Thoughts on the Use of the Term “Stateless Identity”

Gerry Gebel at the Burton Blog has a post titled Can Applications Become Identity-Stateless.  He points out the costs of user provisioning are high and that enterprises would be better served if it could be done away with.  He goes on to say the following:  “For several years, the industry has promoted the use of shared infrastructure services for IdM functions – but only a moderate level of success has been achieved when compared to the potential.”  He then floats the term “stateless-identity” as a possibly better “descriptor” to communicate the desired end state, viz., applications which keep no state on identity and instead share a common store.  The rhetorical question that follows is it in fact a better term?  Consider the concept of ‘stateless’ in software.  When state is not maintained, the software does not keep track of current data, for example, user choices, configuration settings or executed transactions.  When software is stateless it lives in an eternal present, ignorant of what came before and ignorant of what follows.  It carries nothing with on moment to the next.   If we apply this concept, then the meaning which follows from applications using stateless-identity would be applications whose “awareness” of identity is limited only to the current call to the identity service.  Metaphorically, it would be like a man who every time he leaves the room and returns must look up the name of his guest.  Obviously this not what he has in mind because applications must keep persistent information about who is using the application and what they are entitled to do and what limitations they have.  Even if the application is not storing this permanently, it must maintain the state for it’s own functioning and hence stateless-identity lacks descriptive power at best and at worst may cause confusion of the term’s actual meaning such as what occurred in the database world with “relational”.  I understand the goal which is to remove redundant identity data from applications and lower costs, however,  creating new terminology  is a questionable choice when other terms which possess greater descriptive accuracy already exist and are widely known.  I can’t see where this adds any additional communicative power that would speed adoption, but I have been wrong before.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s