3. Robert Lapes
• 30 years experience in I.T.
• 10 years of identity program assurance
• Head of IAM Advisory Services
• Capgemini UK’s IAM practice
• 120,000 staff in 40 countries
• 200+ identity specialists worldwide
7. IRM’s four business pillars
1. CONSUMERS and THINGS over employees
2. ADAPTABLE over predictable
3. TOP LINE REVENUE over operating expense
4. VELOCITY over process
8. IRM’s four technical pillars
1. INTERNET SCALE over enterprise scale
2. DYNAMIC INTELLIGENCE over static
intelligence
3. BORDERLESS over perimeter
4. MODULAR over monolithic
35. “… The ER concept is
the basic fundamental
principle for
conceptual modelling.
It has been with us
since thousands of
years ago and will be
with us for many years
to come.”
36.
37. Entity–relationship model
2 Registrar
5 Attribute
Authority
Registers for identity
Issues identifier
Asserts access claim
Enrols for service
Issues credential
4
Provides service
Credential
Authority
Circle of
Trust
Authorisation
1 Policy 6
Governance
Subject
Identity
service
Authentication
service
Reliant
party
Access
service
2 Entity
3 Service or
Resource
49. The Deming Cycle
Plan
Do
Check
Act
Identifier and
credential
scope
Collection
and
consolidation
Mapping and
validation
Reconcile
and
remediation
Authoritative
identifiers and
credentials
Policy
scope
Collection and
consolidation
Policy review
Policy
remediation
Authoritative
policy
50. Matthew Henry Phineas Riall Sankey
Engineer
Introduced the first
energy flow
diagram
1853 – 1926 Ireland
55. IRM is the new IAM
scale complexi ty
adaptable dynamic
bigger faster
connected diver se
decent ral isat ion
non- l inear i ty
56. Why diagrams?
• Data can be hard to understand
especially in written form.
• Diagrams help us understand complex
data and information and identify
complex relationships.
• We learn better visually.
59. Contact information
Insert
contact
picture
Robert
Lapes
Identity Architect
robert.lapes@capgemini.com
Capgemini UK | Bristol
(Toltec)
Tel: +44 0 870 194 6658
Insert
contact
picture
Andrew
Critchley
IAM Proposition Lead
andrew.critchley
@capgemini.com
Capgemini UK | Sale
Tel: + 44 (0)7891 154281
Editor's Notes
Speaker biography
Robert Lapes is head of identity advisory services in Capgemini’s IAM practice in the UK. He is a chartered engineer with nearly 30 years of insight and lessons learnt in I.T.
For the last ten years he has been working on assurance of large scale identity programs. He has helped senior stakeholders in Government, agencies, NGOs and global businesses to transform and assure their identity strategy and architecture.
His architectural research for the EU Guide project has given him a unique insight into fundamentals of identity, trust, privacy and consent. He has combined his experience of over 65 client engagements to develop an IAM framework to help clients to understand how identity drives their business and structure their approach to identity.
He lives in the West of England and in his spare time enjoys philosophy, cycling, cider and cider making.
The objective of your presentation:
My presentation will last twenty minutes with five minutes for questions.
My presentation is split into four key areas.
IRM context
Why diagrams?
What diagrams?
Identity
Relationships
Management
Summary and questions
Preface about IRM and IAM
Pillars of IRM
BUSINESS PILLARS
CONSUMERS AND THINGS over employees
ADAPTABLE over predictable
TOP LINE REVENUE over operating expense
VELOCITY over process
TECHNICAL PILLARS
INTERNET SCALE over enterprise scale
DYNAMIC INTELLIGENCE over static intelligence
BORDERLESS over perimeter
MODULAR over monolithic
https://kantarainitiative.org/irmpillars/
https://kantarainitiative.org/irmpillars/
Context??
7.1B population
3 B employed
205 unemployed
2.5B have bank accounts
2.5 B do not have bank accounts
World's top ten largest public and private employers, 2012 = employed 17.6M people
Employer Employees Headquarters
United States Department of Defense 3.2 million United States
People's Liberation Army 2.3 million China
Wal-Mart 2.1 million United States
McDonald's 1.9 million United States
National Health Service (NHS) 1.7 million United Kingdom
China National Petroleum Corporation 1.0 million China
State Grid Corporation of China 1.5 million China
Indian Railways 1.4 million India
Indian Armed Forces 1.3 million India
Hon Hai Precision Industry (Foxconn) 1.2 million Taiwan
Rank Company Country Industry Revenue in USD
1 Wal-Mart USA Retail $476.3 billion
2 Royal Dutch Shell NL/UK Petroleum $459.6 billion
3 Sinopec China Petroleum $457.2 billion
4 Nat. Petroleum Corp. China Petroleum $432.0 billion
5 ExxonMobil USA Petroleum $407.7 billion
6 BP UK Petroleum $396.2 billion
7 State Grid Corp. China Power $333.4 billion
8 Volkswagen Germany Automobiles $261.5 billion
9 Toyota Japan Automobiles $256.5 billion
10 Glencore Switz Commodities $232.7 billion
7.1B population
3 B employed
205 unemployed
2.5B have bank accounts
2.5 B do not have bank accounts
World's top ten largest public and private employers, 2012 = employed 17.6M people
Employer Employees Headquarters
United States Department of Defense 3.2 million United States
People's Liberation Army 2.3 million China
Wal-Mart 2.1 million United States
McDonald's 1.9 million United States
National Health Service (NHS) 1.7 million United Kingdom
China National Petroleum Corporation 1.0 million China
State Grid Corporation of China 1.5 million China
Indian Railways 1.4 million India
Indian Armed Forces 1.3 million India
Hon Hai Precision Industry (Foxconn) 1.2 million Taiwan
Rank Company Country Industry Revenue in USD
1 Wal-Mart USA Retail $476.3 billion
2 Royal Dutch Shell NL/UK Petroleum $459.6 billion
3 Sinopec China Petroleum $457.2 billion
4 Nat. Petroleum Corp. China Petroleum $432.0 billion
5 ExxonMobil USA Petroleum $407.7 billion
6 BP UK Petroleum $396.2 billion
7 State Grid Corp. China Power $333.4 billion
8 Volkswagen Germany Automobiles $261.5 billion
9 Toyota Japan Automobiles $256.5 billion
10 Glencore Switz Commodities $232.7 billion
My job is to help clients understand their identity problems and find solutions to them.
In many cases clients don’t know what to do or what they want.
Frequently this means helping clients to understand the data and information that they already know.
I’ve found that diagrams are an excellent way to bring understanding to data and information.
Diagrams can be used to visualise: Data; Information; Concepts; Strategy; Metaphors; Compound concepts.
This presentation looks at a few useful data, information and concept diagrams.
Why are diagrams effective?
See also:
http://en.wikipedia.org/wiki/Data_visualization
http://www.visual-literacy.org/periodic_table/periodic_table.html
We learn mainly by sight.
Humans have evolved to process large amounts of visual information.
While awake a human has a total brain bandwidth of approximately 100Mb/s or about 10MB/s
Diagram:
http://en.wikipedia.org/wiki/Tor_N%C3%B8rretranders
http://www.mu-sigma.com/uvnewsletter/links.html#a
In terms of human evolution, writing is a recent innovation.
So it is not hard to see why we find pictures, pictograms and diagrams useful ways to convey information.
Picture: http://bigpicturehistory.com/wp-content/uploads/2012/08/evolutionOfWriting.jpg
I’d like to start with a diagram that is based on the work on the German philosopher Georg Hegel.
He is regarded as one of Germany’s greatest philosophers.
Georg Wilhelm Friedrich Hegel was born in 1770 in Stuttgart, Germany
He studied theology, philosophy and logic.
He took jobs as a newspaper editor and also as a headmaster to fund his studies.
He was interested in philosophy for the common man and building on the ideas of the philosopher Immanuel Kant.
Hegel is considered as one of the hardest philosophers to read
Hegel dialectic work builds on the works of: Zeno; Heraclitus; Socrates; Plato; and Kant
It was a major influence on: Marx; and Engels.
Hegelian Dialectic
The dialectic diagram is a triad of: thesis, antithesis, synthesis
It is often used to describe the thought of Hegel, although he never used the term himself.
Dialectic is a method of argument for resolving conflict or disagreement.
It is a method that is central to both European and Indian philosophy.
G.W.F. Hegel reintroduced the idea of dialectics just as the industrial revolution was beginning.
Hegel suggested that for every idea that exists (thesis) an opposite and counter idea (anti-thesis) exists.
The Synthesis solves the conflict between the thesis and antithesis by reconciling their common truths and forming a new thesis.
When applied to IRM it helps us consider what we want, what we don’t want and an acceptable compromise.
For example it can help us consider what assurance we need before we make a decision to trust
Here’s how helpful it can be when you need to sort out identity problems.
Three Kinds of Contradiction
Being the opposed pair of concepts at first seem flatly opposed, as if they would have nothing at all to do with one another: Being Nothing / Quantity Quality. Only be means of analysis or deduction can they be shown to be intimately interrelated.
Essence the opposed pairs immediately imply one another. The Inner and the Outer, for example: to define one is at the same time to define the other.
Notion where pairs are linked by a more sophisticated conceptual link, for example the concept of Identity whose component parts, Universality and Particularity, are conceptually interrelated.
The second identity diagram builds on this concept that identity is not a binary state.
Professor Ian Goldberg
Born 1973
Canada
His Ph.D. thesis at Berkley in 2000 was: “A Pseudonymous Communications Infrastructure for the Internet”
This contained the nymity slider.
http://en.wikipedia.org/wiki/Ian_Goldberg
We can trace the origins of the slider back to 1998 when Ian is quoted as saying:
“Privacy and national security are like opposite ends of a slider,“
"Technology is like a magnet that allows individuals to pull that slider back toward themselves.“
We can trace the origins of the slider back to 1998 when Ian is quoted as saying:
“Privacy and national security are like opposite ends of a slider,“
"Technology is like a magnet that allows individuals to pull that slider back toward themselves.“
This is how the Nymity Slider appeared in Goldberg’s thesis.
The Nymity Slider builds on Hegel’s dialectic view.
In Enterprise IAM you are either identified or you are not.
In IRM and the IoT the consumer wants to take control of how they identify themselves.
John Venn was a noted logician and philosopher born 1837 Kingston upon Hull, Yorkshire, England.
Died 1923, Cambridge, England.
A Venn diagram or set diagram is a diagram that shows all possible logical relations between a finite collection of sets.
It is used in the fields of set theory, probability, logic, statistics, and computer science.
Introduced by John Venn in 1880.
Published in “On the Diagrammatic and Mechanical Representation of Propositions and Reasonings”
A Venn diagram or set diagram is a diagram that shows all possible logical relations between a finite collection of sets.
It is used in the fields of set theory, probability, logic, statistics, and computer science.
Introduced by John Venn in 1880.
Published in “On the Diagrammatic and Mechanical Representation of Propositions and Reasonings”
This is what his first diagram looked like.
The American philosopher Clarence Irving Lewis was the first to use the term "Venn diagram" in his book "A Survey of Symbolic Logic“ published in 1918.
http://en.wikipedia.org/wiki/Venn_diagram
Venn diagrams have regions for all possible combinations of groups whether there are things in those regions or not.
Shading indicates if things are actually found in those regions.
Euler diagrams only show a region if things exist in that region.
An advantage of the Venn diagram is that it can show gaps and missing groups.
Diagram source: http://d5lx5634mkgoi.cloudfront.net/wp-content/uploads/2009/09/vennvenn2.png
In IAM Venn diagrams are useful tools for set and gap analysis.
Source: Eve Maler
A Venn diagram or set diagram is a diagram that shows all possible logical relations between a finite collection of sets.
It is used in the fields of set theory, probability, logic, statistics, and computer science.
Introduced by John Venn in 1880.
Published in “On the Diagrammatic and Mechanical Representation of Propositions and Reasonings”
Born 1837 Kingston upon Hull, Yorkshire, England
Kawakita Jiro (KJ)
Japanese anthropologist
1920-2009
Studied at Kyoto University
Whilst studying ethno-geography in Nepal during 1960’s he developed a systematic way to find messages in complex qualitative data.
It was a bottom-up approach that abducts an idea from data
Known as the KJ Method or Affinity diagram
http://en.wikipedia.org/wiki/Seven_Management_and_Planning_Tools
The KJ-Method is an effective a mix of independent brainstorming, group dynamics, and democracy.
It allows a team to be creative and critical in a productive manner, to the independent perspectives and experience of the team.
It avoids problems created by strong personalities and politics.
Note that this method use Eastern philosophy rather than Western scientific approach to capture issues.
A KJ diagram can be helpful when:
• issues are complex – lots of information available, but many potential interpretations
team would benefit by learning together
– based on facts
– developing common understanding and focus
• communication and reuse of the information is important
– KJ is a powerful way to store and transmit data
Record ideas on notes.
Look for related ideas.
Sort into groups.
Thanks to: the inventors of the post-it note: Dr. Spencer Silver and Art Fry
Prof. Peter Pin-Shan Chen
b. 1947 Korea
Computer Scientist
Developed the Entity Relationship Model
His 1976 paper on the Entity-Relationship model (ER model) is one of the most cited papers in the computer software field.
An entity-relationship model is a systematic way of describing and defining a business process.
It helps to discover “hidden relationships” between entities and associated data.
They are the foundation of many systems analysis, design and software engineering methods.
In Enterprise IAM – technologist define permissible relationships.
In Consumer IRM – relationships are made by consumers and discovered by analysis
„Entities and relationships are a natural way to organize physical things as well as information …
The ER concept is the basic fundamental principle for conceptual modelling. It has been with us since thousands of years ago and will be with us for many years to come.”
Many of you have heard about data mining. If you think deeply about what the data mining actually does,
you will see the linkage between data mining and the ER model. What is data mining? What does the data
mining really is doing? In our view, it is a discovery of “hidden relationships” between data entities. The
relationships exist already, and we need to discover them and then take advantage of them. This is
different from conventional database design in which the database designers identify the relationships. In
data mining, algorithms instead of humans are used to discover the hidden relationships.
„Entities and relationships are a natural way to organize physical things as well as information …
The ER concept is the basic fundamental principle for conceptual modelling. It has been with us since thousands of years ago and will be with us for many years to come.”
Many of you have heard about data mining. If you think deeply about what the data mining actually does,
you will see the linkage between data mining and the ER model. What is data mining? What does the data
mining really is doing? In our view, it is a discovery of “hidden relationships” between data entities. The
relationships exist already, and we need to discover them and then take advantage of them. This is
different from conventional database design in which the database designers identify the relationships. In
data mining, algorithms instead of humans are used to discover the hidden relationships.
The entity-relationship model can be used as a basis for unification of different views of data: the network model, the relational model and the entity set model.
When trying to understand links between ideas or cause–and–effect relationships, such as when trying to identify an area of greatest impact for improvement.
When a complex issue is being analyzed for causes.
When a complex solution is being implemented.
After generating an affinity diagram, cause–and–effect diagram or tree diagram, to more completely explore the relations of ideas.
The entity-relationship model can be used as a basis for unification of different views of data: the network model, the relational model and the entity set model.
The matrix diagram shows the relationship between two, three or four groups of information.
It also can give information about the relationship, such as its strength, the roles played by various individuals or measurements.
Matrix Diagram came out of the work of a committee of the Japanese Society for Quality Control Technique Development that operated from 1972-1979
The matrix diagram was part of the second wave of Japanese quality improvement in the late 1970’s.
Shigeru Mizuno included the diagram in his 1988 book, Management for Quality Improvement.
Six differently shaped matrices are possible: L, T, Y, X, C and roof–shaped, depending on how many groups must be compared.
See: http://asq.org/learn-about-quality/new-management-planning-tools/overview/matrix-diagram.html
This is a 2D L-shaped matrix.
Registration and Authentication assurance
The example shows the level of assurance for combinations of registration and authentication strength.
Another assurance example this time from Eve Maler
http://www.xmlgrrl.com/blog/2009/12/31/how-to-rest-assured/
This matrix diagram example is from a client’s vendor assessment.
This example L-Matrix maps an identity framework onto an Enterprise Architecture framework.
Dr William Edwards Deming
American engineer, statistician, professor, author, lecturer, and management consultant.
1900 - 1993
Seen by many as the father of modern quality control and a quality management guru
Plan; Do; Check (Study); Act
It reminds us that IAM programs are one of continuous process improvement
Father of modern quality control
Plan; Do; Check (Study); Act
It reminds us that IAM programs are one of continuous process improvement
Deming championed the work of Dr. Walter Shewhart
Plan; Do; Check (Study); Act
It reminds us that IAM programs are one of continuous process improvement
Deming cycle applied to identity framework for an identity data quality review.
Matthew Henry Phineas Riall Sankey
Born County Tipperary in 1853
Sankey introduced the first energy flow diagram in an 1898 article about the energy efficiency of a steam engine in the Minutes of Proceedings of The Institution of Civil Engineers
Joiners, Movers, Leavers
Identity and identifier types
Credentials types and lifecycle events
In an 1898 article about the energy efficiency of a steam engine in the Minutes of Proceedings of The Institution of Civil Engineers Sankey introduced the first energy flow diagram
These were initially made famous by Charles Joseph Minard's statistical graphic of 1869, showing the dramatic decrease in number of Napoleon's troops as his army advanced on Moscow and then retreated, with the size of the army indicated by the width of the line.
Minard was a pioneer of the use of graphics in engineering and statistics.
He is most well known for his cartographic depiction of numerical data on a map of Napoleon's disastrous losses suffered during the Russian campaign of 1812 (in French, Carte figurative des pertes successives en hommes de l'Armée Française dans la campagne de Russie 1812-1813).
The illustration depicts Napoleon's army departing the Polish-Russian border.
A thick band illustrates the size of his army at specific geographic points during their advance and retreat.
It displays six types of data in two dimensions: the number of Napoleon's troops; the distance travelled; temperature; latitude and longitude; direction of travel; and location relative to specific dates.
Sankey diagram for global Internet traffic in 2010.
Source: http://www.telegeography.com/assets/website/images/maps/global-traffic-map-2010/global-traffic-map-2010-l.jpg
Joiners, Movers, Leavers
Identity and identifier types
Credentials types and lifecycle events
Context??
7.1B population
3 B employed
205 unemployed
2.5B have bank accounts
2.5 B do not have bank accounts
World's top ten largest public and private employers, 2012 = employed 17.6M people
Employer Employees Headquarters
United States Department of Defense 3.2 million United States
People's Liberation Army 2.3 million China
Wal-Mart 2.1 million United States
McDonald's 1.9 million United States
National Health Service (NHS) 1.7 million United Kingdom
China National Petroleum Corporation 1.0 million China
State Grid Corporation of China 1.5 million China
Indian Railways 1.4 million India
Indian Armed Forces 1.3 million India
Hon Hai Precision Industry (Foxconn) 1.2 million Taiwan
Rank Company Country Industry Revenue in USD
1 Wal-Mart USA Retail $476.3 billion
2 Royal Dutch Shell NL/UK Petroleum $459.6 billion
3 Sinopec China Petroleum $457.2 billion
4 Nat. Petroleum Corp. China Petroleum $432.0 billion
5 ExxonMobil USA Petroleum $407.7 billion
6 BP UK Petroleum $396.2 billion
7 State Grid Corp. China Power $333.4 billion
8 Volkswagen Germany Automobiles $261.5 billion
9 Toyota Japan Automobiles $256.5 billion
10 Glencore Switz Commodities $232.7 billion
Analysis paralysis
Diagrams can be used to visualise: Data; Information; Concepts; Strategy; Metaphors; Compound concepts.
http://www.visual-literacy.org/periodic_table/periodic_table.html
Left to Right
Ian Goldberg – Nymity Slider
W.Edwards Deming - Deming Cycle
Peter Chen - Entity Relationship diagram
Shigeru Mizuno - Matrix diagram
Kawakita Jiro - KJ method / Affinity diagram
Matthew Sankey - Sankey diagram
John Venn - Venn diagram
Georg Hegel - Dialectic
Speaker biography
Robert Lapes is head of identity advisory services in Capgemini’s IAM practice in the UK. He is a chartered engineer with nearly 30 years of insight and lessons learnt in I.T.
For the last ten years he has been working on assurance of large scale identity programs. He has helped senior stakeholders in Government, agencies, NGOs and global businesses to transform and assure their identity strategy and architecture.
His architectural research for the EU Guide project has given him a unique insight into fundamentals of identity, trust, privacy and consent. He has combined his experience of over 65 client engagements to develop an IAM framework to help clients to understand how identity drives their business and structure their approach to identity.
He lives in the West of England and in his spare time enjoys philosophy, cycling, cider and cider making.