At the Cloud Identity Summit, Stephen Wilson is going to turn you on your head.
Don't fight it. Feel it.
Wilson, the founder and managing director at Lockstep Consulting in Australia, likes to
flip things around and look at all sides. A self-proclaimed contrarian, his job is to check your thinking.
At CIS, he'll be flipping over popular tenets around federation, identity providers (IdP), relying parties, claims, attributes and risk management, and wrapping it in an ecology metaphor.
"We have ensembles of claims, technologies and business rules that are all bundled together as our various digital identities," says Wilson. "And the digital identities we possess have all evolved to fit different ecological niches in business systems."
Wilson says identities are built from memes, social genes passed on from one generation to the next. "Identity is memetic," he said.
This evolution has resulted in identity that is locked into one context and not relevant in other contexts. "You can't take a fresh water fish and drop it in salt water."
Wilson says we need to develop more realistic expectations for federation, that we need to understand federation is difficult at the identity level, and why federation makes sense at the attribute level.
"The folks at MIT are talking about an attribute exchange bus," he said. "It's a way to talk about concrete identity assertions like name, address, credit ranking, and citizenship." He thinks there are 20-30 core attributes that can be federated.
"We can go back to the memes and pull apart identity and re-engineer it selectively so elements of the identity can be federated. I call it memetic engineering."
His model also flips conventional thinking about identity providers and relying parties.
"Identity is in the eye of the relying party," said Wilson. Relying parties collect attributes and become the entity to assemble identity in context.
This, Wilson says, makes risk management arguments around identity easier to formulate.
"It's a bit provocative, but there is no IdP in the way we traditionally think about it," he said. "It means we have to change the business models of IdPs, at least at Levels of Assurance 3 and 4." At CIS, Wilson plans to demonstrate this transformation of the IdP in an ecological way.
He says the good news is that we have a thriving marketplace of attributes and we have standard protocols that are powerful at the attribute level.
"My call to arms is we should drop down a level and federate concrete component attributes instead of trying to federate high-level abstract identities," he says.
Registration is now open for the Cloud Identity Summit, July 8-12 in Napa, Calif.