Policy and Identity

Policy and Identity are foundation technologies enabling the future of collaborative computing. More and more infrastructures will be deployed “in the cloud” and will not have the traditional IT constraints and overhead to govern the use and access to resources. Rather, policies will be expressed and identity used by those policies to govern the access and use of resources. New “cloud” services will be instantiated as needed, will exist as long as that need continues, and be disposed of’; all in accordance with policy. Storage will be persisted when policy dictates, while other resources will be reused as needed by other “cloud” services. And, policy interactions must in turn be governed by trust relationships and trust governing policies

As with policy, identity is a foundation technology for future use of collaborative computing. Identity assertions of the future must be exportable throughout the network and withstand the rigors of use in hostile environments. An identity assertion must be capable of withstanding capture, inspection, and attempted reuse without comprising the original intent of the creation of the identity. Today’s use of identity comprises “logging in” to a “system” and single sign-on attempts to reuse that “logging in” for other purposes to save the user the trouble of authenticating credentials each time a “system” boundary is crossed. This model will not take us to the future.

Identities of the future will be crafted because of a successful authentication of credentials, which may require the user (or agent) to submit some kind of secret (e.g., password), but such is not required. Authentic credentials of the future may require no secret at all, but rather be based on other mechanisms to assert the authenticity of credentials needed to access a resource. Indeed, a UserID may be replaced by a “role” or “claim” to allow resource utilization.

Policy becomes the lock and Identity the key for the utilization of network, process, and storage; which in turn provides the building blocks for interoperable collaboration. Compliance provides the watchdog to report proper and improper use of resources.