Identity Matters

I am excited to post my first blog entry! If you like it, please comment. If you don't like it, please comment too - but keep in mind that it is my first blog entry, and be forgiving.

First a few words about myself. My name is Felix Gaehtgens, and I am one of the founders of Symlabs, which we started roughly five years ago. Symlabs is a company that specializes in Identity Management Infrastructure. That has a nice ring to it, doesn't it? "Identity Management" - I'm sure you've heard the term before.

Identity Management is a hot topic these days - with many articles, vendors, analysts and even full conferences on the topic. What is Identity Management actually? At a very high level glance, it is a combination of business and technical processes to manage information about people and things. This information is critical to identify users, and facilitate their access to information and services. Sounds familiar? It doesn't seem to be a very new or very glorious concept. In fact, we've been doing it for many generations. The term itself is not too old, however. I am not sure when I first heard about it - honestly this was quite a few years back, but certainly not as long as I first logged into the "World Wide Web" - a somewhat experimental line-mode hypertext system that you could access by telnet'ing to info.cern.ch and logging in as "www".

Anyway, before I get distracted - so what about managing information to identify users and facilitate their access to information and services? During those times, that was almost a synonym for a username and a password. At the company I worked for during that period, if you started to work there, they sent you to see me. I then created an account on our server, and gave you a password, together with a small lecture on why you should keep your password secret, and not write it together with your username on a post-it to stick on your monitor. This username and password gave you not just access to e-mail (a fairly exotic technology still at that time), but it also allowed you to store your files on a file server, and to share a printer with other users on the network. When you left the company, you probably stopped in to say "bye", but even if you didn't, I would remove your account. In the time between, I might have been involved in changing your password because you forgot it, or your post-it fell down and was sucked into a vacuum cleaner. In other words, apart from many other things that I had to do or should have been doing, I was the "Identity Manager" of the company, although at that time I would have never dreamed to be called that (actually I would have probably smirked at that exotic expression at that time).

In a nutshell, that's the dark history of Identity Management. If you care, you could even take the concept way further back, up to the times when, as a traveling member of your tribe, you were identified by destructively marking your body in a particularly visible way, or you were handed an object (usually carefully crafted), the possession of which would clearly identify you as a member of the trusted group - unless you fell into the hands of the enemy, who would use this evidence of your identity to justify doing all sorts of nasty things to you. Or maybe you weren't handed a physical object - instead, you may have been given a phrase, or a motto, or something to remember. In short, something that identified you was something that you had, or that you knew, or that you were. As you see, the concept of identifying people (and consequently doing them good or evil) has a long history.

But back to (current) reality. What is Identity Management really, nowadays? You will hear that it's about password management; single sign on (SSO) provisioning and deprovisioning; access control; delegated administration. All true, and even more. So why should you care? If you're a user, then you'll be mostly concerned about privacy. And rightfully so. After all, hey - you don't want everybody to know your bank details ... or even your phone number ... or even your address ... or any other information about you. But that's another topic. If you are an IT professional or an executive, you will most definitely care, because Identity Management is about protecting your investment, and also about growing your business. Protecting, in terms of controlling access to information and resources. Growing your business because Identity Management enables you to do more business safely, and especially do it faster.

I am passionate about technology, which is good, because it also happens to be my job. Therefore I will not be drawing philosophical circles over the concept of identity; or what gives us an identity; or why this is good, bad, or indifferent. I do believe that civil rights and their acceptance are the culmination of society, but I will not be going into sociological studies on why and how our privacy should be safeguarded. I am NOT trying to make a political statement here, just to be eloquent, so please do not interpret too much into the previous sentences. Instead, I will be focusing on the technical aspects of Identity and Identity Management, and especially the technology, and in doing so I shall also be explaining what constitutes Identity Management Infrastructure and discussing ideas that put it to good use. Which is what I get paid for, incidentally.

Stay tuned!
- Felix