How Do You Forge A Digital Identity?

P J Connolly eWEEK USA 2012. Ziff Davis Enterprise Inc. All Rights Reserved,

IT is now charged with the job of extending existing IDs or incorporating new ones to accommodate a digital presence, says PJ Connolly

Making this integration happen wasn’t terribly difficult either, Davis says, adding, “Only two of us really worked on it full-time” in a two-month iteration.

Facebook was helpful with integration issues, Davis added. “They have an awesome API. When you first connect, we analyse up to hundreds of thousands of individual ‘likes,’ and that’s pulling quite a bit of data from Facebook over to our web servers.”

With Facebook’s OAuth 2.0 implementation, “the idea is that you are granting access to a trusted third party, in this case Etsy, to then go and browse your profile through the API on your behalf.”

The privacy question

Davis went on to say that “people have security and privacy issues, and we take those seriously; the only thing we use [the data from Facebook] for is to show gift recommendations to you. We went through every path possible to be respectful of our users’ data.”

But Facebook is merely the 800-pound gorilla of digital identification, and it’s not the only one proving a private-sector identity. As Davis noted, “You have a social identity on Facebook. It’s primarily a reflection of your offline identity; of course, you [may] have an identity on LinkedIn [serving as] a professional identity, a projection of one aspect of your life onto another.”

For decades, IT departments have served as digital-identity providers although their scope is generally limited to the duration of one’s employment, or one’s relationship as customer or vendor. That’s changing already, particularly in academia, as colleges and universities start to treat the relationship with alumni as less of a money-grubbing exercise and more of a community-building operation.

Collaboration and mobility

One example of this is the Thomas M. Cooley Law School, which is based in Lansing, Michigan, and has satellite campuses in Ann Arbor, Grand Rapids and the Oakland County suburb of Auburn Hills. Cooley’s enrollment, when full-time and part-time students are combined, makes it the largest law school in the country to be accredited by the American Bar Association.

Cooley’s identity and email infrastructure, based on Novell GroupWise and supported by Novell’s eDirectory service, had worked well for internally-hosted services, supporting 3,500 students and 500 faculty and staff, said Greg Colegrove, director of IT operations at the law school. The problem, he explained, was that “we just could not respond quickly enough to the things we were asked for” in areas such as smartphone integration and other items touching on collaboration and mobility.

The IT staff at Cooley found during a 2009 pilot programme that Google Apps would satisfy many of the demands for collaborative and mobile access; the challenging was determining how to scale this from the 100 student volunteers to the rest of the student body, as a run-up to extending the Google Apps support to the entire user base. The solution was Novell Identity Manager, an IDM (identity-management) tool formerly known as DirXML.

It turned out that CosmosKey, a firm based in the UK, offers a SAML-based (Security Assertion Markup Language-based) connector between the Identity Vault in Novell Identity Manager and Google Apps. The CosmosKey IDM Connector for Google Apps installs on the machine running the IDM engine or on a server running the Identity Manager Remote Loader. With a proof-of-concept installation of the IDM tool up and running for the spring 2010 term, the IT team at Cooley was able to bring the entire student body onto automatic IDM-based provisioning for the fall 2010 term.

The secret to Cooley’s success, noted Colegrove, was end-to-end testing before unleashing the entire student body on the freshly integrated systems. “A lot of this was new to us, so we did everything… in a full [developer] environment.” He added that “the beauty of this” was that the students already had network identities, making it a relatively simple extension of that identity.

Phase Two involves offering this to alumni, Colegrove explained. The previous policy was that Cooley grads could “keep their email addresses for a year after they graduate. With Google [Apps] and IDM already in place, now they keep that [identity] through their legal career,” making job searches, networking and other activities that much more seamless and fostering their identification with the Cooley brand.

There’s no one-size-fits-all approach for integrating social networking and cloud-based applications with the conventional IT-centric model of identity. But no matter what approach an organisation takes, it’s clear that preparation and testing before deployment is essential.