Burton Group Identity Blog

Blogger: Gerry Gebel

I noticed an article today that recounted a new policy at Citrix, which permits users to choose their own laptop. Essentially, employees that sign up for the program get a stipend of $2100 to buy a laptop with specs to their liking. Sounds like a great plan to me! The next step is for employees to bring their own computing device to the workplace, which we expect “digital natives” to expect in the near future. Think about all the time, resources, and expense of purchasing, managing, and maintaining thousands of computers in the typical large organization. Seems to me there are great opportunities to reduce costs – security concerns aside (unless you’re running a Mac).

We think BYOC is analogous to BYOI – bring your own identity. Consider a future that includes more identity intermediaries (check out Bob’s post on identity oracles) whose business is dependent on the trustworthiness and value of the credentials issued to its customers. These credentials and their associated attributes, or claims, are welcome at Internet properties because of their reliability and assurance. The Internet property is also relieved of the expense and risk of aggregating personal information about users of their services. Identity intermediaries will need a technical mechanism to project or share identity information with consuming parties, such as federation assertions or information cards – but not OpenID (more on OpenID in a future post). This leads us back to BYOI, why can’t the company I work for accept identity assertions or information based on an identity service that has already vetted my existence to an adequate assurance level? With the trend to outsourcing and SaaS, this makes sense to me. Costs are reduced for the enterprise, I don’t have to remember another credential, and the company I work for can focus on managing access– rather than managing identities.