Google profiles

It looks like my first true post is coming sooner than expected.

In attempting to solidify an online presence (so people can look me up when they say "who the hell is that?!" when looking through the speakers' profiles for the Financial Information Security Decisions conference), I did the unthinkable: I googled myself.

Everyone should try it. Go ahead. Put your name into google and see what comes up. Evidently, I'm a sheriff in Minnesota, an Orthodontist in St. Louis, and a techie. Someone's been witholding those additional paychecks.

Anyway, while running this self-search, Google placed a link across the top of the search results: "Are you Brian Schlueter? Register, with Google Profiles!" Google Profiles?

Google has released a new feature as part of their iGoogle suite - profiles. The tagline: "control how you appear in Google by creating a personal profile."

I use a gmail account. As such, I do play around with some of the features that Google integrates with their suite of apps - I'm a Google docs user, I'm registered with iGoogle (though I don't really use it all that often), and I even use Google Latitutde, because it's neat and it goes against the grain of tinfoil hats and bomb shelters that most security professionals seem to find comfort in.

Back to self-googling. I was logged into iGoogle at the time of the self-google search, so when I clicked the link for Google Profile, it automatically pulled in information from my gmail account - my name, blogs I might follow in Blogger, my Picasa account, and YouTube videos I may have uploaded.

This is a splendid example of extremely solid identity management practices. Google has purchased these companies and integrated their products all under one set of credentials - namely, my email address. Being able to associate my Gmail account used for Blogger registration, and then showing that in my account profile has a very polished, together, and easy-to-use feeling to it. Large companies should take note - Google has recognized that having one account to manage is cheaper for them. It's only one password to remember. It's only stored once. Preferences can apply across all sites. It's slick, and a focus on end-user experience that doesn't often show at an Enterprise level.

Now, though, it can. Sun (and thereby, Oracle) recently announced it was adding support for Google Apps Premier (linked by fellow Blogger Google Operating System) , which is the professional, business-focused version of Googles' popular apps suite. This includes API's that permit you to use your organization's existing credential store (ActiveDirectory, SunONE LDAP, etc) in conjunction with Gmail, Google Docs, Google Talk, Google Calendar, and the Google Page Creator. That's a nice small business solution.

How come the suite of Google products can all use the same set of credentials, AND integrate into your small business or Enterprise? How can Google take my Gmail account, tie it to my Blogger.com and Youtube accounts, and wrap it all together to have me represented in a single identity?

Strong architecture. In this case, in the form of The Google Apps API. We'll make a deep-dive into the Google API in a future post.

Welcome to Multiple Identities!

Here we are; the first blog post. I've thought about starting a blog for a while now. Recently, I committed to writing a book about two topics I really enjoy: Identity Management and Security Architecture. After finally saying "ok, it's time to do this!" and building the outline of the book, I thought it would make sense to start to flesh out all these thoughts rolling around upstairs by testing them out in a Blog.

So, let's talk about this blog. The focus will be on information security, specializing in the two topics mentioned above - Identity Management and Security Architecture. For credibility (hah!), it might help to know a little about me and my experience (or lack thereof). Therefore, this first blog post will be all about me. :-)

I've been in Information Technology for a little over a decade; I started as a PC tech at a small construction company while going to school at a local community college, and ended up landing a well-paying full-time job in desktop support in Chicago, IL working at a large law firm. After a few short months on the phones, I was promoted to the hardware support group, fixing laser printers and taking apart laptops to replace LCDs and whatnot.

This experience carried me away from my home city and downstate to a very large insurance company, working with a team that supported their people in the field that did estimates on car accidents and ensured the hardware/software they used was reliable and played nicely with each other. I did that for a few years, specializing in wireless WAN communications (those folks needed to be able to communicate back 'home' from the middle-of-nowhere) before it became cool and commonplace like it is today. After a while, I was up for a change. The application security team was a growing field in a growing area at that company and had plenty of smart, young talent to corrupt, so off I went.

What a difference. I quickly found myself. Information Security ignited passion in me that I didn't realize was there. I consumed it. Quickly, I became SANS G-SEC certified and started working on large efforts that were re-designing home-grown software and changing platforms (from VB/COM to Java/J2EE) to be more flexible and integrate more cleanly. Eventually I was asked and accepted a spot on a future-facing team that was looking at bringing in some of the first web services into the organization. This team was building a new framework, developing software iteratively, and I was on the team to help secure it. Awesome!

It was my tenure over these few years in Application Security that I learned the most about web services, XML, WS-Security, ID Federation. I was introduced to Role Engineering and the concept of RBAC. I learned about Kerberos, security tokens, and security as a service. I was hooked.

Around this time, my wife and I decided to try to move back home, so I accepted a position at another large insurance company on their Identity Strategy team. The team has their fingers in alot of pies, but ultimately it's responsible for ensuring the products at the company all integrate nice and neatly with the home-grown Identity Management (IDM) solution. I've been able to touch various parts of the organization, and get involved with all sorts of interesting projects and spoken to all sorts of interesting people in my quest to ensure new products integrate with the company's application framework.

Not too long ago, a partner with Solstice Consulting, Kelly Manthey, gave me my first public speaking opportunity at the Illinois Institute of Technology's NetSecure '09, which I enjoyed a great deal. Recently, Kelly has asked to collaborate on a presentation for TechTarget's Financial Information Security Decisions '09 conference in New York City, which is even more exciting! We're going to talk about how Identity Management can save your company money! So, in addition to helping organize thoughts for the book, this blog will serve to organize thoughts about our presentation.

That's me in just under 700 words. Don't worry; the next few posts will be much more exciting.

Enjoy your day!