I read a lot. Mostly about identity, security, the cloud and other tech topics, but because I’m a writer I’m also interested in the tools of the trade. That’s why, every week without fail, I read the World Wide Words newsletter. Through it, I find out about words such as this past week’s “nidicolous” (“If your offspring are proving recalcitrant or obstreperous you may like to hurl the epithet nidicolous at them. It will be accurate and tantalisingly unclear; it might even provoke them to crack open a dictionary to discover whether you’re insulting them.”) No, I won’t tell you. Go to the web site.
The reason I bring up World Wide Words here, though, is that this past week it intersected with what we’re talking about at KuppingerCole: The Internet of Things.
Editor Michael Quinion says about it that “[t]he reference is to the way that equipment of many kinds is now fitted with embedded computing technology, not only the obvious items like telephones and video recorders but also your car, your washing machine and your refrigerator as well as your lightbulbs. It is no longer futuristic fiction to suggest your refrigerator might be able to report you’re low on bacon or eggs and order up fresh supplies. Or that a bathroom cabinet might monitor your pill consumption to remind you to take the next dose, organise refills and allow your doctor to supervise your case.”
That all seems very reminiscent of a presentation I gave in the fall of 2000, and recalled here last spring in “Back to the (digital) future”. The Internet of Things and Life Management Platforms are inextricably intertwined.
But it’s wrong to think of the Internet of Things as somehow separate from the internet of people. It is really an Internet of People, Things, and Services (IoPTS). In fact anything which can be uniquely identified on the ‘net is part of the mix. It's a given in the identity business that the use of cloud services is architected on an identity foundation. It's also fairly evident to all that identity is the basis of regulatory compliance. The reality, which not everyone will admit as yet, is that Identity is the foundation of every transaction that occurs on the internet. But it's becoming more apparent all the time that it's not just the "who" identity that is important, but also the "what" and the "where" (i.e., the platform that the "who" uses to do the "what"). In order to deliver cloud services properly, the provider needs to know the user, the user's permissions, the user's capabilities and the user's needs. The "needs" include precise data on the service, its version and its optional components. The "capabilities" reflect the hardware platform the user will use the service on.
In order to correctly log and audit activity for regulatory purposes, the compliance service needs to know precisely who is doing what to which information and where that activity is occurring. All of this requires that we can easily, automatically and uniquely identify the services, applications, and platforms that are being used as well as the attributes of each that are necessary to make a decision (for cloud services) or satisfy a policy (for regulatory compliance).
In order to communicate with others we need to be able to be sure of their identity, and they of ours. That holds true whether we’re talking to another person via email, to our friends and family on Facebook, an ecommerce retailer, our work, our schools or our government – we need to be sure of who they are and they need to be sure of who we are.
Identifying devices is an outgrowth of both manufacturing and inventory control. A manufacturing bill of materials could be considered an identity document (with a serial number as a unique identifier) containing a list of attributes (the parts specifications) for an identified "thing." Inventory control, carried to its limits, uniquely identifies not only each desk in an organization but each drawer in each desk - and possibly each pencil in each drawer.
Less tangible items, such as applications and services, don't have quite the same legacy of identity. When all services were located in the datacenter or server room and IT went from desk to desk doing installations it wasn’t necessary for the user to be able to identify the service in any meaningful way. There's versioning, but that doesn't identify a specific instance, just the general code. Each instance of a non-trivial service or application will also include parameters unique to the time, place and users involved in its execution. And when that service is cloud-based it’s all the more important that it can be identified as the specific, and valid, instance we expect it to be.
A full-blown identity management solution will have to understand that it's no longer just about people. While personal identity will remain important, a new superset of identity will emerge. Prakash Ramamurthy, now Chief Product Officer at LifeLock, called this "entity identity" when he was working on IdM at Oblix (and he said that with a straight face). That’s catchier than IoTPS for sure, but whatever we call it, I expect you'll be hearing a lot more about these things in the months to come.
At the European Identity and Cloud Conference in May we’ll be talking about IoTPS. Among the topics we’ll explore:
- Connected Objects, Real World Internet, Web of Things: Visions and Business Models in the IoTPS World
- Reference Models and Initiatives and Architectures for the Internet of Things
- IoTPS Security and Privacy Concerns and how to address them
- Connected Vehicles, Life Management Platforms & The API Economy