Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID


Recap of Ian Glazer Keynote from Global Summit: Roadmap for Scalable, Standards-based, Privacy-preserving Identity Solutions

May 22, 2017, by Nicholas Roy
Tags: 2017 Internet2 Global Summit, Trust & Identity

Ian Glazer, Senior Director for Identity at Salesforce, delivered the Tuesday keynote address at this year's Internet2 Global Summit. Ian's talk was remarkable for a number of reasons, not the least of which was that it marked the first major identity-focused keynote address at a Global Summit. This is a milestone for the Internet2 community in its longstanding commitment to the growth and adoption of mature, scalable, standards-based identity and access management solutions. I urge you to click the link above and watch the video of Ian's keynote, which starts at about the 21:30 mark.

Ian's talk focused on the roadmap for scalable, standards-based, privacy-preserving identity solutions. He thanked the community for its work on software and standards which promote the adoption of standardized solutions, and for holding ourselves and our solution providers accountable for implementing those standards in a way which has fostered the adoption of the SAML protocol, one of the core federation standards in use today. Ian further highlighted that this community drives needed change - "we have moved from being a pay-for-standards world … to [one] where standards are built-in, where standards are a default setting." He compared this evolution to the adoption of TCP/IP as a network standard, where no one pays for a TCP/IP stack any more.

Ian discussed the three primary roles that underpin a CIO’s ability to deliver secure, trustworthy services that comply with regulations such as the EU General Data Protection Regulation (GDPR). This affects any legal entity that has any kind of dealing with any citizen of the EU, or whose services or identities may be used in the EU in the course of business. The three needed roles are:

  1. Security
  2. Privacy
  3. Identity

Any mature IT operation focuses on security out of necessity. Many institutions are focusing increasingly on privacy for similar reasons. But identity is a newcomer to this partnership, and Ian focused on the need for all three roles. In order for identity to have a seat at the table, an emphasis on the profession of identity is needed - as is an organization that supports the maturation of the profession.

Ian highlighted the new ID Pro group as an emerging professional organization for identity. It's incredibly difficult to gain skills and grow talent in the identity space. Most people involved in identity today got there through some combination of luck, affinity and the love of a good challenge. One primary goal for ID Pro is to ease the burden of that maturation and develop new talent - something which is in critically short supply. I urge you to take a look at the mission and work of ID Pro and consider joining and supporting it once the organization is up and running.

Ian called identity "the human interface of security - all of your logs are super boring if you don't know who's actually doing the work." Identity adds needed context that helps colleagues in security and their automated processes understand what is happening and make critical decisions. Identity is also an operational wing of privacy, responsible for ensuring that this sensitive information has needed controls placed around it.

That brings us to the core of the talk - what Ian calls the “De-Weaponization Maturity Model.”  This is an important path that identity as an industry -- and this community’s identity efforts in particular -- must focus on to ensure that identity plays its required role in enabling user access to services.  The Maturity Model is meant to optimize security controls for identity-related systems. The roadmap focuses on five stages, noted in the illustration below.

De-Weaponization Maturity Model for Identity Stacks (Source: Ian Glazer) - click on image to see full size

Ian challenged the community to achieve stage 1 - managed identity systems - within six months of Global Summit, roughly the time of Internet2's fall Technology Exchange event. The other stages in the model focus on preventing insider threats, and targeted and non-targeted attacks. The final stage in the model is directional: that we must achieve transparency of operations to allow users to have confidence in identity services. Achieving even part of this roadmap will mean major changes to the way identity does its work, and thus the need for continued focus on efforts like Internet2's TIER initiative and the emerging ID Pro organization.

I'd like to thank Ian for this excellent keynote, and for his commitment to building the larger community of identity professionals.