Mapping the industry

Digital Identity isn't simply about single sign on, reputation systems and the centralization of identity data by Big Brother. Rather, digital identity covers a universe that a lot of folks wouldn't normally see as "identity."

Since we're at the beginning of this blog, and Phil has begun to lay out the topics surrounding digital identity that we believe we'll be covering, it only seemed appropriate to provide a map of how we view the entirety of the "identity industry."

Our intent in mapping the industry Technologies that analyze identity are some of the most cutting edge. was to find logical categories that describe what identity technologies do. However, as identity technologies have grown up, they have simultaneously grown to answer specific business drivers. As such, while we can use verbs to describe what the technologies do, we often find that the more mature technologies cut across the "do" categories in an attempt to answer a larger business concern (more on this later). With that limitation in mind, as we mapped, we found that digital identity technologies are used to authenticate, manage, store, integrate, control and analyze identity-associated information.


Authentication is all about knowing that someone or something is who they say they are. Technologies in this space include PKI, digital certificates and signatures, smart cards, tokens, risk-based or "layered" authentication, usernames and passwords, biometrics, RFID, certificate authorities, and the mass of the trusted computing field. (We'll expand on these technologies over time on this blog).


The management of identity is concerned with lifecycle administration, provisioning, workflow, and delegation. Technologies in this area include provisioning, enterprise single sign on, self-service administration and password reset, de-provisioning, delegated policy administration and workflow management. Management has been the "core" of identity technologies over the last few years (often referred to as "identity management"), as enterprises have applied these technologies to gain greater control and efficiency over the administration of common business processes and compliance monitoring.


This is where the "identity story" started. Technologies that formed the foundation of identity are "storage" technologies like directories and meta-directories. While there isn't a massive diversity of technologies in this area, there is a huge legacy of deployment of these technologies.


Technologies focused on the "integration" of identity information are concerned with connecting, linking or moving that information across borders. These technologies include synchronization, federation, virtualization, and all of the rapidly emerging user-centric identity technologies (InfoCard, SXIP, LID, OpenID, YADIS, MicroID, etc.).


The "control" category contains what used to be known as "access and authorization" technologies (back when identity management was referred to as "triple A" -- or authentication, authorization and access). Technologies in this area are all about identity-based ways of granting access, controlling usage, or modifying the data presented based upon identity factors. These technologies include web services security, content localization, web access control, physical access control (insofar as it uses identity management technologies), digital rights management, enterprise rights management, Network Access Control, SSL VPNs, and geo-location technologies.


Technologies that analyze identity are some of the most cutting edge. They include real-time compliance auditing and tracking, real-time policy enforcement, and identity-based business intelligence and data mining.

A larger "map" of the identity industry begins to explore the corners into which identity is beginning to crawl. And, as we begin to layer vendors into the categories, the topology becomes even more clear. But that is for another day...