I’ve been working with my team to come up with some visionary thoughts around where we think our services will be in the next 3-5 years. In addition to the typical CMMI-speak, we did come up with a few ideas that I think are revolutionary from a corporate IT perspective. The one term I came up with is “choose your own identity” which is basically the idea that one can choose to use their facebook or twitter account for access to corporate resources. There are a number of implications to this, but here’s basically how it would work:
- User is provisioned in HR system (workday/etc)
- Employee starts work, logs in to HR system
- Employee associates their externally managed credential to their Employee ID
- Employee is able to login to Corporate resources
This idea is not new in the world of Internet services, but it would be new to corporations which are used to controlling a user’s identity. It would also require that certain false security controls are in place (password length, change history, complexity, etc). I think the credential would be enhanced by a second factor – for example, we are thinking about issuing certificates to every user, and every device, in order to restrict access to the system. In addition, data protection becomes more of a hard requirement through the use of DRM or other encryption.
security without obscurity 