on the matter. Therefore there a many comments, blog posts and articles written about The API Economy.

Needless to say it is tough to keep track of everything being said or to track any given thread. I should start off by saying the questions asked by this blog post are appropriate and need to be answered.

The DataBanker thread

An interesting thread that I have been following for a while has inspired me to make a few comments about exactly what I mean by an API and to add additional data about the actual API numbers.

The people over at DataBanker published a piece in Sept. entitled “Personal Identity in the Cloud. What’s a Programmer to Do?

The author then goes on to cite the numbers I have used in several presentations to derive the actual number of APIs that we are looking at dealing with over the next five years. First he questions the accuracy of the numbers and their implications.

“I have to admit, the statistics from the Apple announcement, especially when combined with the view from Cisco, definitely make one stop and think. But Craig Burton’s blog post has apocalyptic overtones that I don’t think are accurate.”

Next he starts to ask questions about what I actually mean when referring and API.

“When Craig Burton refers to “20+ billion APIs all needing distinct identities”, what I believe he is actually referring to is interconnections and not discrete APIs.”

And finally the author states that the Identity Ecosystem being established by NSTIC will be used to address the problems brought on by The API Economy.

“Managing identity – entity or personal – within the Cloud certainly has some unique challenges. Fortunately, there are substantial communities such as the NSTIC Identity Ecosystem and projectVRM that are focused on defining standards for creating, validating, managing, and transacting trusted identities as well as looking at the broader issue of how individuals can control and assert their identity and preferences when engaging products, services, and vendors within this expanding internet of things. Multiple solutions will likely be proposed, developed, will co-exist, and eventually consolidate based on the collective wisdom and adoption of the cloud community. That community – or ecosystem – is really the key.”

So let me address each of these in turn.

The Apple and Cisco numbers and their apocalyptic overtones

First off, let me say that the numbers I quote from the iPhone5 announcement — while a little overwhelming — are very conservative. Mary Meeker — partner with Kleiner Perkins, Caufield and Byers — recently gave a talk about the growth of the device market. In that talk, she pointed out that the Android Phone is ramping up 6 times faster than the iPhone.

“By the end of 2013, Meeker expects there to be 160 million Android devices, 100 million Windows devices, and 80 million iOS devices shipped per quarter.”

If you can believe the first axiom of the The API Economy — Everything and Everyone will be API Enabled — the significance of this additional research on the numbers of devices being shipped is non-trivial. The current methods being used to provision and manage the identities associated with these devices are broken and cannot scale to address the issue. Call that Apocalyptic if you want, but ignoring the facts do not make them go away.

Interconnections not APIs

As I pointed out earlier DataBanker then supposes that what I mean 26+ billion APIs is referring to “interconnections and not discrete APIs.”

I am actually referring to a conservative number of discrete APIs. Here is how APIs work. Every API must have a unique identity. Not necessarily unique functionality, but a unique ID.

But DataBanker did find the missing information in my numbers. I didn’t include relationships and interconnections. I didn’t include them in the equation because I wanted to keep things somewhat simple. Fact is, each interconnection and relationship also needs an API and a unique ID. Thus the number of actual APIs we are looking at are 3 to 5 times bigger than the numbers I outlined originally.

NSTIC Identity Ecosystem will address the problem — NOT

Here is where DataBanker and I start to agree — at least sort of.

It will take a community to address The API Economy explosion in identities management requirements. Further the NSTIC and ProjectVRM communities can help, but neither of these in their current state address the matter. For more information about what NSTIC is in this context, readthis blog post.

The Ecosystem required to address billions of Identities and APIs is one that can be automated. Programmed. In order to address a programmable web, we need a programmable ecosystem to accompany it.

We are calling this ecosystem Identity Management as a Service.

Summary

I continue to stand by my numbers and projections of the implications being brought on by the API Economy. I see that in the near future, everything and everyone will be API enabled.

I also see a great number of people and organizations that do understand this issue and are moving forward with intention to address it and to succeed with the API Economy.

Links

http://blogs.kuppingercole.com/burton/2012/09/21/salesforce-identity/

http://blogs.kuppingercole.com/burton/2012/06/05/microsoft-is-finally-being-relevant/

http://blogs.kuppingercole.com/burton/2012/06/21/making-good-on-the-promise-of-idmaas/

http://blogs.kuppingercole.com/burton/2012/06/06/what-i-would-like-to-see-first-from-idmaas/

http://www.id-conf.com/sessions/1001

http://blogs.kuppingercole.com/burton/2012/09/21/salesforce-identity/

http://techcrunch.com/2012/11/05/mary-meeker-internet-trends/

http://databanker.com/2012/09/20/personal-identity-in-the-cloud-whats-a-programmer-to-do/

→ No CommentsTags:··

2012 International Oasis Cloud Symposium

October 16th, 2012 · Daily Thesis, Identity, Open API Economy, privacy

go ahead and share


 

Summary of the Oasis Cloud Symposium last week in Washington DC.

Introduction

Last week I was invited to attend the 2012 International Oasis Cloud Symposium.

I was very impressed. The attendance was not large—in fact—the organizers limited the number of attendees to 125 people. I was not able to attend the first day, but the second day was lively with many interesting presentations and discussions.

I won’t go over the complete agenda, if you want to it can be located in PDF format here.

Overall I would say every presentation given was worth listening to and the information was both valuable and informative. Not all of the presentations have been posted yet but a good number of them—including mine—can be found at this location.

I wanted to highlight a few of the presentations that were especially interesting. Again, I think all of them are worth looking at, but here are some highlights.

Privacy by Design

The day started out with the Information and Privacy Commissioner of Ontario Canada—Dr. Ann Cavoukian—giving a presentation via videoto the group on Privacy by Design. Her message was that she and Dr. Dawn Jutla—more about Dr. Jutla in a second—are co-chairing a technical committee on Privacy by Design for software Engineers.

“It’s all about developing code samples and documentation for software engineers and coders to embed privacy by design into technology. We are going to drill down into the “how to” in our technical committee.”

Following the video by Dr. Cavoukian, Dr. Dawn Jutla gave a presentation about Privacy by Design (PbD).

Now I have heard of Dr. Cavoukian and the PbD movement. But I had never been exposed to any details. The details were amazing and I like the 7 Foundational Principles.

1. Proactive not Reactive; Preventative not Remedial

2. Privacy as the Default Setting

3. Privacy Embedded into Design

4. Full Functionality—Positive-Sum, not Zero-Sum

5. End-to-End Security—Full Lifecycle Protection

6. Visibility and Transparency—Keep it Open

7. Respect for User Privacy—Keep it User-centric

These are sound principles that make a lot of sense. So much so that I invited Dr. Jutla to attend the Internet Identity Workshop (IIW) and to jointly present with me a discussion about Privacy and Identity in an API Economy.

Dr. Jutla agreed and we will lead the discussion on both Tuesday and Wednesday of next week (October 23, 24) at IIW.

If you look at the agenda, the rest of the speakers presenting on privacy were stellar. I learned a lot.

Summary

I strongly recommend looking over the agenda and reviewing the presentations that interest you. For most organizations, this should be every plenary and every discussion group.

I was also impressed with the Oasis’ ability and willingness to invite seemingly competitive groups, like iso.org, ANSI, and Kantara. This is the way standards body should work when it has the best interest of the industry and objective of open standardization.

Kudos to Laurent Liscia and the entire OASIS organization for the execution of a great event.

→ No CommentsTags:··

The Case for Reputation Capital

October 1st, 2012 · Daily Thesis, feature, Identity, Innovation, KRL, The API Economy

go ahead and share


I love this talk. Let me know what you think.

→ No CommentsTags:

NSTIC Update

September 24th, 2012 · Daily Thesis, feature, Identity

go ahead and share


National Institute of Standards and Technology awards $9M to support trusted identity initiative

Introduction

On September 20, 2012, the National Institute of Standards and Technology (NIST) announced more than 9 million USD dollars of grant awards in support of the National Strategy for Trusted Identities in Cyberspace (NSTIC).

The grants were awarded to five consortiums. All of the big. All of them representing different views and technologies with strong focus on identity, security, and trust.

NSTIC Background

While many identity and security professionals are familiar with the Obama administrations NSTIC program, many international professionals are not. In order to address all of KuppingerCole’s constituents, some background information is useful.

The impetus for the NSTIC policy move by the Obama Administration is part of the Cyberspace Policy Review published in June 2009. The administration appointed Howard Schmidtin a new Cyber Security Coordinator position. Schmidt is a well-known security expert and is experienced in international security policies and technologies.

On Tuesday, December 22, 2009, Schmidt was named as the United States’ top computer security advisor to President Barack Obama. Previously, Schmidt served as a cyber-adviser in President George W. Bush’s White House and has served as chief security strategist for the US CERT Partners Program for the National Cyber Security Division through Carnegie Mellon University, in support of the Department of Homeland Security. He has served as vice president and chief information security officer and chief security strategist for eBay.

Prior to joining the Obama Administration, Schmidt served as President of the Information Security Forum and President and CEO of R & H Security Consulting LLC, which he founded in May 2005.He was also the international president of the Information Systems Security Association and a board member of the Finnish security company Codenomicon, the American security company Fortify Software, and the International Information Systems Security Certification Consortium,commonly known as (ISC)². In October 2008 he was named one of the 50 most influential people in business IT by readers and editors of Baseline Magazine.

Source: Wikipedia

Under Schmidt’s direction and managed by NIST, the first draft of NSTIC was published in draft form in June of 2010. The draft received much criticism for the lack of privacy protection for individuals and the size of the role played by the government. A final draft was rewritten and published in May of 2011. In the final draft, the role of the government was reduced and privacy issues were addressed.

The stated objectives of the NSTIC initiative are:

NSTIC is a White House initiative to work collaboratively with the private sector, advocacy groups and public-sector agencies. The selected pilot proposals advance the NSTIC vision that individuals and organizations adopt secure, efficient, easy-to-use, and interoperable identity credentials to access online services in a way that promotes confidence, privacy, choice and innovation.
“Increasing confidence in online transactions fosters innovation and economic growth,” said Under Secretary of Commerce for Standards and Technology and NIST Director Patrick Gallagher. “These investments in the development of identity solutions will help protect our citizens from identity theft and other types of fraud, while helping our businesses, especially small businesses, reduce their costs.”
NSTIC envisions an “Identity Ecosystem” in which technologies, policies and consensus-based standards support greater trust and security when individuals, businesses and other organizations conduct sensitive transactions online.
The pilots span multiple sectors, including health care, online media, retail, banking, higher education, and state and local government and will test and demonstrate new solutions, models or frameworks that do not exist in the marketplace today.

The Announcement

As expected, NIST picked big consortiums with big ideas for identity and trust across a broad spectrum on technologies and market segments. Here is what the basics are about its choices for the consortiums:

“These five pilots take the vision and principles embodied in the NSTIC and translate them directly into solutions that will be deployed into the marketplace,” said Jeremy Grant, senior executive advisor for identity management and head of the NSTIC National Program Office, which is led by NIST. “By clearly aligning with core NSTIC guiding principles and directly addressing known barriers to the adoption of the Identity Ecosystem, the pilot projects will both promote innovation in online identity management and inform the important work of the Identity Ecosystem Steering Group.”

The grantees of the pilot awards are:

The American Association of Motor Vehicle Administrators (AAMVA) (Va.): $1,621,803
AAMVA will lead a consortium of private industry and government partners to implement and pilot the Cross Sector Digital Identity Initiative (CSDII). The goal of this initiative is to produce a secure online identity ecosystem that will lead to safer transactions by enhancing privacy and reducing the risk of fraud in online commerce. In addition to AAMVA, the CSDII pilot participants include the Commonwealth of Virginia Department of Motor Vehicles, Biometric Signature ID, CA Technologies, Microsoft and AT&T.
Criterion Systems (Va.): $1,977,732
The Criterion pilot will allow consumers to selectively share shopping and other preferences and information to both reduce fraud and enhance the user experience. It will enable convenient, secure and privacy-enhancing online transactions for consumers, including access to Web services from leading identity service providers; seller login to online auction services; access to financial services at Broadridge; improved supply chain management at General Electric; and first-response management at various government agencies and health care service providers. The Criterion team includes ID/DataWeb, AOL Corp., LexisNexis®, Risk Solutions, Experian, Ping Identity Corp., CA Technologies, PacificEast, Wave Systems Corp., Internet2 Consortium/In-Common Federation, and Fixmo Inc.
Daon, Inc. (Va.): $1,821,520
The Daon pilot will demonstrate how senior citizens and all consumers can benefit from a digitally connected, consumer friendly Identity Ecosystem that enables consistent, trusted interactions with multiple parties online that will reduce fraud and enhance privacy. The pilot will employ user-friendly identity solutions that leverage smart mobile devices (smartphones/tablets) to maximize consumer choice and usability. Pilot team members include AARP, PayPal, Purdue University, and the American Association of Airport Executives.
Resilient Network Systems, Inc. (Calif.): $1,999,371
The Resilient pilot seeks to demonstrate that sensitive health and education transactions on the Internet can earn patient and parent trust by using a Trust Network built around privacy-enhancing encryption technology to provide secure, multifactor, on-demand identity proofing and authentication across multiple sectors. Resilient will partner with the American Medical Association, Aetna, the American College of Cardiology, ActiveHealth Management, Medicity, LexisNexis, NaviNet, the San Diego Beacon eHealth Community, Gorge Health Connect, the Kantara Initiative, and the National eHealth Collaborative.
In the education sector, Resilient will demonstrate secure Family Educational Rights and Privacy Act (FERPA) and Children’s Online Privacy Protection Act (COPPA)-compliant access to online learning for children. Resilient will partner with the National Laboratory for Education Transformation, LexisNexis, Neustar, Knowledge Factor, Authentify Inc., Riverside Unified School District, Santa Cruz County Office of Education, and the Kantara Initiative to provide secure, but privacy-enhancing verification of children, parents, teachers and staff, as well as verification of parent-child relationships.
University Corporation for Advanced Internet Development (UCAID) (Mich.): $1,840,263
UCAID, known publicly as Internet2, intends to build a consistent and robust privacy infrastructure through common attributes; user-effective privacy managers; anonymous credentials; and Internet2′s InCommon Identity Federation service; and to encourage the use of multifactor authentication and other technologies. Internet2′s partners include the Carnegie Mellon and Brown University computer science departments, University of Texas, the Massachusetts Institute of Technology, and the University of Utah. The intent is for the research and education community to create tools to help individuals preserve privacy and a scalable privacy infrastructure that can serve a broader community, and add value to the nation’s identity ecosystem.

High Level Analysis

In terms of government initiatives, NSTIC has been moving at lightning speed. Jeremy Grant has been a proactive advocate of the initiative and is articulate and capable leader. It shows from the choices of these consortiums and their constituents.

At the same time—9 million dollars spread across five initiatives; each with many mouths to feed—does not go very far and can be used up very quickly. It will be interesting to see how far each will proceed over the next twelve months. I chose 12 months because I can’t see how the money awarded to each group will last much longer than that.

Each group will need to put a plan together and execute in that time frame if they are to survive.

Over the next short period, we will take a closer look at each initiative, what their respective architectures look like, and what the specific objectives are in their roles in the identity ecosystem outlined my NIST.

Of course, I will be paying special attention to what each consortium has planned as an API Economy strategy. Each will need to have a solid API design that gives all of the other groups API access to all of the services through both the Web Services legacy (SOAP) and the emerging API Economy imperative (RESTful).

If each group does not have a solid SOAP/RESTful API strategy, they simply will not succeed—either individually or as a whole.

I know it sounds strange coming from me that an organization should continue embracing the SOAP legacy, but there are just too many government and non-profit organizations that cannot afford to jump to the real world quickly and must continue carrying the burden of the past. So it is sometimes.

Of course there are many more issues involved with success of this initiative beyond APIs, these issues will be covered more in depth in subsequent KuppingerCole reports and activities at the EIC Conference in May 2013.

Nonetheless, we see this movement by the NIST of granting these award as positive and will have reverberating impact on the Identity community—across the glove—for the good for some time to come.

→ No CommentsTags:

Salesforce Identity

September 21st, 2012 · feature, Identity, Innovation, The API Economy

go ahead and share


Identity Management as a Service (IdMaaS) gets a new 500lb guerilla

Introduction

When I first heard of Salesforce’s Identity announcements this week at Dreamforce, I was reminded of the old joke “Q:Where does a 500lb. gorilla sit? A: Anywhere he wants.”

Salesforce Identity makes Salesforce the new 500lb gorilla in the Digital Identity jungle.

Announcement Details

You can read the basic details of the announcement on Chuck Mortimore’s blog. Here is a quick summary:

What is Salesforce Identity?

Salesforce Identity provides Identity and Access Management (IAM) services for Web and mobile applications, delivered through the simplicity, transparency, and trust of the Salesforce Platform.

  • For users, Salesforce Identity means no more frustration juggling passwords for each application. Login once and seamlessly access all your applications and data using Single Sign-On from a single, social Identity.
  • Administrators gain control and flexibility over access to applications by automating identity and access management processes through the simplicity you’ve come to expect from Salesforce.
  • CIOs can leverage existing authentication investments, while gaining control and peace-of-mind over your cloud investments via centralized reporting and deprovisioning.
  • Developers can build Web, mobile or tablet applications on the Salesforce Platform or on any third-party platform through simple standards based integration.
  • ISVs can tap into the power and distribution of AppExchange and Login with Salesforce regardless of where their app runs, be that Force.com, Heroku, mobile, or any other cloud.
High Level Analysis

I find is so fascinating that the laggard in joining the Cloud Computing parade—Microsoft—was the first to announce an IdMaaS initiative in a very low key understated way. And that the leader in the SaaS movement—Salesforce—shouts its IdMaaS strategy from the rooftops at its mainstream technology conference with Marc Benioff leading as the main spokesperson. It so underlines how clueless Steve Ballmer is to the issues facing Microsoft and its customers.

Identity, and solving the problem of Identity in a Cambrian Explosion of Everything is job 1.
  • There are some people at Microsoft that know this. This does not include Steve Ballmer.
  • As of today, everybody at Salesforce knows it and can’t avoid it. Marc Benioff made the announcement and outlined the vision for Identity in Salesforce’s future.

Putting it another way, the Computing Troika—Cloud Computing, Mobile Computing, and Social Computing—have forced to surface the issue of digital identity being the keystone technology issue for everything.

Without a tractable implementation of identity for the entire industry to use—think IdMaaS—all entrances to the future of computing collapse—the identity keystone holds it all together.

With Salesforce entering the IdMaaS business with its substantial vision, leadership and technology resources cannot help but have a positive effect for everyone in the long term.

Of course we will have to wait and see exactly what Salesforce delivers in the initial IdMaaS implementation, but Chuck Mortimore has an impeccable track record and knows his stuff.

I am impressed and will follow up after more information is available.

→ No CommentsTags:

SAML is Dead! Long Live SAML!

September 19th, 2012 · Daily Thesis, feature, Identity, The API Economy

go ahead and share


Answers to the unanswered questions from the webinar

Introduction

Last Friday on Sept. 14, Pamela Dingle—Sr. Technical Architect from Ping Identity Corp.—and I conducted a free webinar about the much ballyhooed demise of SAML.

You can view the webinar in its entirety on the KuppingerCole website.

To us, the best measurement of interest in any given webinar is the drop off rate. Just how many people drop off during the presentation? We were very pleased in the interest of the topic for the number of attendees and for that fact that no one dropped off from the presentation and Q&A.

However, we did not have the time to answer all of the questions presented. The following is a sequence of questions and answers that were left open.

It could be a little disorienting to read this Q&A if you didn’t attend the webinar, I recommend watching the webinar first to avoid any confusion or misunderstanding.

Webinar Questions and Answers

Q: Since the organizations are still not migrated entirely to API, i.e. still we have web browser based applications. So my question is instead of implementing different solutions one for browser based applications and one for API. Do you suggest a common way to support both the users? Thanks

A: Using APIs does not preclude using the browser to access the information and resources provided by the API. In fact, using the browser for API access is quite common. The sub context of this presentation is that it is not limited to the request-response browser model that we know and love for traditional applications. We are now moving beyond the model to an interactive model.

Q: As a follow up these companies could help us “leap frog” to newer protocols very quickly much like some countries skip the notion of “land line” because it’s easier to deploy cellular.

A: Great metaphor. Indeed the combination of RESTful API interface (HTTP), OAuth, JSON, UMA, SCIM, and webhooks are the technologies that I think are the leapfrog technologies.

Q: Many companies are outsourcing IT functions to outside providers, at what point do we just take this to the n-th degree and just let an org like Google or Apple handle identity for us? Is that too scary?

A: I think the answer lies in a simple question, is it the vendor that manages your identity your customer, or are you their customer. If the answer is the latter, it is very scary indeed. As long as we have the expectation of having Identity Management be free, and act as customers of the vendors that provide that service, they will be monetizing our identities to pay for the service. It will be up to the corporation or individual to choose which direction to take.

Q: What about devices not directly linked to people? I.e. do you have numbers that include the Internet of Things?

A: I tried to keep the numbers focused and understandable. Including inanimate and non-digitized items just increases the whole argument. Look for more info on numbers in future conversations.

Q: Have you considered the impact of the availability of global identities on the problem you sketched?

A: I don’t think the availability of a global identity reduces any of the issues in the arguments. Global identities—assuming it will ever happen—just compounds the problem.

Q: Ok, Craig, how do you deal w/ 2.8B identities – who numbers them? Who vets them? What fraud is possible? What is the metasystem – and does it really matter whether it is OAuth/SAML/OpenID?

A: This is a multipart question and I will answer them in turn. First off it is 28 billion and not 2.8. 1). Different organizations—both open and private—will number these entities. 2). Some of them will be vetted and some not. This becomes a big problem we are still grappling with, especially when no single Identity Provider can even be considered to be the validation resource for even a fraction of the entities we are talking about. Look for more information on Trust Frameworks to understand more on this topic. 3). Yes, fraud is possible. Fraud will always be an issue. It needs to be minimized. I think we are on an encouraging course to resolve these matters. 4). The only Metasystem proposed so far is the Identity Management as a Service architecture being designed by Kim Cameron at Microsoft in the form of Azure Active Directory. 5). Finally, in the end the protocols won’t matter just as the argument of CSMA vs Token Ring no longer matters. We will simply moved up the stack. It gets a little more complicated at this level because there are no more layers in the stack to move up to. This is all layer 7 stuff. Layer 7.5?

Q: Will you to be talking about this at IIW 15?

A: I am registered for IIW 15 and plan to attend. I will coordinate with Pamela to see if we can repeat this session during the conference.

Q: Just want to echo Pam’s point that the combinatorial explosion is over estimate. Not all users & devices will connect to all services. The real world ecosystems sees users congregate in niches.

A: I think the combinatorial explosion is an underestimate. Pam’s soft pedaling of the numbers are still staggering. If you recall, she thought that most organizations could look at the provisioning of devices in the 1000s or 10s of thousands. OK. To date, anything over 150 starts to create huge administrative overhead. This is not going to go away or be minimalized by downplaying what has already happened. 400M iOS devices alone. The numbers are staggering.

Conclusion

Thanks for the great questions and participation. I look forward to seeing people at IIW. I encourage anyone who attended this conference to attend IIW and the EIC next May in Munich.

→ No CommentsTags:

Identity in a Post-PC Era

September 18th, 2012 · Daily Thesis, Identity, The API Economy

go ahead and share


How 400M iOS devices changes everything

Most of the planet at least paid a little bit of attention to the announcement of the iPhone 5 on Sept. 12th. The anticipation for the announcement was so high, that sales of the iPhone 4 and iPhone 4s actually dipped some in the last quarter.

While I like all of the things Apple has done with the new iPhone — and I have already ordered mine — I found the other information given at the announcement to be astounding.

The numbers — presented in the keynote by CEO Tim Cook — were more than just significant. Especially when viewed from the perspective of the KuppingerCole API Economy Axioms.

These axioms are based on The API Economy phenomena that is occurring at the same time and the computing troika trends—cloud, social and mobile computing.

The API Economy Axioms

  1. Everyone and everything will be API-enabled
  2. The API Ecosystem is core to any cloud strategy
  3. Baking core competency in an API-set is an economic imperative
  4. Enterprise inside-out
  5. Enterprise outside-in

Axiom #1: Everything and Everyone will be API-enabled

Understanding the first axiom is straight forward. KuppingerCole envisions that everyone — meaning all entities not just people — and everything — even non-smart objects — will be API-enabled. It is also understood that being API-enabled necessarily requires at least one identity for everyone and everything. And in reality, almost everyone will have multiple personas and relevant identifiers and therefore multiple identities.

Now that I have set the context with Axiom #1, let’s look at what Mr. Cook talked about.

He first gave us the total number of iOS devices to date. I knew the total was large but I had no idea just how large. As of the end of June 2012, there are a whopping 400M iOS devices. The rest of the numbers are just as mind boggling.

  • 400 million iOS devices
  • 700,000 apps in the app store
  • Average person uses 100+ apps
  • 84 million iPads
  • 68% market share of the tablet market
  • 17 million iPads sold during April-June 2012
  • 94% of Fortune 500 investing in or deploying iPads at work

Now let’s add Cisco’s recent predictions to the mix.

  • 2.5 connections for every person on earth (19 billion) by 2016
  • 3.4 billion Internet users (45% of the planet’s population) by 2016
  • 1.3 zettabytes of annual IP traffic (Zettabyte = one sextillion or 1E+21) by 2016. This is four times as much traffic as in 2011.

If you follow the logic of my argument, there will be 20+ billion APIs all needing distinct identities by the year 2016.

Apple’s revelation of the actual numbers of iOS devices not only shows us that we are well on our way to that number, but in all likelihood we will surpass all predictions my some margin.

What does all this Mean?

The way we have been federating identities across domains using federated naming systems will simply not scale to address the needs we already have.

The wave of device proliferation isn’t coming in the future, it has already washed over us and is causing big identity related issues.

We all need to understand this phenomena and begin to engage in addressing the matter in an intentional way.

Let me explain a little more.

Today, all federated naming systems designed to map IDs to services are Admin-intensive. They all require and admin to make and verify the mappings by hand. One by one.

If you do the math, it would take more than a 640,000 admins working round the clock 5 years to get all of the mappings completed. And that is if it only takes 10 min or so per mapping and there are no mistakes.

In other words, today’s approach isn’t going to cut it.

We are in much need of an automated method to provision federated naming systems.

The good news is that there are initiatives a foot that could help us in these matters.

  • OpenID Connect — API specification for SAML and other protocols using OAuth 2.0
  • OAuth 2.0 — Standardized authorization delegation protocol
  • SCIM — System for Cross-domain Identity Management — standardized provisioning protocol
  • UMA — User-Managed Access — standardized user-managed Identity management protocol

Summary

The need to understand the identity explosion is not something that is in the future.

It already upon us.

We need to begin understanding the new wave of standards that will allow organizations to automate identity management in the enterprise post-haste.

There are dangers that need to be considered along this post-haste path.

None of the protocols — despite their rapid standardization tracking — have been proven to be tractable or robust enough to handle the extreme situation they are being thrust into.

We are in new — very exciting and rewarding — territory.

It is critical that we educate ourselves about the issues and keep abreast of what is happening.

Stay tuned.

Comments are welcome.

→ No CommentsTags:·

Alex’s First Needlepoint Project

July 22nd, 2012 · feature, life

go ahead and share


This was filmed in 1994. There are some touching and funny scenes.

Enjoy.

→ No CommentsTags:·

A Christmas Drama

July 12th, 2012 · life

go ahead and share


A very funny version of the Christmas story.

Kathy was reading the story and dramatically exclaimed, “A Babe is born a Babe is born.”

In classic fashion Andrew responded “text all your friends.”

→ No CommentsTags:··

A Fish Story

July 12th, 2012 · Daily Thesis, life

go ahead and share


My son Jay loves to fish. On one trip to Hawaii we decided to go deep sea fishing. We hired a big boat. We found the famous Capt. Went to the dock at 5 AM. When the first mate brought up the fishing poles I had never seen fishing poles so big.

We fished all day long. Without a single bite. Finally the Capt. said ” one more time around the bay and we will go in”.

At that moment off in the distance I saw a huge patch of roiling water come towards the boat. Instantly all of the fishing poles were hooked with fish. Jay and I began to reel our fish in. We had both caught some good size tuna. Jay reeled his in first. As I reeled my tuna in I leaned over the boat to bring it in. Suddenly I saw a huge flash of light. From the depths of the sea a large mouth reached up and grabbed the tuna on my hook.

The first mate in the captain knew what happened and instantly jumped into action. The first mate put away all of the other fishing poles. He set up the fisherman’s chair. Everyone looked at me and asked who was going to bring the fish in. After all the fish had taken the bait on my hook. I don’t even like to fish. Scan328

“Jay” I said “The honor is yours.”

Jay jumped into the seat and the first mate strapped him in and handed him the pole. In the meantime the Black Marlin had taking the bait to the bottom of the sea. For the next Scan581two hours Jay, the captain, and the first mate reeled in the prize. It was like pulling in a Volkswagen from the bottom of the sea.
Scan336
Pulling the big fish onto the boat took all four people.

As we navigated to the dock the captain raised the flag indicating we had captured a Marlin. By the time we got the docket crowd had appeared. The captain in the first mate raised the prize on the dock.
Scan349
We took turns taking pictures. Once I turned around I saw several people who would come to the dock taking their own pictures with the fish.

It turns out the big fish was a record catch over 800 pounds. It was the largest Black Marlin caught on Kona Island to date.

I will never forget the experience of the big one that didn’t get away.

Scan335

Scan337

Scan352

Scan580

→ No CommentsTags:·