Why do we call it “Identity Management”?

I am an Engineer; I try to call things by names that don’t mislead people. The market is flooded with products calling themselves “Identity Management” (IdM) solutions. I have a real problem with that language. What system can manage my identity?

Many systems exist that can and do manage the credentials and artifacts that provide a linkage to me, and hence to my identity, but they should be called “Identity Credential Management” (IdcM) solutions. Think about this; is the Drivers’ license card that the state provides an Identity? No, but it is a credential that is acceptable most places as proof of my identity. Same for other many other credentials, Passports, PIV cards, logon credentials, etc… and these items are what these systems typically manage, or the information in them.

My real fear here is that people will get used to hearing “Identity Management” and forget that the only thing really managed is the credentials that we use to verify our identity to someone, or something. This will lead to assumptions that are false and decisions will be made using those false assumptions.

So let’s all try to get back to language that is accurate, instead of the current marketing trend.

Leave a Comment

Leave a comment

Leave a Reply