========================================================

The Digital ID World Newsletter - October 17, 2002 Issue

========================================================

Provided by Digital Identity World, LLC.

FORWARDING THIS NEWSLETTER TO YOUR COLLEAGUES IS ENCOURAGED.

If they would like their own subscription, send them to

the Digital ID World web site to sign up at:

-----------------------------------------------------------------

In this Issue:

- Digital ID World Conference Report

- Digital Identity News

- Identity Management Picture Clears

- Identity will affect client structure

- DRM, Copyright Law, and Digital Adapters

- Passport Source Made Available; Linux/Unix Follows

- Federated Identity Confusion

- XNS may become OASIS standard

-----------------------------------------------------------------

==================================

Digital ID World Conference Report

==================================

The first Digital ID World conference is now history, and it was a

seminal event in many ways. The energy level was higher than any

conference I've attended this year, and nearly everyone left thinking

about identity and networked computing in a larger context. Many new

relationships and business deals were initiated. Eric and I will be

reporting on much of what happened over the next few weeks, and some

of the immediate news from the event is covered in the news section

below.

One of the highlights for me was talking in person to so many people

who are thinking about digital identity. Some are new to the subject,

others have spent a lot of time on it already. Key representatives

from government, vendors, enterprise, education, and user advocates

were present, so the conversation touched on nearly every aspect

of identity and computing. After a chat with Jon Udell of Infoworld,

I found that he summarized my thoughts on why digital identity is

center for computing and why now is the time it has come to be the

next issue to deal with better than I ever have:

"Phil believes (as do I) that we are at the end of an evolutionary

phase. The connected computer is fast approaching ubiquity. We've

created cyberspace, but we haven't yet really colonized it because

we lack the organizing principle to do so. Having abolished time

and space, nothing remains but identity. How we project our

identities into cyberspace is the central riddle. Until we solve

that, we can't move on."

This sounds a bit more "cosmic" than I quite see it, but it does

get at the key issues that face us, and why I am involved in

Digital ID World. Thanks Jon; count on me borrowing this way of

stating my position when appropriate :-)

The conference illuminated how the understanding of Identity

Management and security in the enterprise has progressed in the

past six months as well. Most of the educational preambles that

were required then are either no longer needed, or can be done much

more easily. This is a good indicator that many in the enterprise

are starting to see the larger picture and not just the component

parts. The enterprise IT people I talked with at the show

certainly reflected this.

I am currently listening to a Novell conference call where they

are announcing their re-positioning as a Secure Identity Management

company with the focus on their Nsure Secure Identity Management

suite of products, backed up by identity management services

provided in tandem with Deloitte & Touche and PricewaterhouseCoopers.

Look for an article with more detail on this, but my point here

is that I feel safe predicting you will see much more of this

type of positioning in the coming months from many companies.

According to Chris Stone, Novell CEO, "This is the most requested

area of solutions we have seen from our customers in a long time."

Identity is center and that is being seen more every day.

=====================

Digital Identity News

=====================

Straight talk on Web services

http://news.com.com/2102-1082-962118.html

Securing Web Services

http://www.eweek.com/print_article/0,3668,a=32482,00.asp

NAI Rolls out Security Consulting Arm

http://www.internetnews.com/bus-news/print.php/1482601

Identity management and security are becoming seen to be intertwined,

and enterprises want total solutions, not packaged point products.

Web services are finally being seen as not very useful without

identity based security, and so identity management is becoming

seen as a pre-requisite to web services as well. It's all still

a bit fuzzy in many quarters, but the picture is starting to form

and slowly a common way to talk about it is forming as well. And

as you saw in last week's newsletter with RSA and Baltimore releasing

new Web Services security products, the standards to build an

identity-based message link between applications are getting

worked out.

IDC indicates that Identity Management (narrowly interpreted) will

be a nearly $3 billion market in 2002 with its best growth not yet

begun. If nothing else, this will prompt people to start figuring

out what it is all about...

---------------

Building a better browser

As identity gets embedded in Web Services (via WS-Security, SAML, etc.)

look for the browser to start becoming a richer client. Once the

links get more robust and trusted, the applications will move

beyond the current publication based model and begin to make

the application experience feel more tightly coupled to whatever

virtual presentation is being delivered. Identity based computing

is being driven by transaction processing, and a smarter client

compensates for bandwidth and latency issues. So expect the

pendulum to start to swing back in that direction over time as

web services deploy.

---------------

Intel: Digital media adapters to hit market in 2003 http://staging.infoworld.com/articles/hn/xml/02/10/15/021015hnmediaadapt.xml?Template=/storypages/printfriendly.html

Anti-hacking copyright law to get review

http://news.com.com/2102-1023-961783.html

Hollywood's Demands Could Cripple Consumer Technology

http://www.washingtonpost.com/ac2/wp-dyn/A26723-2002Oct15?language=printer

Lawrence Lessig's Supreme Showdown

http://www.wired.com/wired/archive/10.10/lessig_pr.html

Lawrence Lessig's Reflection on Supreme Court Case

http://cyberlaw.stanford.edu/lessig/blog/archives/2002_10.shtml#000531

In last week's newsletter I highlighted the congressional reaction

that is starting to look at what the copyright limits should be. This

week we see that regulators are trying to find their place in this

discussion, that Hollywood's Stalinist approach to the issue is

starting to become discredited, and that an argument took place in

the Supreme Court on what limits the U.S. Constitution places on

congressional power to grant copyright protection. I expressed a

slight hope last week that maybe the entire DRM conversation was

finally starting to mature a bit, and this week's news gives me

further hope that is true.

DRM technology forces us to revisit the entire logic behind copyrights

and patents, something the U.S. founders knew was central to

promoting vital economic activity. The U.S. Constitution is a very

high level document, and not many things are explicitly addressed.

But in Article I, Section 8 it says "The congress shall have the

power ... to promote the progress of science and useful arts, by

securing for limited times to authors and inventors the exclusive

right to their respective writings and discoveries." The founders

knew that this was an area where rights needed to be balanced

between rewarding creativity and allowing the public free access

to that creativity to build on going forward. They clearly wanted

a mechanism to reward that invention for a limited time, and then

have the intellectual property pass into the public domain to

promote further creativity. They seem to have known that this

would be a constant struggle, and that structural mechanisms

to swing the pendulum away from the extremes would be needed.

Any mature discussion of DRM will be informed by this two

century old insight...

--------------

Microsoft pitches Passport code to developers

http://www.idg.net/ic_955463_1794_9-10000.html

Software firm takes Passport outside Windows

http://www.idg.net/ic_956919_1794_9-10000.html

At the Digital ID World conference, Microsoft announced that

the passport client side source code will be made available

to allow ISVs to modify it and use it to build Passport enabled

applications. At the same time, Ready-to-Run Software Inc.

announced that it has been working with Microsoft to make

available Linux and Unix client-side Passport enabling

software. Microsoft appears to be trying to let Passport find

its way into the world to see where it really applies and is

wanted. I still think that Passport is too centralized to

have widespread usage, but this will be interesting to watch

and much will be learned from the experience.

------------------

Liberty Alliance Receives First Ever Identity Award at Digital ID World

http://www.projectliberty.org/press/releases/2002-10-14.html

Users don't want Passport or Liberty

http://www.vnunet.com/News/1135822

Understanding of federated identity and the reasons it is

needed is not uniform (to say the least.) The common

mis-perception that the industry thinks that consumers

will come to want their identity hosted continues to

cloud the understanding of this type of technology. The

driving force for federated identity is inter-enterprise

application integration. Consumers will never focus directly

on identity, but only on the applications it enables.

For an analogy think of the SIM-based device identity

system that is in place for cell phones. It is the essential

technology that eliminated the "cloning" problem that

was so prevalent prior to its introduction. But most

users never even think of this identity system, even as

it enables their access, controls their billing, and

provides security to allow cell phone service to work

on the scale it does.

Focusing on the fact that users will never directly

demand identity is a distraction from examining the

issues of identity infrastructure. Looking for the

"identity killer-app" is only slightly less distracting.

Don't confuse the focus of the technology discussion with

the focus of the reasons for its eventual deployment.

When trying to envision how identity infrastructure will

deploy, a better analogy is to look at how the LAN deployed.

There was never a "killer app" for LANs, and there was

never a "Year of the LAN" despite the search for one.

But one day, we looked around and LANs were ubiquitous.

--------------------

XNS was the happening thing here!

http://sandhill.blogspot.com/2002_10_06_sandhill_archive.html#85549506

The other Digital ID World award went to Drummond Reed

for his long battle to develop the XNS protocol and get

it to be an industry standard. It appears that soon XNS

will become an OASIS standard - if it can pass legal

review a TC will be formed according to Reed. This protocol

is not widely known or understood, but it may be the

biggest thing in identity infrastructure once it is.

Then again, maybe it will just be another elegant design

that fails in the marketplace. Stay tuned...

The Identity Conversation continues...

Phil Becker

Editor, Digital ID World

-----------------------------------------------------------------

Please send your comments and feedback regarding this issue

of the Digital ID World newsletter to: editor@digitalidworld.com

Copyright 2002 by Digital Identity World, LLC.

All Rights Reserved

Permission to pass around freely granted