I continue to receive many questions about how enterprise and government environments and systems can interact with new generations of services that are being hosted in the cloud, especially from an identity management point of view.
It is a fascinating question and getting it right is key. I think about it a lot these days – as I'm sure everyone in the industry does.
One conclusion: these new questions are the side-effects of trends we've been witnessing for a long time now – in particular, the decline and fall of the “closed domain”.
Metadirectory, in the last half of the 1990’s, was the first step towards understanding that even with standards and widespread technological agreement, there would be no single “center” to the world of information. There were multiple boundaries required by business and government, but by their very nature those boundaries always had to be crossed… This was a profound contradiction but also a motor for innovation. We needed kinder, gentler systems predicated on the idea they would have to interact with other systems run by independent people and organizations.
The concept of identity federation arose to facilitate this. Over time agreement grew that federation was actually something you were able to do once you re-thought the world from a multi-centered point of view – one which allowed multiple viewpoints and criteria for action (call it truth). This became generalized into “claims-based” system design – an approach in which assertions always have a source and must be evaluated prior to acting on them (i.e. we can accept assertions from multipe sources because our systems include mechanisms for deciding what they mean).
The notion of consuming and combining services, some of which we host ourselves, and others which are hosted for us by third parties, fits perfectly into this multi-centered view. And in a world of claims-based system design, the combination of cloud and enterprise computing is a completely natural “atomic” capabiity. So all the work the industry has been doing to advance claims-based computing lays the foundation for these new computing paradigms and makes them dramatically more practicable.
My presentation to the Microsoft Professional Developers Conference was a concrete look at how claims-based system design affects developers, and the synergies they will obtain by adopting the model. It argued, in essence, that there is ONE relevant architecture for identity (NOT to be confused with “one single monolithic identity, which is an anathema!) That ONE architecture works in the enterprise, in the cloud and in the home, and works on many loosely-coupled systems designed by many vendors to do many things – in the enterprise and in the cloud.
The presentation also discusses a number of the components we are beginning to make available as software products and services across Microsoft. It underlines that these components implement widely adopted standards and their very goal is interoperable systems that are synergetic for customers.
The PDF is here, and the Word 2007 version is here.