Converging on identity

Devices, data types, people, and channels coming together

As with standards, the problem with convergences is that there are so many to choose from. When the subject is digital convergence we often start with devices and media, which leads to a barrage of questions: Can I watch movies on my notebook PC? Can my Bluetooth cell phone double as a modem? Can my Internet connection replace my long-distance phone service?

Increasingly, the answer to these, and similar, questions is yes. But it's often hard to see the forest for the trees.

Figure one , drawn from the perspective of an individual person, zooms out. The person in the middle stands in relation to other people, and also to various applications and services. All of the people (and many of the services) belong to many groups, use many devices, produce and consume many data types, and converse over many channels.

There is an organizing principle here, identity, but it too is plural. Users, devices, networks, and services all have identities. More than convergence of devices and data types, it is a convergence based on identity that we seek. Businesses need to condense multiple touch points into that elusive single construct, the representation of the customer. Individuals need to manage business and personal lives on the same networks and devices, from home, the office, or the road. Web services must be able to authenticate people, or services, or devices, using credentials that are institutional, personal, network-defined, or device-specific.

The various flavors of identity combine in tricky ways. Consider how just one attribute of identity, location, can be expressed. My static IP address locates a spot 50 miles east of my home office, where my ISP is based. My landline phone locates my house. My cell phone locates me within a couple of miles of wherever I am. My Wi-Fi subnet locates me within a couple of hundred feet of an access point. But, with apologies to The Matrix, there's no red pill to launch the trace program that reliably pinpoints my location.

Pondering the slippery concept of location can be fun, but when you're an enterprise wrestling with E911 (Enhanced 911) compliance, the game turns deadly serious. Locating your campus or warehouse isn't good enough. You have to find that person in Building A or Warehouse 7. Suddenly there's a whole new reason to want the call to originate from a VoIP handset or a Wi-Fi-equipped PDA.

Until we're all chipped, we'll continue to use device identity as a proxy for human identity. Of course, not all devices are created equal. Users roundly rejected Intel's processor ID but blithely accept that cell phones uniquely identify themselves. As a result, consumers increasingly enjoy features that make enterprises drool. How many businesses, for example, can locate people in real time the way AT&T's "Find Friends" program can? Most employees would retort, "It's just as well they can't!"

But home more and more of the real work is getting done at home. According to Ray Ozzie, CEO of Beverly, Mass.-based Groove Networks, home is where technologies destined for the enterprise, such as instant messaging and Wi-Fi, first appear.

Convergence does not mean that the work and home identities at the center of the figure become one. In Ozzie's Groove software, these identities are distinctly separate constructs. Each binds to its own unique set of group memberships, devices, and shared data. What has converged is not the multiple identities of the user, but the mechanisms for device federation, group formation, data synchronization, awareness of presence, and change notification.

Easier said than done. For now, you have to drink the Kool-Aid served by the likes of AT&T Wireless, or Groove, in order to reap the benefits of convergence. When Microsoft offered up HailStorm, businesses said "no thanks" and put federated identity squarely on the agenda. What that means is open for discussion. Web SSO (single sign-on) schemes, including Microsoft's Passport, Liberty , and Shibboleth, are ascendant. But as the Midvale, Utah-based Burton Group CEO Jamie Lewis points out, they're not incompatible with PKI (public key infrastructure).

Arguably using name/password authentication within the enterprise and cryptographic certification across enterprises makes sense. Alternatively, the pervasiveness of strongly-identified personal devices — which, unlike humans, can remember cryptographic keys — suggests another kind of proxied PKI.

The long-anticipated, yet elusive convergence of voice, video, and data means for the enterprise more than a delivery vehicle for training. Telepresence is a power tool for identity management. If I can hear you and see you, I can authenticate you. A secure phone call or videoconference might lead, by way of a protocol such as SIP (Session Initiation Protocol), to a secure data channel. Our presence together on that call might, in turn, be observable — by my wife, or by your co-worker, or both — in an e-mail client or IM (instant messaging) buddy list. You can see a glimpse of this in today's Mac OS X Mail client, which displays IM presence indicators next to e-mail messages from AIM and iChat buddies.

Everything on the periphery of the figure — devices, groups, data types, communication channels — has been proliferating, and that trend will continue. Convergence can't and won't limit that diversity, but it can and must help us use it effectively. Identity is the key.

Handheld devices, which increasingly serve as identity proxies, can report key attributes of identity -- such as location -- and can provide a platform for PKI.