CardSpace – First time user impressions

At European Identity Conference 2009, Kim Cameron gave another inspiring talk about claims based authentication and Microsoft’s CardSpace (Geneva) Implementation.

After the conference, the nice folks of Kuppinger Cole sent out an Information Card to all participants that will grant access to conference material.

Unfortunately, that’s not as easy as I thought. CardSpace was not installed on my PC, and the login page had no hint on how to get it. I found *something* eventually (don’t remember the exact location), but that did not work out properly. I had the Control Panel and could install the Information Card, but this is what I got when I tried to use it:

greenshot_2009-05-14_10-09-50

Oops.

I googled some more and found the Geneva Team Blog, where I followed the link to download the latest release.
That gave me this message:

greenshot_2009-05-14_10-21-26

So – no CardSpace for me, it seems.

European Identity Conference – Day 2

The second day of EIC is over, and I have to say I’m impressed. I’m feeling a real interest in Identity Management by the participants, that will hopefully turn into real projects and through the feedback loop bring the topic forward.

20090506eic1

Today there were a lot of breakout sessions in addition to the keynotes. GRC was added as a topic in many titles, but I have to say this needs more work – I didn’t find much to take away regarding GRC, and some sessions that had “GRC” and “Compliance” in the title mentioned neither.

From a consulting perspective (i.e. real world needs) most of what is discussed here may sound like science fiction to participants. Most customers I’m talking to are busy working on much more mundane issues, namely re-gaining control of the authorizations they created and distributed over the years when words like “GRC” and “Compliance” had not yet been discovered.

More than one session complained about the complexity of todays authorizations (Kim Cameron said something along the lines of “I’m happy that SAP is on the panel to take the heat for this” ;) ), and everybody was ready to take a vow to simplify, many saw XACML as the solution.
This of course completely ignores that the complexity has not been implemented because programmers are too lazy to simplify, but because customers asked for the flexibility to be able to control access in such a granular way.

20090506eic2

I will go on a limb and say that if authorizations were easier, applications supported XACML and supported claims, management would not be that much easier for customers. The reason I’m saying this is that I often see customers struggle to define the exact access that should be assigned to employees.

So, a logical step to advance the topic would be to work on processes and best practices to assist in defining access requirements, that can then help to define an authorization structure that can actually be well supported by identity management systems. Right now, we may succeed in speeding up provisioning, but if the mess still remains below the surface, this is not much more than put lipstick on a pig.

European Identity Conference – Day 1

OK, back in the hotel after the first day of this years European Identity Conference in Munich.

20090505eic1

My colleagues have a booth on the ground floor presenting SAP’s Compliant Identity Management solution.
This year, I’d say conference attendance is a lot higher than last year. That would also correlate with our experience that Identity Management is getting traction in the market; we’re seeing a lot of interest from customers.

20090505eic2

The keynote presentations were reasonably good, I’d count Kim Cameron and Dave Kearns as the most interesting ones, as they are very much forward thinking and not directly product related (at least not with a commercial interest). They also had lots of quotable stuff for my own presentations ;)

20090505eic

Back on the expo floor, I had two interesting encounters.

Next to the bar, a company called “SecurIT” had a batch of Pokens on the counter, and they were nice enough to give me one! A Poken is a small USB device that links to a profile that you can link all your social network identities to. When you meet someone who also has a Poken, you hold the two together as a kind of handshake and your Poken profiles are being exchanged. Let’s see if I can find someone else who has one….

The conference material also had a voucher for another small identification device called the “YubiKey“. This one blew me away – it acts as a USB HID (human interface device) and on the press of a button, it emits a 40 character generated password. That again links to a server that you can implement for your infrastructure which will verify your authentication. The company is called “yubico” and originates from Sweden. Their web site has a free SDK and offers many implementation paths. Integration into SAP Netweaver should be pretty straightforward, maybe that might be an option for some customers. If you’re an SAP developer interested in playing with it, let me know.

All in all, a very exciting day. I met lots of people, and I’m looking forward to networking even more over the next days – after all that’s the best part of taking part in a conference.

The Twitter backchannel is quite active, the hashtag is “#eic”. Let’s see how that develops over the next few days.