How many different ways are you known to others? I don't mean multiple personalities or secret identities, I mean on-line identities. How many phone number (home, work, landline, cellular, fax, etc.), email addresses, IM/chat names or social computing addresses (LinkedIn, Facebook, Twitter, Plaxo, Flickr, etc.) are you currently using? What about the various username and passwords for all of the sites you visit? My password database has over 125 entries in it. I figure I am known/identified almost 150 different ways. This is rapidly becoming unmanageable.

As the Fixed Mobile Convergence (FMC) continues to evolve, the issues around Identity, Presence and Policy (IPP) are becoming more and more important and may well become the single most important aspect of the FMC in a legal and social sense. Enterprises today are struggling with these issues as they contemplate the role of Unified Communications in the enterprise. These new systems require a functioning Single Sign-on (SSO) strategy that is flexible, secure and reliable. This is daunting enough when the range of options is considered, but when we move out of the enterprise and into the public the issues become overwhelming.

The problems of IPP are broad and complex:

• How many different "names" do I have, and how can they be unified under a single permanent identity?
• How am I authenticated under one or all of these identities?
• Who is the controlling/managing authority (presumably a trusted third party) for handling this authentication?
• How do we handle the mechanics of routing (find me follow me)?
• How do you determine who can access you and in what manner?
• How does IPP participate in financial transactions?
• How does IPP deal with identity theft and liability?

There are a host of strategies and initiatives that have been proposed to address these various aspects and most have either failed or been unable to get any real traction and none of them have proposed a complete solution. While there are many commercial authentication and single sign on solutions (Microsoft, Oracle, Sun, IBM, ActivIdentity) they all tend to be proprietary and so not well suited to being the long-term, general solution. Here is a small sampling of some of the open initiatives.

OpenID - is an open, decentralized, free framework for user-centric digital identity. OpenID takes advantage of already existing internet technology (URI, HTTP, SSL, Diffie-Hellman). It is managed by the OpenID Foundation

Kerberos - Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well./span>

SAML - SAML, developed by the Security Services Technical Committee of OASIS, is an XML-based framework for communicating user authentication, entitlement, and attribute information. As its name suggests, SAML allows business entities to make assertions regarding the identity, attributes, and entitlements of a subject (an entity that is often a human user) to other entities, such as a partner company or another enterprise application./span>

Higgins - Higgins is an open source Internet identity framework designed to integrate identity, profile, and social relationship information across multiple sites, applications, and devices. Higgins is not a protocol, it is software infrastructure to support a consistent user experience that works with all popular digital identity protocols, including WS-Trust, OpenID, SAML, XDI, LDAP, and so on. Higgins is part of the Eclipse project.

Liberty - The Liberty Alliance was formed in 2001 by approximately 30 organizations (now more than 150) to establish open standards, guidelines and best practices for identity management. Liberty Federation allows consumers and users of Internet-based services and e-commerce applications to authenticate and sign-on to a network or domain once from any device and then visit or take part in services from multiple Web sites.

Shibboleth - The Shibboleth System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. Shibboleth is part of Internet2, a not-for-profit advanced networking consortium comprising more than 200 U.S. universities in cooperation with 70 leading corporations, 45 government agencies, laboratories and other institutions of higher learning as well as over 50 international partner organizations.

Diameter - The Diameter base protocol (the successor to RADIUS) is intended to provide an Authentication, Authorization and Accounting (AAA) framework for applications such as network access or IP mobility. Diameter is also intended to work in both local Authentication, Authorization & Accounting and roaming situations. Diameter is defined and maintained by the IETF. This list is just a tiny (somewhat random) sample of what is out there. As you can see the directions of these initiatives are all over the place and don't address the breadth of the issues in a complete and consistent manner.

The commercial markets have a serious interest in this area because identity theft always leads to financial fraud. Tens of billions of dollars are lost each year in the US to identity fraud with the largest burden born by the credit card companies. While the credit card companies may not represent the desired "trusted third party" to administer identity management they certainly have the ubiquity (and the economic incentive) to take a leadership role.

Ultimately the question around who defines these standards, who manages the data, who protects the interests of the consumer and who profits from it is a multi-billion dollar question with no clear answer yet.

As this is the inaugural article for this blog I suppose it is appropriate for me to say something about my objectives in writing it (other than acceding to my boss’s wishes).

The telecommunications space is going through the most convulsive changes it has ever seen. The incumbents are under a full court press as new players and new technology enter the market continually.

The pundits talk a lot about ‘convergence’ in the market usually referring to the ‘fixed / mobile convergence’ but there is also a cultural convergence of the incumbent telcos, network vendors, enterprise application vendors and the emerging ‘web 2.0’ vendors. Each of these groups has a different view of what architecture, technology and business model to apply to be competitive. This has led to a very confusing landscape for the customer, particularly the enterprise customer who is looking to exploit these new technologies as a competitive advantage.

The view of these emerging trends I will cover in this blog is more a technical perspective and less a business one (although I try to keep a healthy balance). My role here at Primal Solutions is to help determine which of these emerging technologies is appropriate for us and our customers, to help guide its appropriate application and to understand (and help solve) the issues our customers are struggling with. I strive to select and adopt the technologies that will endure and evolve while avoiding the dead ends and orphaned products. The result is that this blog will have a technology slant with an eye on practicality and longevity. It will also deal with the underlying issues that drive the technology.

As the title of the post suggests, the thing we once thought of as telephony is being completely redefined. At one end of the spectrum we see Unified Communications (UC). Wikipedia defines UC as:

Unified communications (UC) is a commonly used term for the integration of disparate communications systems, media, devices and applications. This potentially includes the integration of fixed and mobile voice, e-mail, instant messaging, desktop and advanced business applications, Internet Protocol (IP)-PBX, voice over IP (VoIP), presence, voice-mail, fax, audio video and web conferencing, unified messaging, unified voicemail, and whiteboarding into a single environment offering the user a more complete but simpler and more effective experience.

UC represents a monolithic approach to integration of classic telephony (voice) with existing collaboration applications (video, chat, conferencing, etc.) for the enterprise. The proponents of UC are the typical telco/enterprise/network vendors including Siemens, Cisco, Microsoft, IBM and Avaya.At the other end of the spectrum are the vendors taking a ‘mash-up’ approach of features as services. They include new Web startups such as Ribbit and Jaduka as well as old-line carriers such as BT and AT&T. Their offerings allow you to select individual features such as voice, messaging and conferencing and integrate them into your own application or web site in an ‘assemble as needed approach’ without having to build out your own infrastructure.

The wireless space is just as tumultuous with carriers like Sprint moving aggressively into WiMAX, Verizon opening its network to non-subsidized devices and the emergence of two strong candidates for an open Linux-based wireless platform – LiMo and Google’s Android.

Another aspect of the convergence trend is that topics such as identity, presence, policy and location have largely been debated in the ‘web’ space are now critical to the future of communications.

The point of all of this upheaval is not so much about the technology itself as it is about people. The purpose of the technology is to facilitate the communication between people and the ultimate value of any technology is how well it serves the needs of the people who depend upon it.

Where is all of this heading? I don’t know anymore than anyone else does. My hope is this blog will provide a forum to explore, discuss and learn from each other about all of these issues. One thing is certain; the next few years will be nothing like the last few and even less than we imagine they will be.