Mobile: +61 (0) 414 488 851
Email: swilson@lockstep.com.au

Its not for nothing we call them Identity Silos

Interoperability slides off the tongue as a must-have in identity systems but is it really self-evidently a good thing? It might seem politically incorrect but I think the answer is no, not in all circumstances. Too often the term "interoperate" is used casually, without any finesse or qualification.

Imagine an inventor going to a bank with a gadget that would enable the bank's plastic cards to "interoperate" with a range of third party services, so that cardholders could avail themselves of new services, all based on the bank's identification of those individuals. How would the bank respond? The first task would be to carefully examine new risks created by the cardholders accessing new (and only loosely specified) services. If a bank's relationship with its customers was going to be parlayed into new arrangements with additional parties, the bank would want the details. This is not to mention the legal nitty gritty of working out how extant cardholder agreements could be modified to accommodate all sorts of new usage, and overcoming the constraints in today's cardholder agreements which expressly limit how "identity" is used.

These un constrained analysis tasks don't seem doable; the risks of the unknown cannot be characterised. And therein lies the fatal flaw of so many federated identity proposals: they take us into uncharted risk management waters. Some proposals hold out the promise of new revenue streams for banks if they recast themselves as "Identity Providers", but throw money into the mix and the legal issues only get more fraught.

Those much derided identity "silos" that so many instinctively want to bust open are actually carefully construed risk management arrangements. They represent closed business relationships, not simple "identities" (elsewhere I have argued that identity silos have actually evolved in real world business ecosystems, such that risk management arrangements are a close fit for threats and risk appetites in particular circumstances). Breaking open these silos is an incredibly complex exercise, and is probably unbounded.

It's not for nothing that we call identity domains "silos". I wonder when and why silo became a dirty word in our business. Grain silos are wonderful things: architecturally elegant, strong, and protective. They are critical infrastructure for farmers, and much admired landmarks on many a rural landscape.

Let's follow the "silo" metaphor a little further with a thought experiment about real silos. Imagine a wheat farmer being approached one day by their corn-growing neighbour with the following proposition: In the name of efficiency, let us break open, connect and share our grain silos.

No farmer would give this idea a moment's thought; they would reject it out of hand. If the corn grower needs more capacity, it seems very obvious to me that instead of re-engineering the entire storage and handling system, and striking up new arrangements with all customers in anticipation of the new risks, it would be simpler, cheaper and quicker to just build another silo!

See also "Breaking down identity silos is harder than it looks".

Posted in Security, Identity


Thomas LeggFri 28 Jan 2011, 12:22pm

Could you imagine what would happen if grain silos weren't designed to easily federate? I'm sorry Mr. Farmer, we've designed your silo, so you can't easily move your corn to the silo at the rail station. And Mr Commodities Broker, I'm sorry, we've designed the silos at the rail heads to make it impossible to move the corn to HighFructoseCornSyrupMaker's storage facilities. The only things that'd be happy if they didn't interoperate would be the rats and other vermin that would gorge themselves on the Farmers' silos which have one way in, but no easy way out.

Stephen WilsonWed 2 Feb 2011, 8:45pm

Thanks Tom. That actually wasn't the intent of my analogy. I think when people talk about busting open identity silos, they have a rough idea of mixing up the grain (the ID rules and terms & conditions) in one superstructure. I was trying to say that the end-to-end design of a siloed system (including as you say the connections to down stream systems) is not amenable to easy change. Sharing infrastructure is an attractive idea in IT but I think the notion goes with too little thought. Sharing infrastructure in the case of real silos across different businesses (wheat and corn) is just not possible. To follow your point, the High Fructose Corn Syrup maker is expecting corn. If you sent them wheat, you'd be in trouble.

Post a comment

If you are a registered user, Please click here to Sign In

Your Name*

Your Email Address* required, but won't be displayed on this site

To help prevent spam in our blog comments, please type in "them" (without the quotation marks) below*