As Ping Identity's Community Evangelist I make sure the unique culture of Ping Identity stays alive with our customers, our employees, and the "identerati." You'll most commonly see me interacting virtually in the Twitter arena as @tootallsid and in the blogosphere churning out This Week in Identity. I also appear in the real world at Ping Identity User Groups meetings, as I work to support the user driven program we have in place.
Launched only two years ago, Ping Identity User Groups have steadily grown to 9 active locations with 100+ members. I've been there from the beginning and am chomping at the bit to debrief you on a recent milestone the program has reached...the first Ping Identity National User Group Meeting. The diverse turnout and the depth of conversation blew me away. Let me give you the highlights, Read more...
The meeting was held in conjunction with the Cloud Identity Summit in Vail, CO. For a summary of the Cloud Identity Summit click here. 29 users from 23 companies got together during the first slot of the first day of the Cloud Identity Summit to network and discuss hot topics in the user driven format of a Ping Identity User Group Meeting. Like at all Ping Identity User Group meetings there were also Ping Identity experts present to answer deeply technical questions. The meeting created connections that lasted throughout the Cloud Identity Summit and beyond - all agreed that it was an ideal way to kick off the conference.
Ping Identity customer Bob Brandt of 3M played the crucial role of host. Prior to the meeting he diligently polled registered attendees on the topics they were aching to discuss and created an agenda from their feedback, then during the meeting he ran the show. He was awarded with the title of "Ping Identity User Group Trailblazer" for all of his work in launching the National User Group meeting and also in keeping his local group, the Twin Cities chapter (the most robust of the Ping Identity User Groups), running strong.
The user created agenda went as follows, with commentary on each topic:
- OAuth deployment in the field to date
Literally every person in the room was in either the researching, planning or implementing stage of OAuth. Issues were raised and discussed about whether and how to use an API gateway, how to integrate it with PingFederate, how to manage token lifetime and where authorization fits in.
- Partner Federation into enterprises, including IDP discovery and account linking
For those providing services, they wanted to know how to determine a users IDP. Also, how they insure that at registration, existing users are identified and their existing accounts used. Another topic was how to convert from external tokens to internal tokens. Finally, the discussion touched on the ability to do step-up authentication when a user moves into a riskier section of their section of their Web site.
- Certificate management at scale
Many of the members in the room were a victim of their own success with dozens and even hundreds of federation connections. The management of cryptographic trust between endpoints using public key certificates gets to be a full time job. Different solutions were discussed ranging from home-grown certificate lifecycle management systems to two of the large commercial software packages. Many have combined this with SSL certificate management for their Web servers. Optimal certificate lifetime was considered with some using one-year, to ensure stronger security, to two- or three-year lifetimes to make management easier. One the problems in bilateral trust is that the personnel at their partners can turnover without any notification to them. The use of anchored trust, by buying certificates from commercial certificate providers, was discussed as a way to address this.
- Externalized identity Issues, including provisioning
When using external services, attendees wondered how to take all the sophistication of their internal enterprise IAM system and project it into the cloud, especially around the account life cycle, logging, compliance certification, and projection into third-party providers to their service providers.
The meeting ended with a discussion on likes and dislikes about the meeting and how the Ping Identity User Group program should move forward in the future. The general consensus was that the meeting should have been longer! Three hours just wasn't enough time to hash out all of the ideas and challenges facing each user. It's not often that the best IAM professionals in the country get to sit in the same room and discuss whatever topics they choose. Everyone seemed to see the value in this opportunity. Keep an eye out for longer User Group meetings in the future!
They also recognized the need to connect with one another post the National User Group meeting. I encouraged the entire group and I encourage you to keep the discussions going and to start new ones by joining a local User Group and/or the Worldwide User Group. Upon joining these groups you will have access to the members-only forums that each group supports. Interested in becoming a User Group leader? Submit the form found on our User Group landing page.
Hope to see you online or at a User Group meeting soon!