HID hires IT vet Scott Guthery

IRVINE, Calif.--Scott Guthery, a technologist who has been vital in crafting security identity standards, has joined HID Global in the newly created position of system architect. He will report to Tam Hulusi, executive vice president of HID Global, and said, "my charter is to define and build a framework within which we can synergize HID's diverse secure identity delivery products." HID Global chief executive officer Denis Hebert has said the company is looking to get beyond access control and think in terms of identity management. "The element of identity," he said, "is really that thing that belongs to you and is who you are and what you are and the associated privileges and rights you possess ... and this is really where we see the convergence of things." This is where Guthery comes in. He was the co-author of NIST SP 800-73 which defines the U.S. Government's Personal Identity Verification (PIV) card; he led the team that created the first Java Card and he was later the software architect for Windows for Smart Cards. "People ask," said Guthery, "'I'm one person, why do I have 13 different secure token identities?,' and they're certainly right in that regard. We're hoping to achieve the goal of a unified token of some kind." He said the physical side of access and identity is much more difficult than the logical side. "I've been working on the logical side [of the identity space] for quite some time," he said, "and that's a relatively done deal, but dealing with the many constraints on the physical side is a challenge for the folks on the logical side. I figured I'd team up with the physical side." Convergence presents two separate problems, he said: integrating all the physical access pieces together with each other, and then integrating those pieces with the logical network. Would solving any one problem make things a lot easier? He said, "no." "We know how all of the things fit together," Guthery said. "The drag on the vehicle," he said, comes from two sources. First, within companies, it's difficult to get the telco group and physical group and logical group to all agree on a way forward. Second, there is the shifting business model in the security marketplace. He said the industry needs to get away from focusing on physical artifacts like smart cards and readers and start focusing on authentication and the movement of bits of information from one place to another. "Whether you're selling routers or readers," Guthery said, "you're in the bit-moving business ... You have to think about what is the meaning of those bits: How can I harness the value and meaning of the bits and add to the value of the bits before I move them along?"