One of the interesting outcomes from my contextual research project on enterprise social networking was not only what was said by study participants but what was "not said". One such topic that did not come up to any great degree during the storytelling sessions was the topic of identity and its role in social networking. That gap could be the result of many factors (e.g., the people in the room, the way the conversations flowed, the project phase of the social networking project, etc). However, given the prominent role people are placing with user profiles on social network sites, it seems natural to look at profiles as the "fuzzy front-end" of identity - at least from a social computing perspective. The intersect between identity and social networking has intrigued me for some time. Below, I've outlined some work-in-progress thoughts on how the interconnection between social networking with identity management might evolve. To help me out (since I don't cover identity management), I've been brainstorming with Alice Wang, Director, Burton Group (who is an identity expert). Alice has given me some real-life context based on her consulting experiences with clients and her synthesis of our identity research as its applied to actual situations in the field. The thoughts below reflect this joint perspective Alice and I have sketched out.
And if you're looking for yet another reason to attend Catalyst, Burton Group is hosting a Concordia workshop (details below) that, in part, will bring this topic more out into the open.
Thoughts and comments on the outline below greatly appreciated... if you are a Burton Group client, we would love to explore this concept with you in-depth.
Thesis
As organizations explore the use of social networking, the enterprise is no longer the only participant in managing identity. An employee’s social network site profile, social graph, and use of other social tools and applications enable them to construct additional identity facets to suit their own needs. As a result, organizations should incorporate “social identity” claims within identity management practices.
Framing
When we think of relationships, and study it from a social perspective, we look at:
- how people construct facets of their identity based on social structures in a particular context and activity
- how identity controls people’s impressions and establishes reputation
- how people switch between social identities to fit the needs of groups and activities
- how people evolve their social identity facets across activity domains and social processes
When we study relationships from a purely identity management focus, we look at the people, process, and technology arenas such as:
- how the organization ensures that authenticated and authorized employees are securely accessing information and applications
- how business roles are defined and separation-of-duties enforced
- how entitlements and classification policies are applied so that information is handled properly and compliance needs met
- how “need to know” access controls enable effective information sharing and collaboration between co-workers while protecting intellectual property
The result: an enterprise “tells” its employees what their identity is vs. what employees wish to create to suit their own needs. Today, few enterprise strategists, architects, infrastructure planners, and project teams involved in social networking initiatives are paying enough attention to the long-term implications of identity on efforts. Conversely, identity management teams are frequently not involved in determining the strategic ramifications of social networking initiatives on their enterprise practices. For instance, how does the organization assure attributes within a self-claimed social identity – what if employees build exaggerated or misleading social identities – what methods does the organization employ to vet social identity data (e.g., assess community equity and reputation)?
However, societal trends are fusing these two perspectives, compelling enterprises to connect the social aspects of identity emerging from social networking tools and applications in a manner that augments long-standing internal and external identity management requirements. Accomplishing this feat in a sustainable fashion enables organizations to leverage its network of connections across employees, customers, partners, and suppliers for competitive advantage (e.g., improved relationships, more effective knowledge sharing). Failure to address the social aspects of identity by managing identity only from an enterprise perspective will reduce benefits from social networking solutions.
Understanding the intersection between identity and social networking trends, and its implications to enterprise strategies, is a critical first-step. Some of the core issues emerging from each of these two vantage points include:
- Identity in the context of relationships
- Relationships in the context of social networks (communities, collaboration)
- Social structures, fragmentation of identity, and structural holes in social networks (positive and negative consequences of)
- Identity and roles (both formal, “institutional” roles and social roles that are often emergent)
Rationale
From a social networking perspective, identity is a complicated, multi-faceted construction, created and evolved over time within the social structures of individuals. When we talk about social structures, we focus on two inter-connected spheres: systems of relations (e.g., patterns of roles, relationships, and forms of control) and systems of meaning (primarily culture and its associated beliefs, values, languages, and practices).
Identity therefore, from a social networking perspective, is not equivocal to a person per se. People put forth a persona (or social identity) they construct within the context and activities associated with a particular social structure. The social identity performed in one context and activity is just one facet of their overall identity. Different social identity attributes and social identity facets are evolved to fit a variety of situations. The existence of multiple identity facets raises the pro and con issue of enabling other parties to correlate and connect multiple social identity facets and, by doing so, gain the ability to connect social structures of that identity. Sometimes people are accepting of having their social structures (or actors within a social structure) being cross-connected – but sometimes they are not (raising issues of privacy). For a variety of reasons, people may prefer to create or maintain structural holes in their social networks. Structural holes can be a desirable objective as people try to control how their social identity facets are maintained for a given context and activity. However, closing structural holes may have benefits as well.
When it comes to communication, information sharing, collaboration, and other community interactions within the enterprise, people behave in a similar manner. Employees often (knowingly or unknowingly) construct social identity facets when interacting within a particular social structure (e.g., help desk discussion forum, profession support community, wiki editors group). Sometimes people use the term persona, or profile, or personal brand, when referring to a social identity. That social identity forms a “face” they create for purposes of control within a given social structure.
This implies and forms a key assumption at this stage of our hypothesis, that as employees interact across multiple social structures, they construct multiple identities based on context and activity. Engaging in these social structures also results in formation of social roles. Before the advent of social tools and applications (e.g., blogs, wikis, tags and bookmarks, social messaging, and social network sites), social identities and social roles were opaque and difficult to ascertain within a networked public. With systems that enable employees to define themselves more openly (profiles on social network sites, membership in online communities, or as avatars in virtual worlds), organizations are now faced with a situation where employees are augmenting the identity ascribed to them by the enterprise.
The enterprise views identity very differently. Identity management efforts are often a fundamental process for managing a variety of concerns (risk, privacy, intellectual property, compliance, etc.). Issues related to authentication, authorization, permissions, roles, entitlements, and security are common requirements for identity management strategies. Identity teams have valid concerns regarding the design of some social tools and applications (i.e., base don consumer models), or the level of controls that protect how identity is controlled by both end users and within enterprise policies. Finding the optimal balance between the social needs of employees and management needs of the enterprise must be a core design assumption for identity management strategies. As employees redefine, extend, or contradict these formal identity assignments, there may be unintended consequences to identity management practices of the organization at-large unless action is taken to view identity as a shared responsibility. Increased use of social tools and applications that span internal and external environments will only compound the situation unless organizations begin to act now.
Concordia Workshop
Use Cases Driving Identity in Enterprise 2.0: The Consumerization of IT
Date: Monday, July 27
Time: TBD
Description: Participate in this working session as end users, deployers and technology providers discuss identity-based use cases reflecting the intersection of traditional enterprise with Web 2.0 and SaaS, models with consumer underpinnings that are turning traditional IT approaches inside-out. The group will problem-solve together to discover and define:
- Different styles of provisioning/federating identities
- Privacy concerns around unmanaged employee usage of outside tools
- Security and policy approaches to address virtualization and the cloud
- Authorization models that combine flexible access to resources with appropriate administrative controls
In Concordia workshops, real-world use cases rule: we work together to understand trends and requirements, and then facilitate effective results in future technology development and harmonization. If you have a use case you'd like to share—please submit your suggested presentation and summary by June 19 to Britta Glade (britta@projectliberty.org). As the agenda develops, it will be posted on the Concordia wiki.
http://projectconcordia.org/index.php/Catalyst_pre-conference_workshop_agenda