Learning a language can be quite difficult. Sure, you can opt for mobile apps that claim to teach you the language in “three short months!”, but anyone who’s tried to order the ratatouille in Paris, the Tom Yam Koong in Bangkok, or the Burnt Ends in Texas quickly learns that there’s a difference between knowing a few words and being able to communicate useful information in the real world. What most of us truly need is a conversation partner—someone who will always respond with the correct answer and gently correct our mistakes as they slowly fade into proper usage.
Adopting identity standards is a lot like acquiring a foreign tongue. While it’s relatively easy to have a surface knowledge of the technology, most of us don’t easily understand what is occurring in these identity approaches until we can actually interact with them personally. As we explore them by hand, we see what each exchange looks like, what happens when things fall over, and what current systems do when faced with boundary cases.
In short, we need a “conversational” partner that will let us try out these interactions and learn the proper call and response.
A Demo System as a Conversational Partner
Open-source or publicly-available demo systems are crucial to the learning process. They allow for a deeper understanding of interactions and the chance to learn via experience. When it comes to emerging standards, they speed adoption tremendously, as can be seen from examples such as AuthZen and the Shared Signals Framework from the OpenID working groups.
Those of us participating in the Shared Signals Framework Interop this year in March (and coming up again in December) have benefitted from Caep.Dev – an online receiver/transmitter that can be used publicly both to understand interactions within the standard and to identify where ongoing development efforts may have failed to follow the specification. (Not that Caep.Dev was infallible by the way—it helped clarify issues on both sides of most interactions.) Without the existence of this kind of conversational partner, the standard would see much slower adoption and lower levels of successful interop participation.
Just Try It Out
But it’s not just emerging standards, either—existing standards benefit from conversational partners as well. Take SCIM, for instance; it has been around for at least nine years, but still benefits from projects such as Arie Timmerman’s Scim.Dev. Users can explore the world of SCIM, including my personal favorite emerging standard: SCIM Events.
I’ll let Arie describe what he’s created over on Scim.Dev:
“Tell me and I forget, teach me and I may remember, involve me and I learn.” This wisdom—shared by Benjamin Franklin—underpins the philosophy behind SCIM Playground. Rather than responding to questions like “How do I integrate using SCIM?” with “Read the specs”, we can now say, “Just try it out.” A demo environment is one click away, complete with optional dummy users and groups to help you get started quickly. Many IT professionals perceive SCIM as complex or challenging to understand, but this playground and testing environment can help overcome these barriers and encourage adoption of the protocol.
Sites such as Caep.Dev and Scim.Dev (no, they’re not all suffixed with .dev) give us the opportunity to practice using these standards, write prototype and production code against them, and level up quickly as we rush to enhance the utility of identity. These kinds of publicly available tools exist for most standards—easily found a few short searches away (ask on the IDPro Slack if you’re having difficulty uncovering what you need).
Accelerate Your Progress
So, if you’re looking to learn something new about identity or want to understand a new or emerging standard, accelerate your progress the same way you would if you were trying to gain fluency in a language other than your own: find a conversational partner.
Disclaimer: The views expressed in the content are solely those of the author and do not necessarily reflect the views of the IDPro organization.
Author Bio
Director of Strategy and Standards, SailPoint
Mike Kiser is insecure. He has been this way since birth, despite holding a panoply of industry positions over the past 20 years—from the Office of the CTO to Security Strategist to Security Analyst to Security Architect—that might imply otherwise. In spite of this, he has designed, directed, and advised on large-scale security deployments for a global clientele. He is currently in a long-term relationship with fine haberdashery, is a chronic chronoptimist (look it up), and delights in needlessly convoluted verbiage. Mike speaks regularly at events such as the European Identity Conference and the RSA Conference, is a member of several standards groups, and has presented identity-related research at Black Hat and Def Con. He is currently the Director of Strategy and Standards at SailPoint Technologies and an active IDPro member.
