Event Recording
EIC 2012 Keynote: Conflicting Visions of Cloud Identity
Kim Cameron, Creator of the Laws of Identity and Microsoft Identity Architect, Microsoft
April 17, 2012 15:20
Yes. It's always an interesting experience and all of us know this. So we are all platform performers of one kind or another that the limitations are time is time is the most, the mostmost valuable commodity, and we have to do our best to divide it up fairly. Thank you very much. Indeed. Very pleased to call up next to Kim Cameron from Microsoft. Cameron are doing very well these days with David Cameron in England and others of us, please come. And do you have the, do you have the mic? No, we have, we need a mic or can we use a fixed mic here? Look behind. Hi. Very good to have you. And we will. Is, is there a mic coming it's on its way? Or do you want to use this one? I don't need a mic. You can. Okay. We'll just, we'll we'll go back to the traditional variety, the old economy, Mike. Thank you very much.
Okay. Well hello everybody for those who might not have expected to see me here as part of Microsoft, I'll simply say that through a series of bizarre events, I was led to come back to try and deal with these issues of the cloud. And I'm here today to talk about it. It seems to me that the, the, the, the whole prospect of the cloud is one of those incredibly interesting phenomena that is hard to retire from. And so I didn't. Okay. I'm gonna talk about conflicting visions of the cloud. And do I have a clicker? Yeah, thank you.
So I'll start with a few simple, these, the current reality is economic contraction. Enterprises and governments are under tremendous pressure to do more with less. And this isn't something short term. This has long term implications, organiz have to become leaner. They have to be better focused and they have to be fit to purpose. And it applies to all systems within the organization, production distribution, and it basically in order to become a fit to purpose entities that survive, we need breakthrough changes. Well, the cloud brings breakthrough change. You know, a number of economic benefits come through combined cloud innovations and the cloud. You know, when I first started to think about the cloud, I was just, it was all number of transistors per square, per cubic centimeter and all of this kinds of thing, but actually it's much bigger than sort of new ways of doing air conditioning and setting up servers.
It's new ways of delivering and operating the infrastructure it and its new business processes. And I believe the, the essence of it is that it is a, it is a, a, a technology and infrastructure for refactoring and redistributing processes so that they can be most efficiently performed. So in this sense, it's analogous really to the whole process of introducing the division of labor. It's a matter of figuring out how things can be done wherever in virtual space, they can be done most efficiently and survivors benefit by specializing in what they do best and what they do most efficiently. All of us have to multi-source the things that we don't do efficiently and outsource the things we do efficiently. So we're, we're talking about a world of specialization based on expertise and cost. So the third premise is that these two tendencies will join up the need to become leaner and more fit to purpose will drive continuous change and organizations will substitute inexpensive cloud services when they, when they, when they provide the same functionality as in-house services.
So you people, you already see people doing that around things like around areas like CRM and so on salesforce.com a kind of thing, but you'll also see more and more that as people do the specialization as their companies, as their enterprises, as their departments and government become more lean and fit to purpose that they will construct their systems as cloud services using other ecosystem cloud services as the building blocks. So they'll take these cheaper, more efficient gadgets and things, capabilities, abilities to analyze abilities, to do all kinds of calculations, widgets like Reinhardt showed us. And they'll be able to stitch those together to produce the experiences they want now essential to this is the notion that the cloud will be basically cross cloud interactions. So specialized services will expect to hook into other specialized services running anywhere else in the cloud using simple rest APIs. So we aren't talking about a world of closed cloud environments, where one vendor, one vendor's cloud is sort of a self-contained entity. And the cloud platforms that don't build in and buy into this openness will die from synergy deficiency compared to the platforms that are open enterprises and government data, of course is private in general.
So what will have to happen is that these cloud APIs will need to be able to handle and protect private information. So that implies that the different systems run by different administrations have to be able to reuse the knowledge of identity and policy in order to adequately adequately protect the data that they handle. This is really, really hugely different from the consumer space, as we've seen it up till now, it's not that consumer space, shouldn't be driven by the notion of private data. It's simply that the consumers aren't there and strong enough and powerful enough in order to ensure that that's the case. But when it comes to handling enterprise and government data, the tables are turned and the requirement will be put there that, that the privacy be, be respected and enhanced, and that will likely feed back onto consumer space over time.
So my view then is the cloud motor runs on identity. You can't have this specialization, if you don't have the identity infrastructure necessary to protect private data. So organizations need to be able to reliably identify authenticate and authorize across a graph of services, not simply inside some closed boundary before the reuse of specialized services, the whole concept of specialization becomes practical practical. And that means it's because of the need to service a graph, a distributed graph, as opposed to a closed environment that identity security and privacy are complicated in the cloud. Well, we all know that the domains, the domain based IDM model is a clear non-starter. I mean, you can't have a domain boundary. It doesn't make any sense at all.
And in my view, the first generation Federation IDM model won't do either. I mean, in that model, very powerful model and a big step forward over the domain model, we have a service provider who accepts claims from a identity provider, and basically a user goes to the identity provider, proves who they are and is able to send claims to the service provider. But when, when, and, and that works in these very simple environments where you have a couple of parties involved, but in general, most people have relationships with very different groups of identity providers, very different groups of people who can make claims about them. And so a service provider ends up having to deal with a whole, with a plethora of possible claims sources. And that's really complicated. So the issue of diverse people raises its ugly head. And the second thing is that there are diverse claims needed by different parts of this graph.
Where do the claims come from? One option that's been proposed is that, well, you, your identity provider becomes increasingly and progressively all knowing until it can, it can produce all of these claims. And that's basically counterintuitive and, and frightening to people. The notion of distributed claims made by entities who are in a position to know about them is a lot more, is a lot closer to the mental model that people have when they go to sites. So the new cloud era requires a new identity model in my view, and I'm gonna call this identity management as a service.
So my, my point here is simply that the functional specification driving the cloud economics sets up a, a, a, the need for new capabilities that are sufficiently complex, that, that it requires a new model and there's a condition. And the condition is, well, it can't cost a lot to implement this new model, cuz if it does then the cloud costs too much and it isn't worth going there in the first place. So the question becomes, how do you get more capability for less money? And the answer is use the efficiencies of the cloud to enable efficiencies in identity. So to me, the more I thought about this is kind of my aha over the last while is that it really means that identity management is a service is an inevitability because it can, it can, the efficiencies can produce the efficiencies and identity necessary to turn the motor of the cloud.
So what would identity manages management as a service look like? Well, there would be, and there are a whole series of different capabilities that would be part of that service. Now, not all service providers would offer all capabilities, but one could imagine an ecology of these capabilities. And so by this, I mean, things like registration management of attribute, attributes, credentials, claims, issuance, and so on, these of course are not products or, or things that you would see in the services. These are capabilities which would be combined into products and experiences by the providers of identity management as a service. So my thesis here is that all of this together would simplify and lower risk and cost both in deploying cloud applications, designing new cloud based systems, federating with small and large partners, supply chains, distributors, managing relationships with individual customers and citizens and evolving the hybrid it environment. So I'll give us an example. Directory, as a capability of identity management is a service. Now of course we have directories in the cloud.
For example, we, Microsoft itself has a product called office 365, which has, you know, been extremely successful, has many, many, many millions of people registered in it, hundreds of thousands of enterprises, but that's a closed directory. It isn't available. We can imagine. And, and there are other vendors, of course, who, who have similar directories, not as good of course, but we can imagine over time, these directories opening up and actually being real directories that, that are offered as a service to the enterprises who are involved. So what would the characteristics of this be? Well, first, the enterprise would have to decide who sees what, and in which applications and the cloud directory would have to be a service run on behalf of the enterprise. In other words, it's not some service that lives by itself in the cloud. It's not a cloud directory per se.
It's an enterprise directory or a government directory that happens to live in the cloud. Both publication of one's own directory and subscription to other directories could be provided as part of the service because you know, those of us who've been around in the identity world for a while, know that this is really, really complicated. It's really complicated to manage the barriers and the, and, and the boundaries between directories. So that's precisely something that a, a service could professionalize and bring, bring down the difficulty of managing and trust frameworks could simplify the legal relationships involved. Are we five? Thanks. This is so exciting. I can I'm I'm, I'm just dying to see what, what happens in the next four minutes here. When I get to four minutes it's I've got, I've got some tunes, so get ready. Okay. So another example would be the service provider combining IDMA, you know, identity management is a service capabilities.
So for example, when could imagine a website that brings in consumer identities, bring your, bring your own ID type things along with, and, and then augments those with identities and claims made by various entities that know that individual. And so once again, this is a matter of taking the capabilities we talked about on the other slide and combining them in order to provide an overall experience. I'll, I'll come back to this in a bit. My, my colleague, Ronnie BS will be talking about this on Thursday. And so you could see some more concrete thinking. Now all of this has to happen within a privacy and security imperative.
None of this will make sense to enterprises and governments in my view, unless you have clear privacy boundaries. So claims providers should only have visibilities onto the natural identity of the user that they're making claims about. And relying parties should only see claims that are released to them. Not necessarily know the, the natural identity. We believe it's possible to do this. I've done, I'm doing a lot of work on this in such a way that even the cloud for operator wouldn't have visibility onto which users were using, which services. In other words, all of that through things like hub proven minimal disclosure technology can be, can be hidden in such a way, not in such a way that there's, there's no leakage or disintermediation of the enterprise by the cloud operator or conversely unnecessary leakage about the activities of the users. I'm gonna skip over this because I'm afraid of what might happen if I don't, but we can, I'll give you the example of IRS.
If one has this ability to dissimulate to create a boundary between the claims providers say like the consumer claims providers like the Twitters and Googles and LinkedIns then, and convert those into privacy IDs. When could it start to imagine government sites actually allowing the user to authenticate using consumer IDs and still have no visibility onto those consumer IDs? So this ability to separate contexts could actually permit people to use IDs that they remember rather than ideas that they forget after a year and yet not leave traceability. They could also be combined in different ways and so on. So, so you could combine it with other factors like OTPs. So you could combine consumer IDs with OTPs or telephone verification and potentially assertions made by financial institutions about SSNs, or you could combine it with more traditional, also identity management as a service verification of things like SSN or postal address through traditional methods, like sending letters and checking information in, in other ways.
So my conclusion here is that we're looking at two visions of cloud identity, really. And, you know, I, I feel that those of us in the industry have to think about what, you know, how, how we assemble and, and, and approach these two, two models. So the identity management as a service model makes it feasible for service providers to assemble claims from multiple sources while respecting the individual's mental model of a direct relationship. And that's fundamentally different from pushing the user back to a monolithic identity provider that eventually knows all about her register, your streeted address in social security number with Google or Hotmail or whoever it would be. So with the IDM AAS model, I don't dare pronounce it. We can embrace the cloud without giving up our commitment to contextual separation. Anyway, I'll be writing about this a lot more on my blog. I really invite people to participate in that and send me your ideas and participate in your own own blogs. And let me know about it. Thanks very much, very much.
Okay. Well hello everybody for those who might not have expected to see me here as part of Microsoft, I'll simply say that through a series of bizarre events, I was led to come back to try and deal with these issues of the cloud. And I'm here today to talk about it. It seems to me that the, the, the, the whole prospect of the cloud is one of those incredibly interesting phenomena that is hard to retire from. And so I didn't. Okay. I'm gonna talk about conflicting visions of the cloud. And do I have a clicker? Yeah, thank you.
So I'll start with a few simple, these, the current reality is economic contraction. Enterprises and governments are under tremendous pressure to do more with less. And this isn't something short term. This has long term implications, organiz have to become leaner. They have to be better focused and they have to be fit to purpose. And it applies to all systems within the organization, production distribution, and it basically in order to become a fit to purpose entities that survive, we need breakthrough changes. Well, the cloud brings breakthrough change. You know, a number of economic benefits come through combined cloud innovations and the cloud. You know, when I first started to think about the cloud, I was just, it was all number of transistors per square, per cubic centimeter and all of this kinds of thing, but actually it's much bigger than sort of new ways of doing air conditioning and setting up servers.
It's new ways of delivering and operating the infrastructure it and its new business processes. And I believe the, the essence of it is that it is a, it is a, a, a technology and infrastructure for refactoring and redistributing processes so that they can be most efficiently performed. So in this sense, it's analogous really to the whole process of introducing the division of labor. It's a matter of figuring out how things can be done wherever in virtual space, they can be done most efficiently and survivors benefit by specializing in what they do best and what they do most efficiently. All of us have to multi-source the things that we don't do efficiently and outsource the things we do efficiently. So we're, we're talking about a world of specialization based on expertise and cost. So the third premise is that these two tendencies will join up the need to become leaner and more fit to purpose will drive continuous change and organizations will substitute inexpensive cloud services when they, when they, when they provide the same functionality as in-house services.
So you people, you already see people doing that around things like around areas like CRM and so on salesforce.com a kind of thing, but you'll also see more and more that as people do the specialization as their companies, as their enterprises, as their departments and government become more lean and fit to purpose that they will construct their systems as cloud services using other ecosystem cloud services as the building blocks. So they'll take these cheaper, more efficient gadgets and things, capabilities, abilities to analyze abilities, to do all kinds of calculations, widgets like Reinhardt showed us. And they'll be able to stitch those together to produce the experiences they want now essential to this is the notion that the cloud will be basically cross cloud interactions. So specialized services will expect to hook into other specialized services running anywhere else in the cloud using simple rest APIs. So we aren't talking about a world of closed cloud environments, where one vendor, one vendor's cloud is sort of a self-contained entity. And the cloud platforms that don't build in and buy into this openness will die from synergy deficiency compared to the platforms that are open enterprises and government data, of course is private in general.
So what will have to happen is that these cloud APIs will need to be able to handle and protect private information. So that implies that the different systems run by different administrations have to be able to reuse the knowledge of identity and policy in order to adequately adequately protect the data that they handle. This is really, really hugely different from the consumer space, as we've seen it up till now, it's not that consumer space, shouldn't be driven by the notion of private data. It's simply that the consumers aren't there and strong enough and powerful enough in order to ensure that that's the case. But when it comes to handling enterprise and government data, the tables are turned and the requirement will be put there that, that the privacy be, be respected and enhanced, and that will likely feed back onto consumer space over time.
So my view then is the cloud motor runs on identity. You can't have this specialization, if you don't have the identity infrastructure necessary to protect private data. So organizations need to be able to reliably identify authenticate and authorize across a graph of services, not simply inside some closed boundary before the reuse of specialized services, the whole concept of specialization becomes practical practical. And that means it's because of the need to service a graph, a distributed graph, as opposed to a closed environment that identity security and privacy are complicated in the cloud. Well, we all know that the domains, the domain based IDM model is a clear non-starter. I mean, you can't have a domain boundary. It doesn't make any sense at all.
And in my view, the first generation Federation IDM model won't do either. I mean, in that model, very powerful model and a big step forward over the domain model, we have a service provider who accepts claims from a identity provider, and basically a user goes to the identity provider, proves who they are and is able to send claims to the service provider. But when, when, and, and that works in these very simple environments where you have a couple of parties involved, but in general, most people have relationships with very different groups of identity providers, very different groups of people who can make claims about them. And so a service provider ends up having to deal with a whole, with a plethora of possible claims sources. And that's really complicated. So the issue of diverse people raises its ugly head. And the second thing is that there are diverse claims needed by different parts of this graph.
Where do the claims come from? One option that's been proposed is that, well, you, your identity provider becomes increasingly and progressively all knowing until it can, it can produce all of these claims. And that's basically counterintuitive and, and frightening to people. The notion of distributed claims made by entities who are in a position to know about them is a lot more, is a lot closer to the mental model that people have when they go to sites. So the new cloud era requires a new identity model in my view, and I'm gonna call this identity management as a service.
So my, my point here is simply that the functional specification driving the cloud economics sets up a, a, a, the need for new capabilities that are sufficiently complex, that, that it requires a new model and there's a condition. And the condition is, well, it can't cost a lot to implement this new model, cuz if it does then the cloud costs too much and it isn't worth going there in the first place. So the question becomes, how do you get more capability for less money? And the answer is use the efficiencies of the cloud to enable efficiencies in identity. So to me, the more I thought about this is kind of my aha over the last while is that it really means that identity management is a service is an inevitability because it can, it can, the efficiencies can produce the efficiencies and identity necessary to turn the motor of the cloud.
So what would identity manages management as a service look like? Well, there would be, and there are a whole series of different capabilities that would be part of that service. Now, not all service providers would offer all capabilities, but one could imagine an ecology of these capabilities. And so by this, I mean, things like registration management of attribute, attributes, credentials, claims, issuance, and so on, these of course are not products or, or things that you would see in the services. These are capabilities which would be combined into products and experiences by the providers of identity management as a service. So my thesis here is that all of this together would simplify and lower risk and cost both in deploying cloud applications, designing new cloud based systems, federating with small and large partners, supply chains, distributors, managing relationships with individual customers and citizens and evolving the hybrid it environment. So I'll give us an example. Directory, as a capability of identity management is a service. Now of course we have directories in the cloud.
For example, we, Microsoft itself has a product called office 365, which has, you know, been extremely successful, has many, many, many millions of people registered in it, hundreds of thousands of enterprises, but that's a closed directory. It isn't available. We can imagine. And, and there are other vendors, of course, who, who have similar directories, not as good of course, but we can imagine over time, these directories opening up and actually being real directories that, that are offered as a service to the enterprises who are involved. So what would the characteristics of this be? Well, first, the enterprise would have to decide who sees what, and in which applications and the cloud directory would have to be a service run on behalf of the enterprise. In other words, it's not some service that lives by itself in the cloud. It's not a cloud directory per se.
It's an enterprise directory or a government directory that happens to live in the cloud. Both publication of one's own directory and subscription to other directories could be provided as part of the service because you know, those of us who've been around in the identity world for a while, know that this is really, really complicated. It's really complicated to manage the barriers and the, and, and the boundaries between directories. So that's precisely something that a, a service could professionalize and bring, bring down the difficulty of managing and trust frameworks could simplify the legal relationships involved. Are we five? Thanks. This is so exciting. I can I'm I'm, I'm just dying to see what, what happens in the next four minutes here. When I get to four minutes it's I've got, I've got some tunes, so get ready. Okay. So another example would be the service provider combining IDMA, you know, identity management is a service capabilities.
So for example, when could imagine a website that brings in consumer identities, bring your, bring your own ID type things along with, and, and then augments those with identities and claims made by various entities that know that individual. And so once again, this is a matter of taking the capabilities we talked about on the other slide and combining them in order to provide an overall experience. I'll, I'll come back to this in a bit. My, my colleague, Ronnie BS will be talking about this on Thursday. And so you could see some more concrete thinking. Now all of this has to happen within a privacy and security imperative.
None of this will make sense to enterprises and governments in my view, unless you have clear privacy boundaries. So claims providers should only have visibilities onto the natural identity of the user that they're making claims about. And relying parties should only see claims that are released to them. Not necessarily know the, the natural identity. We believe it's possible to do this. I've done, I'm doing a lot of work on this in such a way that even the cloud for operator wouldn't have visibility onto which users were using, which services. In other words, all of that through things like hub proven minimal disclosure technology can be, can be hidden in such a way, not in such a way that there's, there's no leakage or disintermediation of the enterprise by the cloud operator or conversely unnecessary leakage about the activities of the users. I'm gonna skip over this because I'm afraid of what might happen if I don't, but we can, I'll give you the example of IRS.
If one has this ability to dissimulate to create a boundary between the claims providers say like the consumer claims providers like the Twitters and Googles and LinkedIns then, and convert those into privacy IDs. When could it start to imagine government sites actually allowing the user to authenticate using consumer IDs and still have no visibility onto those consumer IDs? So this ability to separate contexts could actually permit people to use IDs that they remember rather than ideas that they forget after a year and yet not leave traceability. They could also be combined in different ways and so on. So, so you could combine it with other factors like OTPs. So you could combine consumer IDs with OTPs or telephone verification and potentially assertions made by financial institutions about SSNs, or you could combine it with more traditional, also identity management as a service verification of things like SSN or postal address through traditional methods, like sending letters and checking information in, in other ways.
So my conclusion here is that we're looking at two visions of cloud identity, really. And, you know, I, I feel that those of us in the industry have to think about what, you know, how, how we assemble and, and, and approach these two, two models. So the identity management as a service model makes it feasible for service providers to assemble claims from multiple sources while respecting the individual's mental model of a direct relationship. And that's fundamentally different from pushing the user back to a monolithic identity provider that eventually knows all about her register, your streeted address in social security number with Google or Hotmail or whoever it would be. So with the IDM AAS model, I don't dare pronounce it. We can embrace the cloud without giving up our commitment to contextual separation. Anyway, I'll be writing about this a lot more on my blog. I really invite people to participate in that and send me your ideas and participate in your own own blogs. And let me know about it. Thanks very much, very much.
Stay Connected
How can we help you