Identity Crisis

By Bob Violino

Companies are going to have to get their arms around identity management before they can realize all the benefits RFID offers.


By Mark Roberti

Oct. 20, 2003 – I had the privilege of speaking at the Digital ID World 2003 Conference in Denver last week. Digital ID World is devoted to identity management, an IT discipline that is growing ever more critical as we move to delivering services over the Internet to customers and employees. Phil Becker, DIDW’s

editor in chief, said in his opening remarks that computing will one day be organized around identity management. A bold statement, but I think he’s absolutely right.

Becker pointed out in his speech that fear about the security of networks and data led companies to focus on authentication, authorization and administration of users on the network. But that’s only the first step in identity management. Now corporate IT departments need to manage identity data and build an infrastructure that makes the process of authentication, authorization and administration automatic. “It’s all about making sure identity data is reliable, current, properly synchronized, available, and easier to administer,” Becker said.

RFID Journal ran a feature story recently on the relationship between Web services and RFID (see Linking RFID with Web Services). The point of the article was to show how RFID could be the trigger that sets Web services—bits of reusable code that allow two or more Web-based applications to communicate with each other—in motion. An RFID tag on a pallet is read and that triggers a Web services application to communicate with another internally or externally. For instance, if a reader at the receiving bay of a retail store reads a tag that’s not listed on an advance shipping notice, that might trigger a Web services application to request more information from the manufacturer’s computer systems.

Web services offer huge benefits, as our article pointed out, but they also herald big changes. When two partners call each other on the phone and do business, they know who they’re speaking to. But if computers are going to handle some of these routine tasks, there needs to be ways to identify and authenticate the software “agents” executing tasks on behalf of the business partners.

Think about it. If you are a manufacturer, would you be willing to show a representative from a large retailer your distribution center and how much stock you have on hand? Probably. Would you open your computer systems and let the same person see your inventory electronically? Probably not. If we don’t solve this problem, companies will never achieve many of the benefits RFID and Web services promise.

In other words, we’re facing a digital identity crisis. And the long-term vision of those who say RFID can provide visibility from one end of the supply chain to the other will depend on resolving it. A retailer can’t reduce safety stocks unless he can see that the manufacturer has enough stock in his distribution center to meet a spike in demand. But the retailer won’t be able to see that unless we find secure, reliable ways to identify people across digital networks and manage access dynamically.

There’s been a lot of talk about the problem of managing all of the data that will come from RFID tags and readers. That problem may turn out to be small compared to the problem of managing who has access to that data. Not just which employees, but which customers, suppliers, logistics providers—and which software systems.

This is not going to be an easy problem to solve. In the short term, end users of RFID technology just want to make sure the reader goes beep when a case with an RFID tag goes by. The next big hurdle users face is getting the RFID data into the right enterprise application. But in the end, all that is trivial. The real competitive advantage will go to the manufacturing, logistics and retail companies that figure out how best to use the data from RFID systems. Identity management is going to be a huge part of that. Here’s how Digital ID World‘s Becker put it: “The networking of business processes across business boundaries has now become possible. Soon it will be a requirement for businesses to survive.”

Mark Roberti is the Editor of RFID Journal. If you would like to comment on this article, send e-mail to

RFID Journal Home

Attend RFID Journal University in Atlanta (Nov. 3) or Chicago (Nov. 17). To register please visit RFID Journal University