Friendly colleagues that know I am passionate about new ways to manage identities in the cloud, sometimes send me useful blog posts from like minded people. This is why I spent some time perusing Coby Royer’s blog at http://blog.symplified.com/
Especially the following paragraph echoed the same sentiments about Identity as a Service as the ones I posted in June last year.
But despite the virtues of Cloud Computing, and the fact that the Cloud visionaries are leading the wave with standards, they are often ad hoc standards (e.g., proprietary Authentication and Provisioning APIs). It will take time for the industry standards to shake out, and there remains much scepticism in the industry. So hitching your enterprise IAM strategy to a vendor that only offers one type of solution (e.g., SAML) appears risky at best. The dominant integration standards have yet to reach critical mass among SaaS vendors (e.g., SAML, WS-Fed, SPML)—and IAM Vendors are having difficulty integrating with SaaS vendors that don’t support standards. In effect, the Cloud Computing Permutations present challenges to many IAM vendors.
Now many clever people can put a finger on a sore spot and say “Hey this hurts”. Comedians like Tommy Cooper would say; “Don’t touch it!” which is funny but not very helpful. I cannot stay straight faced about it. I find something cynical about marketing manager’s rewrapping IAM solutions for the perimeterized organisation in a new box with a cloud motive and hope it will sell for a few years longer.
It really is time for a good old paradigm shift, however you may hate the term and find it pretentious, as indeed I do! With a fast disappearing network perimeter also the network people have the wrong end of the stick. They would have us VPN tunnelling the cloud till it again looks like a plate of spaghetti. In other words unmanageable and unscaleable! The old jokes are still the best, so I simply repeat what I said in June last year, and the year before, and the year before.
Personally I see a better future for a different kind of IaaS, namely a scenario where the IdP just issues Information Cards with some role claims, digitally signed. The remote target applications are becoming information card ‘aware’ and they can process the identity claims to create a user ‘on the fly’. In this scenario we have put the responsibility for creating and maintaining the user information back in the application and the Information Card becomes the standard vehicle to assert claims.
So the moat and castle model of the enterprise becomes more like a hotel. Maybe a bit of security on the door, but basically you can walk in of the street. Some conference rooms are open to the public for events and contain public information. The restricted applications are like locked hotel rooms and Information Cards are the metaphor for the plastic key cards that give the user access to whatever business they have there.