What’s The Problem?
Everyone has a cell phone these days, and a wireless bill can be confusing, frustrating and convoluted, whether it’s online or in print. Wireless carriers are under pressure from their users to make Online Charging Systems with more features, greater flexibility, better scalability and lower response times, because customers want to be able to understand and manage their bills. But providing flexibility, scalability and quick response has an implication to a sub-system within the carrier – there’s not a simple, quick solution since all of these sub-systems are complicated and inter-related. Let’s talk through the areas where you need to evolve:

Features and flexibility
The great challenge of delivering a product that closely follows market demands is just that: closely following the market. When the product is software and the market is the mobile world, development is happening so fast that it becomes very hard to keep track of the range and diversity of trends and innovation. Plus, designing a product that can adapt to tomorrow’s winning innovation is almost impossible. What is possible is to choose every component in the stack with nimbleness and adaptability in mind.

What does that mean in terms of data? There are lots of databases and caching products out there, each with their own unmatched performance advantages or scalability profile. But can these products adapt to your changing needs or do they require a forklift migration every time the data morphs, just to enable new capabilities in the software? Here’s the key question: can you evolve the schema a change at a time without a full teardown, costly migration or time consuming batch changes? Flexibility is key to a smooth adaptation to change, and a feature set based on the ability to change is vital.

Scalability
With global mobile markets growing at an amazing rate, mobile operators have to manage more and more subscribers, each consuming ever more services, with constantly changing tariffs, taxes and offers. This directly translates into heightened loads on the billing and charging systems. Load profiles are evolving as well, with more network subsystems feeding charging data and higher peak loads. There are two choices: keep pace with the industry, evolving faster with each release; or get passed by more nimble vendors. Telcos are evolving into a large billing platform and obviously the charging system is at its heart. As they evolve, they find more creative ways to interact with external partners, which in turn creates more content that they can charge subscribers to access. The kind of loads on these systems are at least one, but maybe two or three orders of magnitude less than what we see coming in the future. And by the way, the future isn’t that far off. So strap in, it’s going to be a wild ride.

Response Times
With more systems connected to the online billing platform, the response time expectations are becoming tighter, and the contention on the usage counters is increasing, making designs brittle. The all-IP environment means that many services can be accessed simultaneously by a given subscriber, with different offers in use. So contention on these counters is a fairly common occurrence. In a lot of offerings, aggressive caching strategies have to be used to satisfy the exacting SLA standards of the telco industry. The good news is that there is a healthy selection of new software aiming at addressing these real-time problems. Picking the right one is key.

So the Online Charging System of tomorrow has to be in development today. It has to provide real-time data, and be built to scale. And it’s got to be nimble, flexible, and feature-rich. Sound like a dream? Users will expect more and more of their providers, and any provider not prepared for this evolution will find it a nightmare.  So, if you are a service provider looking for tomorrow’s solution today then talk to us about our unique approach to providing the features you need to evolve your Converged Charging System.

UnboundID is just one of the estimated 40,000 participants in this year’s CTIA Wireless event in New Orleans, and while the show itself has a huge focus on consumer and retail applications, Light Reading is hosting a co-located event on Wednesday, May 9 at the show that features more in-depth coverage on the importance of data analytics, and the value of bringing together network, subscriber and application information to create affordable, feature-rich services for telco customers.

The Light Reading event, Policy Management & The Subscriber-Centric Service Revolution features keynotes and sessions with Heavy Reading Analysts and panel members from Ericsson, Cisco, and our own Director of Product Marketing, Nick Crown. In Nick’s session, “Resolving the Privacy Conundrum”, Heavy Reading Senior Analyst Jim Hodges will moderate conversation around the always provocative topic of how companies can use customer information – at benefit to themselves, but also without alienating customers.

Savvy customers are speaking up about their personal data rights and can be skeptical that businesses will keep their data private and use it respectfully. Companies planning for the long-term will recognize the value in satisfying these customer concerns – and will focus on building trust through transparency.

So if you’re in the Big Easy and you’ve seen all the gizmos at the CTIA show, come on by our panel session – 4:30 to 5:30 today.

In previous posts, we’ve discussed identity information as the product and how the proper handling of that information leads to customer loyalty.  Loyal customers are happy customers, and happy customers tend to spend more with companies.  Let’s take a look at these concepts through the lens of the retail world to understand what has changed since the days of the old fashioned general store, and how identity information is critical to the survival of existing brick-and-mortar retailers.

Early Retailers
Nels Oleson, proprietor of the general store in Little House on the Prairie, had a relationship with every customer. A customer would walk in and choose a product, regardless if it matched his exact preference, and pay with cash. 
There was no need to know the customer’s
 identity, as they had no choice of
 where to shop, and the seller did not need to 
market to them because his store was their only choice. Mr. Oleson realized that once he knew a customer’s 
name and where they lived, they could start
 keeping a tab, allowing the customer to 
pay once a month. That name and address – the customer’s identity – had 
a value. And, once he knew and trusted that customer, he could rely on the customer’s loyalty to his store.

Brick-and-Mortar Retailers
But in cities where customers had a range of choices, what we now call Brick-and-Mortar retailers had storefronts that provided each neighborhood with goods and services. They would advertise with a wide net via TV, radio or newspaper, but often lacked a focused delivery to a specific, targeted buyer. Because there were more stores and more customers, payment went through a third-party-validated system. Governments issued ID cards, banks provided checks and credit cards to reliable customers, and those customers purchased at shops where they may not be known, but where they could simply prove their identity and purchase. While Identity was still tied to the same data – name and address – the means of providing the data was a bit more sophisticated. In this retail situation, a customer didn’t build the same trusting relationship they might have had with a small-town general store, but they did get greater selection. However, once that customer left the store, the retailer was unlikely to gain any more knowledge about them, which meant more money spent on wide advertising coverage to continue to keep that customer coming back.

Online Retailers
In the beginning of the online shopping experience, customers were fairly anonymous – a famous cartoon from New Yorker, July 5, 1993, “Nobody knows you’re a dog”, poked fun at the fact that your best customer could be anyone – or any dog. Like Amazon.com, many of today’s retailers perform 100% of their business online. The value of a customer’s identity to a company like Amazon.com is paramount, as 
their relationship relies entirely on this data. Today’s online retailers have come to know a lot more about their users, but the level of trust that comes from the one-to-one relationship is not present in an online sale. Instead, the online retailer focuses their advertising and marketing dollars on figuring out who each customer is, and what their interests are based on their use patterns. New offers and promotions are personalized for each customer. Advertising becomes more focused, and thus less expensive. So the identity information they gain has definite value to the business, but they’ve lost some of that trust from the customer.

The Identity Economy
The value of identity to retail businesses has changed over time from Mr. Oleson’s General Store to online retailers like Amazon.com. Few retailers today are able to create that personal one-on-one relationship, with the trust, knowledge and loyalty it provides. But the benefit to the online world is that customers leave traces of their identity data throughout their shopping process, and online businesses trade identity data back and forth, or sell the data to other companies as part of an Identity Economy. This ultimately results in targeted advertising and product development, which may be of value to the customer. Brick-and-mortar businesses have a harder time competing with the online business because it’s more difficult for them to gather that detailed identity data. They may provide a slightly more personal experience, but they’re missing that targeted message to the consumer. Most large brick and mortar retailers also have online stores, but they often don’t utilize a holistic view of their customers. We’ll explore this concept more in a future post.

Personal identity data is providing the foundation for online retailers to build a more direct connection to the customer. To compete with online retailers, brick-and-mortar businesses have to find ways to gather this identity data, in order to build the one-to-one relationships necessary to compete in today’s world.

UnboundID Making Use of a Hidden Asset
We believe that identity data, which is at the heart of eCommerce, will be the currency of the emerging Identity Economy. Retailers of all types will leverage this data to enhance their already existing product and service capabilities. UnboundID has the vision, technology and expertise to provide a platform to facilitate the secure, real-time exchange of this valuable asset.

In the end, it’s the relationships that matter.  The proprietors of the general stores got this. Many online retailers get this too. The question remains: will the brick-and-mortar retailers that are struggling today get this before it is too late?

This week we announced the opening of a new office in London – the purpose of which is to facilitate business development and sales operations throughout the U.K. and Europe. This expansion into EMEA markets will help us increase sales and adoption of our identity services platform and better meet the needs of our customers.

In several of our past blog posts we’ve talked about our take on the Identity Economy, and plenty of other analysts, pundits, and even governmental agencies are talking about the same kind of commoditization of identity information. As this subject continues its momentum, we realized that we needed to grow to support the needs of customers in Europe.

With that in mind, we hired Matthew Hemming, a seasoned IT managing director with 23 years of experience at the management level working with leading technology services and solutions providers. His responsibilities will include creating and executing new sales strategies for U.K. and Europe, as well as building out the European sales team. He’ll also coordinate our expansion into target vertical markets, including telecom and financial services.

In addition to leading sales teams in the European, South American, African and Middle Eastern markets, Hemming also worked as managing director of Northern Europe for Motive, Inc. (now owned by Alcatel-Lucent. Prior to Motive, he served as Trilogy’s vice president of sales for Europe and client services and later moved to 535X as its managing director. We’re excited about the impact his management and sales experience will have on our European operations, and how this continued growth will help position UnboundID as a leading platform provider for identity services.

From BYOD to BYOI
There has been a lot of discussion recently on the topic of “Bring Your Own Device” or BYOD.  As I alluded to in a previous post, the underlying challenge is one of managing, or leveraging, a user’s identity. Specifically, the use of the proper credentials (usernames, passwords, etc.) tied to an identity to gain access to the applications installed on a given device.  Most of the applications that I frequently use on my devices are dual-use (voice, SMS, mail, Twitter, Facebook, web).  In fact, I’m frequently toggling between my corporate and personal identities for each of these applications.  For voice and SMS, the switch is more of a mental switch versus the physical switch of a credential, but it’s a switch nonetheless. Regardless of how it’s accomplished, switching an identity is much easier and more palatable than switching devices or applications.

If the issue of relying – dare I say trusting? – on a user to bring, manage, and use their own device within the work environment has everyone in an uproar, just wait until those same users start to bring their own identities to the work environment.  How about Facebook for the ERP or HR applications?  In my opinion, this concept is much more groundbreaking and disruptive than BYOD.

Others have recently shared this sentiment (Bring Your Own Identity, Bringing Your Own Identities: The New Reality, Strong Authentication: Bring-Your-Own-Token Is Number Three With A Bullet).  As they have all suggested, the more interesting conversation is about “Bring Your Own Identity”, or BYOI, and not BYOD.

You’ve got to hand it to those Burton guys for being smart and on top of the issues – they’re well ahead of the pack.  I agree with all of the assertions that Gerry made in his post.  Most succinctly: “Why can’t the company I work for accept identity assertions or information based on an identity service that has already vetted my existence to an adequate assurance level?”  Amen.

Where are all the “grown-up” IdPs?
Given that the idea of leveraging one’s own identity for work purposes has been around for some time, why is this not more commonplace today?   Further, why do we not see more companies serving in the role of an Identity Provider (IdP) out there today?  Yes, Facebook Connect is an example of success in this regard, but only for a certain class of identities.  No, I don’t believe we’ll see the lower level-of-assurance (LoA) credentials issued by Facebook being utilized for accessing sensitive enterprise applications.  Granted, it’s feasible for Facebook to provide additional vetting and assurance for the identity information that they provide to third parties, but it is highly unlikely.  Even so, there are serious conflicts of interest between their current model of selling our personal data for profit and the sensitivity associated with the access of enterprise resources.  That’s not a good mix.

While on the topic of incentives and Federated Identity Management (a fancy term for BYOI), an excellent research paper – “Economic Tussles in Federated Identity Management” – was published last year by Tyler Moore (Harvard University Center for Research on Computation and Society) with assistance from Susan Landau (Radcliffe Institute for Advanced Study) that provides great insight into why we have yet to see a healthy ecosystem of Identity Providers.  In the paper, they dispel the myth that the primary reason for the failure of broad-based adoption of federated identity management is an issue of liability, or who is at blame if something goes wrong in the use of identity information.

“When seeking explanations for why federated identity management systems have not yet succeeded in the broad way anticipated at the beginning of the last decade, many have pointed to the inability to sort out liability as a major cause of failure [29, p. 22]. We believe this is a mischaracterization of the problem. Instead, a more useful perspective is to examine the natural economic tussles that arise between the stakeholders in any engineered system.”

They define a set of four economic tussles at play in federated identity management, whereby “tussles occur whenever the interests of stakeholders conflict in the design of an engineered system”:

1. Who gets to collect transactional data?
2. Who sets the rules of authentication?
3. What happens when things go wrong?
4. Who gains and who loses from interoperability?

They go on to summarize the entire thesis with the following succinct point in their concluding remarks:

“All three parties in a federated identity management system must gain from the transaction, or there will be no incentive to use the system.”

Said another way, it must be a win-win-win for the parties involved (IdP, Relying-Party and user) to achieve success.  In the case of Facebook Connect and other social identity systems, the incentives are clear: Facebook increases it’s stickiness and the amount of data they possess on users when their identity system is leveraged; companies relying on their system get access to a rich set of personal data that is shared by Facebook; and the user gets the convenience of a single login experience.  These incentives seem to work for the lower value transactions (blogging, social media, etc.), but when sensitive data or monetary transactions are involved, these incentives are not aligned. For the proper set of incentives to be in place, we need another class of identity providers to appear on the scene – the “grown-up” IdPs.

A two-tier system of Identity?
There’s growing evidence to support the desire for enterprises and others to adopt BYOI.  This is especially true today in the healthcare and government sectors, where pilot projects are well underway in many areas.  How long will it be before the typical enterprise is looking to do the same?  We’ve already stated that the social identity systems, with the misaligned incentives and lack of higher level-of-assurance credentials, will not cut it.

The business model for companies serving in this role will not be based primarily on the selling of personal identity information.  That’s not to say that the exchange of information will not take place.  Rather, those exchanges will be limited in scope and at the sole discretion of the user involved. The companies accepting those credentials will not expect personal identity information in return.  They will chose instead to accept those credentials because they have determined that it is economically advantageous to offload the burden of issuing, assuring, and managing the identity information to someone else.

Note: In future posts we’ll be exploring additional topics related to Identity Providers as we attempt to understand how the changes that are taking place today and in the near future are shaping this burgeoning market.

CNN recently posted a brief, yet important article on privacy as it pertains to applications running on the Apple iOS mobile operating system. In summary, the article says that Apple will start requiring mobile applications to get explicit permission before they can collect and store the user’s contacts.  As we all know, some social applications depend almost entirely on gaining access to the user’s contacts (i.e. Facebook, Twitter, Words With Friends, etc.), regardless of the source of these contacts.  According to the article, in some cases Apple discovered that the permission (authorization) to allow the mobile application to harvest and remotely store the user’s contacts was buried deeply in some applications’ terms of service or privacy policy agreement.

Apple is fixing this and we applaud their effort. Making it easier for users to knowingly and willingly “opt in” for data sharing is important to the trust that’s needed in today’s interconnected and service oriented Identity Economy.

As I think about this more, it raises an interesting question – who owns the contacts?

As an example, regardless of whether it’s my phone (or my rolodex, day planner or holiday card list…) and I add your information as a contact, my contact, then I at least am a partial owner of our “contact” relationship.  Right?  More generally, if two people are friends, then each has some interest or ownership in the friendship.  And at least in my experience, when two friends exchange contact information, it’s usually so they can stay in touch, not so that personal information could be shared, sold or given to others.

So let’s agree that having someone’s personal contact details in my phone assumes I was given this information so I could communicate with them, whether they are a friend, coworker or acquaintance. Beyond this use, how much of my contact’s personal data do I own or do I have a right to authorize or share with anyone else?

Here’s a diagram to illustrate the situation:

Looking at the diagram, I can claim to own and have all rights to any information in the “Me” circle.  This is my profile information – e.g. name, address, age, employer, email, etc.  Since it’s my personal identity data, I can choose how and where I share it.  I could also claim to have some authority of the lines connecting “Me” to my contacts, since these lines are my relationships to these people.  But again, how much of the personal information in any of my contacts’ circles do I “own”? Do I have the right to grant access to that information to some other application that wants to collect it?

Let’s look at one more analogy.  If a marketer called your home and asked if you knew John Doe, you might be inclined to answer without hesitation.  But if they asked if you would give them John’s phone number, address, email address, etc., you hopefully would ask why they wanted these details and might feel you want to check with John first.  After all, you’d probably want John to do the same for you.

Back to the situation being addressed by Apple… From a privacy perspective, it’s fair that I should have to explicitly authorize any application before it can retrieve any information on my mobile device, including my contacts.  From a trust perspective, my contacts trust that I’ll use their info for the purpose it was given to me – e.g. for me to use in order to communicate with them.  They trust that I’m not handing it out to anyone or any thing that asks for it.

The point is that unlike more typical personal identity data (e.g. my profile, my email address, my location, my search history, my purchase history, etc.), contacts are different.  This is because they hold someone else’s personal identity data.  And if it’s a different type of data, then maybe different rules should apply to terms of service when it comes to contacts.  After all, trust is paramount in the online digital age and my friends, coworkers and acquaintances need to trust me to use their data the way it was intended, much in the same way that I need to trust online services and even mobile applications.

So while we believe Apple is moving in the right direction, we also believe we’re only scratching the surface on the privacy concerns when it comes to different types of identity data.

Think about that…

UnboundID CEO Steve Shoaff always comes up with interesting ways to explain what is happening in the market, and one of his latest favorite sayings involves extrapolating “Moore’s Law” to cover Identity.

How does he define his version of Moore’s Law of Identity?
The amount of identity data about a user – the user’s attributes – is growing much faster than the number of users.

Now, is the amount of identity data doubling every two years, or 18 months as described in Moore’s Law?  Maybe.  Or it might be more than this.  Regardless of the actual rate, it’s fairly obvious from the number of new online service popping up every day, and the virtual vapor trail that we are leaving behind in every online interaction, that we are generating a boatload of personal (identity) data.

In the past when we formed a relationship with a vendor, they only needed to know enough information to bill us and give us the proper support. But what has become clear in the Facebook/Google era is that identity information is highly valuable and the more identity information you have, the more value you have in your user. We see this when Facebook targets very specific ads at us based on our age, our relationship status, and even the content of our posts. Thus, providers are trying to harness more and more of this valuable information about us.

So, if service providers want to get more users – which they all do, as that’s how they make money – and they want to sell each user more services, the ultimate consequence is that the service providers have to store a lot more identity information. The infrastructures they have built in the past are not going to be able to handle this explosion of identity information.

This is where UnboundID can make a difference.  We have built a forward-looking identity infrastructure that enables service providers to capably handle Moore’s Law of Identity.  We have purpose-built software that can handle extreme numbers of users (we have deployments of over 100 million users), and more importantly,  the large amount of identity attributes associated with each user (we have customers that store up to 4000 attributes on each user).

If you find that your company is facing the impact of Moore’s Law of Identity, check out UnboundID , and let us help you get your most valuable asset – customer data – in order.

Back in February at the Mobile World Congress event, we rolled out our platform development and marketing strategy around the Identity Economy. This week, we’re putting our money where our mouth is, so to speak, and we’ve announced that we’ve received $12.5M in Series B funding from OpenView Venture Partners. There’s a lot of excitement around this funding, because it will allow us to grow our already stellar team in order to work toward our company goals.

We recognize that identity data is the driving force behind big data, and our identity services platform is designed to help companies manage the exploding quantities of data they are gathering. In addition, it’s clear that consumers (and the government, and savvy enterprises) are concerned about what’s being done with identity data, so one of our key tenets is to help secure that data, and to enable companies to be open with their customers about what they’re collecting, and how they’re using that information. It’s our belief that a trustworthy enterprise gains customer loyalty through this kind of clarity, and customers reward those companies in return, with additional revenue.

This additional funding gives us the resources we need to continue developing products and services that meet the needs of this fast-growing identity marketplace. Keep an eye on UnboundID as we ramp up our business with new hires, new products, and new customers. It’s going to take a lot of work, but it’s the kind of work we love, and that makes things seem a whole lot more fun.

Here at UnboundID, we have just released SCIM 1.1.  While a ‘.1’ release normally sounds minor, in this case there’s a hidden gem: native bi-directional synchronization support for SCIM in our Synchronization Server. To provide perspective, the primary driver for creating the SCIM standard is to enable organizations to universally provision on-premise user identity to SaaS providers.

The UnboundID Synchronization Server propels that promise forward with bi-directional SCIM synchronization. With this addition, it is now possible to push as well as pull SaaS identity data on premise. Crazy talk? I think not. As more business-critical applications move to the cloud, the cloud increasingly becomes more authoritative. Identity, as a core aspect of any application, will follow suit.  I call this trend the “Rise of the Identity Provider” a la Rise of the Planet of the Apes.  Much like future humans were surprised to see apes ruling the planet, I’m sure IT didn’t see the outsourcing of a few apps here and there turning their world upside down.

Speaking of the Planet of the Apes, in the original book, the protagonist escapes the ape-ruled planet landing just outside of Paris to start life anew (let’s skip over the part where he finds the apes rule Earth too…details, details).  Similarly, those involved in developing the SCIM standard will land in Paris next week at IETF 83 where we’ll present SCIM to the IETF standards body.  If all goes well, a SCIM working group will be formed and work will continue under the auspices of the IETF.  You can track progress of the IETF work here.  Better yet, if you have a vested interest in moving the initiative forward, volunteer and let your voice be heard.

If you can’t make Paris (or just can’t get enough SCIM) we’ll be on that side of the pond again in April for the European Identity Conference in Munich.  Make sure to check out the SCIM panel where representatives from Ping Identity, Courion, SailPoint and UnboundID (yours truly) will banter about all things SCIM.

Lately the news is filled with horror stories about how companies are abusing personal data – this topic is the “zombie apocalypse” of the online world – it’s everywhere, and everyone’s alarmed and up in arms.

But is it all bad news? Are all the companies that are gathering personal data villainous and evil? What if there are some companies out there that are ready to give you back control over your data? Here’s a likely scenario:

Your mobile provider offers to let you view the information they currently hold on you, giving you the ability to delete (truly delete) things you don’t want them to know. Then, once you’ve reviewed your record, they offer you a 10% discount on your data plan if you’ll share additional data with them – data that they will not share with other companies, unless you approve.  Over time, they could even continue to offer you discounts or bonuses if you share more information – again, on your terms.

Would you take that offer? It puts you back in control. It lets you know what they know, which takes some of the creepy factor out of their activities. And it means that you’re helping them tailor your plan to fit you, based on the data you share – which should result in savings and a better, more personalized plan for you.

Why would your mobile company do this for you? Assuming they’re not the evil “take over the world” type of company we see in the movies, there are several reasons that they might take this more open, friendly path:

1. Trust – by opening your files to you, the company gains your trust. It’s a risk for them, because you could wipe out everything they know about you. But it’s a calculated risk – you could also add more information. And since few companies are doing this, the first ones to do it will be differentiated as pioneers and outliers, by claiming to give you back control over your data.
2. More Useful Information – given the chance to review and update your own identity info, you might provide more accurate information. I’d rather someone target me accurately than waste my time with inaccurate offers, so I’d take the time to update my information with correct data.
3. Loyalty – once a company gives you control, and allows you to tell them what you want them to know about you, you’re more likely to work with them over and over. The rewards are there for you, so you’ll continue to work with that company for greater benefit.

It’s easy to get swept up in the “zombie invasion” scare around the use of personal data, and we do have to stay vigilant against the companies who seem to be using our data for nefarious purposes. And while it’s wise to stay alert and informed about how your data is being used, there are going to be companies out there that are using their powers for good, not evil. It’s our job, as good consumers, to reward those companies for being good corporate citizens, and to take the benefits that they offer us in return.