Beyond a Shadow of a Doubt: The Politics of Identity Management
I am at the Austrian/German/Mexican/US CIO Exchange in Washington DC. Today we are at the CSC world headquarter in Falls Church. We are discussing identity management. CSC set it up with the song “beyond a shadow of the doubt†and 9/11. Identity management as a security challenge. Is this how you would frame it?
Identity management is a core function of any collectivity, therefore, we think about it in different terms in different disciplines (political theory, public policy, business, psychology, etc.). And as we are moving to network society, we need to ask fundamental questions about it.
On the most abstract level, identity management is a set of technologies and process that manage the life-cycle of users, authenticate them and authorize access to resources. It is a relative concept, meaning that identity management should be in proportion to the needs, so ask questions like: What resources are your protecting? What policies govern the resources? How do you translate policy into user attributes? How do you assure compliance? Is the solution standards-based? Is it inter-operable? The CSC approach is to (a) create a vision, strategy, and roadmap, (b) develop identity manager, access manager, and federation manager (an approach that enables the users of one organization to easily and securely access the data and applications of another).
This very important aspect of collective life is at the moment driven by the solutions that vendors can provide (vendor-driven theorizing). We as the netizens/digital natives of this world need to learn to participate in this discourse and start playing the politics of identity management. What are your major concerns concerning identity management in network society?
The main thing digital natives need to know is that there IS a discourse on identy taking place. Aside from the government and the business sector, a limited amount of NGO’s and academics are actually aware of and involved in said discourse.
The major concern, in my humble opinion, lies in the fact that most of the stan-dards and solutions for identity issues are currently vendor driven. This fact makes it a pretty safe bet to assume that most fundamental decisions concerning identity management innovations are being made in consulting firms and chosen for imple-mentation during meetings with government officials. Civil society is left out and must be content to react to the effects of said decisions (again, unawareness of the discourse).
So we have enterprise-centric identity management being implemented in the pub-lic sector while a citizen-centric focus on what information individuals choose to make available and used for management is collecting dust.
An underlying principle that must prevail (informed in part @ the Aus-trian/German/Mexican/US CIO Exchange in Washington DC) is that the use of pro-gressively more invasive identity management procedures must be accompanied (and consequently justified) by the creation of additional public value (or the pro-tection of existing value).
The main thing digital natives need to know is that there IS a discourse on identy taking place. Aside from the government and the business sector, a limited amount of NGO’s and academics are actually aware of and involved in said discourse.
The major concern, in my humble opinion, lies in the fact that most of the stan-dards and solutions for identity issues are currently vendor driven. This fact makes it a pretty safe bet to assume that most fundamental decisions concerning identity management innovations are being made in consulting firms and chosen for imple-mentation during meetings with government officials. Civil society is left out and must be content to react to the effects of said decisions (again, unawareness of the discourse).
So we have enterprise-centric identity management being implemented in the pub-lic sector while a citizen-centric focus on what information individuals choose to make available and used for management is collecting dust.
An underlying principle that must prevail (informed in part @ the Aus-trian/German/Mexican/US CIO Exchange in Washington DC) is that the use of pro-gressively more invasive identity management procedures must be accompanied (and consequently justified) by the creation of additional public value (or the pro-tection of existing value).
Just came and read, this is wow! I was seek from many blogs, but here is the best, I love it.