Lessig's Presentation

Aside from the brilliance of his presentation style, Lessig has an important message. His message was that an internet 9/11 is coming, which will result in an internet version of the Patriot act. This work is already under way with the Identity gang and Kim Cameron at Microsoft. The identity layer, an identity metasystem will enable traceability and regulability. Lessig's call for action was to have we as technologists involved in framing and shaping the discussion in order to preserve the generative, free, Internet we enjoy currently. He offered no clear way for us to get involved short of getting off the PC and getting into the political arena to help counter the perception of the Internet as a series of 'tubes'.

I also got to ask him about the CC license and the Microsoft Zune. His reply was that DRM much like the Patriot Act was a poorly crafted, poorly implemented technology. He suggested that the conversation with Microsoft and Apple (even Apple is guilty of catering to the DRM Nazi's) has been started and that its an important one for the digital rights world.

Gartner Identity Conference

Very very good information coming out of this conference to date. Gartner is great for making solid recommendations on a range of things. Here's the overview so far:

Identity & Access Management is just a small piece of the pie

No one vendor does it all well yet

Radically different approachs exist.

The space is changing, look for model driven identity or policy based IAM to replace what exists today.

No one directory for all needs BUT...

One respository for all identity information should exist

Network access will tie in with IAM in the very near future.

Neil McDonald's presentation this morning was very very insightful.

And of course Lawrence Lessig spoke this morning!!

Lessig's Presentation

Aside from the brilliance of his presentation style, Lessig has an important message. His message was that an internet 9/11 is coming, which will result in an internet version of the Patriot act. This work is already under way with the Identity gang and Kim Cameron at Microsoft. The identity layer, an identity metasystem will enable traceability and regulability. Lessig's call for action was to have we as technologists involved in framing and shaping the discussion in order to preserve the generative, free, Internet we enjoy currently. He offered no clear way for us to get involved short of getting off the PC and getting into the political arena to help counter the perception of the Internet as a series of 'tubes'.

I also got to ask him about the CC license and the Microsoft Zune. His reply was that DRM much like the Patriot Act was a poorly crafted, poorly implemented technology. He suggested that the conversation with Microsoft and Apple (even Apple is guilty of catering to the DRM Nazi's) has been started and that its an important one for the digital rights world.

Gartner Identity Management Conference Summary

WOW. I am really proud. Apollo is ahead of the curve in SOOO many ways. Now mind you we're not at the apex of Gartner's Maturity Model which is Policy Based (and yes that is our new target) BUT...

We're at the Virtualized stage, our objectives now are increasing business efficiency to reduce costs in labor intensive or time intensive business activities.

A whopping 73% of Gartner customers DON'T do automated user provisioning. Likewise, all the products we looked at have CRUDE interfaces, ill defined interactions, and are still half baked. Even Oracle, the best identity and access management suite on the market today is only a rebranded amalgam of their most recent acquisitions. It introduces yet another workflow technology, it has gaps in what it can and can't do, namely business roles and role governance. For that it recommends we leverage someone like Bridgestream, which has yet another web interface for business users to use in requesting business roles (apparently only IT users use Oracle Identity Manager to request IT only roles) and yet another workflow engine for our support teams to learn. Add to that the spartan and un-intuitive interfaces on both products, and we look like rock stars.

We are in fact rock stars, what we've done and in the time that we've done it is nothing short of miraculous. We're in the top 27% of Gartner customers for user provisioning and I'm quite sure we're even higher considering the periodic audits we've been doing for a full year this month. At the user round table I attended Thursday, I was ahead of all but one customer and even then we had features and maturity that they were only now starting to consider.

So, considering all of this, where do we go next? Well there are still significant gaps in our offerings, and most certainly, opportunities for growth. Here's the short list of things we're missing or needing to improve upon:

UI: what we've got in the CAP UI is extensible, robust in comparison, far easier to user and more elegant than anything we saw at the conference. But being the rock stars we are we cant settle for success. Let's take it to the next level, let's simplify the UI and make it clean. We'll engage the HCI team in order to get this done. Think of the good Web 2.0 designs we've seen like Google, Skype, Delicious, and you'll have an idea of what it is that we want to do.

On-boarding: We need to simplify the on-boarding process for all new users. CAP can still be the place we go for on-boarding contractors. But when we hire staff or convert contractors to staff we HAVE to vastly simplify and streamline that process. Users shouldnt have to go from HR to CAP to put in access requests. Likewise, we should be able to identify people as existing identities when we provision them so we dont end up with duplicates. Every vendor has this, so should we.

Default access levels: When we on-board people we should automatically grant them a default level of access based on a role. This access would include network access, email, and some combination of roles based on their job code and cost code.

Email access: Its not fully automated provisioning until we include email. This is #1. Enough said.

Role Management: We need a means of adding or removing roles within CAP, the identity management environment, and downstream in the applications. This is a larger, multi-year goal but one we should pursue nonetheless. We should include some manor of reporting all the roles and role mappings in the system as well as who has these roles and who is in violation of the conflicting role policy. Role policy shouldnt be an Excel spreadsheet. That's just plain embarassing for a rock star.

Role simplification: We need to work on reducing role proliferation and streamline what we have to be more reflective of the true business roles. We should include some definition of what exists withing EMS.

LONG TERM GOALS:

RFP for IAM Suite: We should look at what we have versus what's available in the industry. We'll need to get some scope definition in place, then we'll engage Gartner to craft a proper RFP. Once we've got that we'll send it to the major players to see who responds. I'm anticipating we'll evaluate IAM Suites from Oracle, Sun, Microsoft, and IBM, with the outside possibility of BMC. We should narrow that down to 2 vendors within 3-4 months and then do POC's with both. Based on the results of the POC, we'll select a vendor and engage Purchasing for the contract. Here's the timeline for the RFP:

December - January: Scope Definition. We'll need to work on getting the list of applications we have as an enterprise, then list what it is we have in terms of IAM support for all of them. Once we've got that we'll draft the RFP with Gartner.

February - March: Draft the RFP with Gartner. Vet it with the business. I'm anticipating 2-3 days with Gartner on site potentially.

April - May: Send out RFP and await responses.

June - August: Vendor on site meetings, demo's, and selection. I'm anticipating we'll make #1 and #2 offers by the end of August.

September - October: POC one and two.

November - December: Work with Purchasing to sign contracts. Begin to plan phased roll out.

IMPORTANT NOTE: An important option we have open to us throughout the RFP process is to pass on all vendors before or after the POC(s). The relative immaturity of the market, the relatively high prices, and the relative maturity of Apollo's IAM infrastructure by June of 2007 could suggest we pass on all vendors for 2007-2008.

The rationale behind the drive to select a single vendor or at minimum 2 partial vendors is to reduce the manpower needed to build and deliver identity and access management as well as to move away from something thats completely customized and labor intensive to own and operate. Our development resources should be able to get to a point where they are focusing on integration and delivering services to our fellow application developers in accordance with the service based model. This is very high level, very rewarding work. And then finally, when we're ready to tackle transitioning to a policy based model, our developers will very likely use a single vendors tool(s) to assist our business end users in defining and implementing their business policies in terms of identity and access management policies.

Presenting at IAM2: Next year, I want to be on stage at Gartner in Los Angeles talking about the best company with the best IAM team on the planet. I want to wow our fellow Gartner clients. I want them to base a case study on us. I want us to have to wear shades on stage that day, not because the lights are too bright, but because our FUTURE is SO bright we've got to wear shades.

Road map meeting

Ultimus web service step to BPEL doesn't work
consider re-visiting the BPEL WS to see whats different about the SOAP Headers or use .NET FB to call WS

Conclusions:
Web and Ultimus layer separation need to wait till Dec/Jan time frame. Even then we should deploy a beta to power users. Implement new CAP by March 1
November time frame, stabilize and analyze code in CAP for Dec Periodic Audit. Limited functionality changes. Steve to spearhead CAP Code Cleanup. Greg to spearhead memory increase on BPM. Mary to spearhead possible staggered audit
3.2.5 is new apps and roles - task and sub task breakouts to be added along with estimates
3.3 is BPEL batch and single Mgr approval, along with new HTML and Usability changes
3.4 is TBD but is targeted for late November.

Steve and Mary to work on budget for development to give to Mark
Greg to work on getting pulse of business requests and re-initiating stalled projects, Contractors and Role Governance

regular release and iteration planning meetings will occur until we stabilize the process

Trying out the new Windows Live Writer

 Think. Think about the current world's situation. The world is embroiled in two great cultural seismic changes. One is the battle between fundamentalists. Hindu's versus Muslims, Jews versus Muslims, Christians versus Muslims, and it extends into the various sects therein. Sunni's versus Shiites, Catholics versus Protestants, orthodox versus non-orthodox.

The second great battle is more subtle but engenders more animus from the aforementioned, seemingly intractable, enemies. Its the battle between progressivism and fundamentalism. This battle is cast in terms of heresy, godlessness, abomination, and apocalypse.

Some would cast the headlines of the day in the context of the battle against progressivism. Certainly, wahabis and jihadis both claim to be saving Islam from the progressivist Americans, Jews, Christians, etc. To their way of thinking democracy, equality, human rights (which extend to atheists, homosexuals, pacifists, anyone undesirable) are an American or Western abomination. They would have us return to the califate wherein the Koran dictated how to govern, a Shariahic state. Many Americans currently choose to see the conflicts in the Middle East in the same fashion, American progressive ideals like democracy being resisted in favor of brutal theocratic or autocratic rule.

I choose to see these conflicts as fundamentalist doctrines with opposing viewpoints. There are those who believe that not only should America 'free' a Muslim society, but we should also help them to choose a proper path, like Christianity, like capitalism, with a Western style culture. Witness the American displeasure and subversion towards freely elected governments like Hugo Chavez in Venezuela, Hamas in Palestine, or Evo Morales in Bolivia. We like progressive ideals when they suit our needs. When they seem to threaten us, we attempt to controvert them or change them by way of executive order. Look at the current administration's disdain for Congress and the rule of law (due process). We openly disdain stem cell research, alternative lifestyles, genetic modification, and any integration of biology and technology.

Moreover, the conservative (read fundamentalist) cultural zeitgeist is one that looks upon antiquity with a sophmoric nostalgia. "Remember the good old days?...." is their modern mantra. Gone are the days of simplicity and bucolic lifestyles that were inherently 'good'. Everything today is modern, complex, and very soon, to be apocalyptic, in its nature. The future is viewed not with optimism but rather a sense of loathing and foreboding.

If the human race to to evolve into a global culture, one progressing on a path to the cosmos and first contact with extraterrestrial civilizations, we must put aside our small minded beliefs. We must grow past national and cultural boundaries and embrace our humanity and our uniqueness in the universe. Only in accepting ecumenical movements, reconciliation, education, and diplomacy in place of war, will we ever be ready for what is truly wonderful, our future. We owe it to our children!