Thursday, March 29, 2007

rfi User-Centric Identity and Master Data Management


Here's another installment in the ongoing saga of me attempting to intersect all creation with user-centric identity.

What exactly is master data management (MDM)? I have a many-layered response to that:

  • Enterprise requirement: need for corporate systems of record that are authoritative, consolidated, current, and internally consistent; also known as need for a “single version of the truth” continuously feeding business intelligence applications with actionable business information
  • Best-practices paradigm: infrastructure, tools, and workflows for life-cycle governance of master reference data sets, such as customer records, product information, financial data, etc.
  • Product segment: comprehensive solution portfolios that include software for data quality (profiling, cleansing, enhancement, etc.), data integration (extract, transform, synchronize, replicate, load, etc.), data consolidation (data warehouses, operational data stores, DBMS, etc.), data modeling (metadata, mapping, semantics, etc.), data administration (stewardship, monitoring, security, version control, access control, etc.), prebuilt domain data models (horizontal applications for customer data integration, product information management, financial consolidation etc.; industry-specific for financial services, manufacturing, carriers, etc.)
  • Coverage area: my core focus as principal analyst for data management at Current Analysis
  • Solution Assessments: new class of Current Analysis reports that I’m publishing and will keep current continuously, focusing on leading MDM vendors such as IBM, Oracle, Teradata, SAS, TIBCO, SAP, etc.
  • Telebriefing: that I’m presenting next Wednesday-Thursday, introducing the new Current Analysis MDM Solution Assessments and discussing the market, vendors, differentiators, etc; check for further details
So there's my plug for my bread-and-butter. I'll bet you're still wondering how MDM overlaps with user-centric identity. I have a multi-layered answer to that as well:
  • Customer records are identity data sets.
  • One of the principal enterprise applications of MDM is customer data integration (CDI)--i.e., extracting customer records from multiple source apps/databases; then analyzing, profiling, matching, de-duplicating, correcting, enhancing, and transforming those records; then consolidating and loading them into data warehouses; then applying version and access controls to the records; etc.
  • Consequently, CDI functions are essentially IdM operations, similar in many ways to directory synchronization and meta-directory operations, in which diverse customer identity namespaces (i.e., the source customer data schemas in your CRM and other apps) are synchronized and/or joined into a composite and/or consolidated enterprise-standard namespace
Getting to the user-centric identity relevance...bear with me a moment there are some genetic similarities between traditional IdM and CDI/MDM, but there is a key difference in how IdM-reliant and CDI/MDM-reliant applications generally "rely" on the respective identity data sets:
  • Traditional IdM treats the identity/user as a "subject"--i.e., performs various and sundry dir-sync/meta-dir operations in order to manage identity data necessary for user-inbound security services such as authentication, access control, role administration, etc.
  • Traditional CDI/MDM treats the identity/customer as an "object"--i.e., performs data integration/quality/consolidation functions in order to manage identity data necessary for user-outbound commerce services such as direct marketing, billing and collection, service and support, etc.
Getting patient...the payoff's on the, neither approach--traditional IdM or traditional CDI/MDM--qualifies as user-centric identity. And why is that? Because--keeping in mind the notion that user-centric identity "empowers the user"--it's clear that neither of these approaches serves that purpose. Instead, they both empower the managed IdP (be it a classic IdP or a CDI/MDM data warehouse). Neither approach provides "you" (the user, in classic IdM, or the customer, in CDI/MDM) with the information and/or tools that you need to control your identity. In both of these approaches, regardless of whether they treat "you" as a "subject" or "object," your identity is controlled by "them" for "their" purposes.

Here's the payoff: Classic user-centric identity requires that "you" be the master of your own personal identity data. In other words, makes you the "sovereign," not the "subject" or "object" of your identity. By contrast, classic CDI/MDM requires that "you" the customer/prospect/direct-marketing "object" cede that personal-identity control to a master managed third-party IdP (i.e., the owner of the data warehouse in which your identity data has been consolidated under strong governance).

So there you have it. Any questions?