Biometric entry into Australia

I'm still catching up with my news and I came across this story today (yes I know it was written almost a week ago). Apparently by 2010 non-Australian citizens will have to go through the pain of being fingerprinted and iris scanned when they enter the country. I imagine this will be similar to the process the US currently employs.

The most interesting thing from a technological standpoint was this statement:

"This information will be stored in the department’s central Identity Services Repository, which will be complemented with an ID management toolkit, including high-integrity enrolment and registration systems, forensic document examination techniques, a specialist identity investigation capability, advanced name search software, and an online document verification system."

It makes it sound easy doesn't it. Those of us who have had anything to do with identity Management and repositories know it's not, especially when you're talking about something of this scale. The thing that jumps out at me most of all is "central Identity Services Repository". Are they kidding? If that's really the plan, they better do some serious design work.

I'm also a little wary of the sentence: "ID management toolkit, including high-integrity enrolment and registration systems". Do they mean they want to use one of the provisioning solutions out there (I can make a pretty educated guess about what this would be because I know what they bought - I'm just not sure I'm allowed to say)? What's there to provision to besides the actual repository? The users being stored in the system will never have to use the system. I'm not saying that using a provisioning solution is a bad idea, but they don't need all the functionality that comes with it. The benefits you get from using an off-the-shelf product may not pay dividends here because of the performance trade-offs. They just need a scalable data store that performs. In other words, they need a great big relational database (or LDAP if they want something that has an open standard attached to it) with an application in front of it. I'm over-simplifying of course, but that's essentially what they need at the back end with the application being the glue between the biometric devices and the data store.

The DIAC actually have a bunch of off-the-shelf software products they could just pull out and use if they wanted. In fact, if I put my vendor hat on, I'd be able to slot a product into each part of the paragraph above (and not just for the "identity" part). But that would be fitting business processes to a set of products rather than the way it should be - figuring out what needs to be done and using the right solutions that fit.

IBM and Unisys are the service providers helping them put all this together and have their work cut out for them. They won't complain though. There's too much money to be made.

Australian newspaper reports old news

Is it just me or is The Australian's IT section "breaking" news 3 months after it happens? On April 17th, they reported that IBM was donating its Identity Mixer (idemix) software to the Higgins project. What's so wrong about this? Well, it happened in January.

Is The Australian having content management issues that caused an inadvertent re-publishing of an old story or are they really that slow? Either way, this is poor form coming from one of Australia's major newspapers (owned by Rupert Murdoch's News Corp by the way).

Ever since I started reading my news via RSS feeds, I've started to notice that traditional media outlets (such as newspapers) seem slow by comparison and as a result I've stopped bothering with newspapers. But this is just ridiculous.

Bit of a light month in Identity

I'm all iPhoned out. Seems all the news in January's been about Apple and the iPhone. The announcement at MacWorld, Cisco subsequently suing Apple over the use of the name and the latest being a Canadian company (Comwave) claiming to have the rights (at least in Canada) to the iPhone name. From a marketing standpoint, Apple's done a brilliant job here. Even if the damn phone doesn't end up being called an "iPhone", we'll all know it as "that thing formally known as the iPhone" - the point being that we've all heard about it. There's been much discussion about why Apple even announced it when they knew Cisco had claim to the name in the US (we know this because Apple was in talks with Cisco over licensing the name from them before the iPhone announcement). The most logical conclusion seems to be the publicity. I have also yet to read about any geeks out there who don't want one. They all practically wet themselves over the announcement...maybe that'll change when the hype dies down. I for one, do NOT want one...maybe I'm the only one. I must not be geeky enough.

So in a month where nothing was interesting enough for me to comment about, here's a few main bits of Identity news I came across:

• The Burton Group followed up a previous post about the Law of Relational Symmetry (which I referenced in an earlier post) with a post relating to the Law of Relational Risk. I for one had a tougher time grasping the concepts here, so I REALLY had to concentrate.
• The Burton Group also mentioned the "ascension" of authorisation management within enterprise environments of late. Seems this concept just won't go away...and rightly so. But as I mentioned in an earlier post (although at the time I used the term "entitlement management" and made mention of a company called Securant, which started a discussion between myself and Securent's CEO Rajiv Gupta which you can read in the comments section of that post - I should note that he didn't respond to my email following my final comment. I'm sure he had better things to do than debate terminology with me), this is not a new concept. It's just getting more attention of late.
• EMC talked about leveraging their RSA acquisition to "identity enable" their suite of products. I'll believe it when I see it!
• Microsoft Windows Vista launched - probably means we'll start to see the advent of more Windows CardSpace enabled solutions.
• IBM announced the release of Identity Mixer, which is software designed to help people hide or anonymise their personal information on the web. This has been donated to the Higgins project.
• The Liberty Alliance announced a Portal called OpenLiberty.org to "provide easy access to tools and information to jump start the development of more secure and privacy-respecting identity-based applications based on Liberty Federation and Liberty Web Services standards".
• Microsoft Architect for Identity and Access and User Centric Identity luminary Kim Cameron gave examples about how one would integrate CardSpace with OpenID.
• Kim Cameron and Dick Hardt (yes that really is his name), CEO of Sxip had a bit of a friendly stoush over OpenID and what Kim thinks is a susceptibility to phishing unless OpenID adopts some of the more secure concepts behind CardSpace. Dick responds on his blog. The discussion continues in the Identity-sphere.
  
• Australian Prime Minister John Howard announced changes in his cabinet making Senator Ian Campbell the new Minister for Human Services. He takes over from Joe Hockey who is now Minister for Employment and Workplace Relations. I mention this because it means that there's now a new guy in charge of Australia's Access Card initiative which has the potential to become our National Identity Card depending on what happens moving forward. It will be interesting to see the direction this takes moving forward with new leadership in place...not to mention the continuation of all the Software Security vendors (one of which I work for - more on this in the next post) and System Integrators salivating at the sheer size and potential $$$ involved with winning even part of the bid to implement this or to provide part of the infrastructure for it.

Note: I think I've just broken my record for the number of outgoing links in a single post.