{"id":1205,"date":"2012-05-23T08:34:21","date_gmt":"2012-05-23T16:34:21","guid":{"rendered":"\/?p=1205"},"modified":"2012-11-08T09:41:47","modified_gmt":"2012-11-08T09:41:47","slug":"identity-management-as-a-service","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1205","title":{"rendered":"Identity Management As A Service"},"content":{"rendered":"<p>A few weeks ago at the <a href=\"http:\/\/www.google.com\/url?sa=t&amp;rct=j&amp;q=european%20identity%20and%20cloud%20conference&amp;source=web&amp;cd=1&amp;sqi=2&amp;ved=0CHkQFjAA&amp;url=http%3A%2F%2Fwww.id-conf.com%2F&amp;ei=j1--T8mNNKiviALuyoXVDQ&amp;usg=AFQjCNEhlspGrpIEBbD9uB5CVJa5zTxqbA\">European Identity and Cloud Conference<\/a> I gave a keynote called <a href=\"http:\/\/www.youtube.com\/watch?v=6qbwTFyJa7k\">Conflicting Visions of Cloud Identity<\/a>. It was the first time that I reported publicly on the work I&#39;ve been doing over the last year on understanding what cloud computing means for identity &#8211; and vice versa.<\/p>\n<p><a href=\"http:\/\/www.youtube.com\/watch?v=6qbwTFyJa7k\"><img class=\"alignright\" style=\"margin: 5px; float: right;\" src=\"\/wp-content\/images\/2011\/05\/kim_kuppinger_cole_2012.jpg\" alt=\"\" \/><\/a>The keynote led to many interesting exchanges with others at the conference. The conversations ranged from violent agreement to &#8220;animated dissidence&#8221; &#8211; and most important,\u00a0to the discussion of\u00a0many important\u00a0nuances.<\/p>\n<p>It became clear to me that\u00a0a lot\u00a0of us involved with information technology could really benefit from an open exchange about these issues. We have the chance to accelerate and align our understanding and to explore the complexities and opportunities.<\/p>\n<p>So today I&#39;d like to take a first step in that direction and lay out a few high level ideas that I&#39;ll flesh out more concretely in upcoming posts.\u00a0 I hope these will goad\u00a0some of you\u00a0into elaborating, pushing back, and taking\u00a0our conversation in other completely different directions.<\/p>\n<p><strong>Preparing for dramatic change<\/strong><\/p>\n<p>To me, the starting point for this conversation is that Identity Management and the way it is delivered will change dramatically over the next decade as organizations respond to new economic and social imperatives by adopting cloud technology.<\/p>\n<p><em>We all need to understand this change.<\/em><\/p>\n<p>Organizations will find they need new identity management capabilities to take full advantage of the cloud. They will also find that the most reliable and cost-effect way to obtain these capabilities is through Identity Management as a Service &#8211; i.e. using the cloud to master the cloud.<\/p>\n<p>We can therefore predict with certainty that almost all organizations will subscribe to identity services that are cheaper, broader in scope and more capable than the systems of today.<\/p>\n<p>Enterprises will use these services to manage authentication and authorization of internal employees, the supply chain, and customers (including individuals), leads and prospects. Governments will use them when interacting with other government agencies, enterprises and citizens.<\/p>\n<p>Identity Management As A Service will require that we <em>move beyond<\/em> the models of identity management that have guided our thinking to date. A new service-based model will emerge combining more advanced capabilities with externalization of operations to achieve reduction in risk, effort and cost.<\/p>\n<p><strong>Redefining Identity Management<\/strong><\/p>\n<p>The term \u201cIdentity Management\u201d will be redefined to include everything needed to provide and consume identity in our increasingly networked and federated world.\u00a0 This is so profound that it constitutes a &#8220;reset&#8221;.<\/p>\n<p>As a category,\u00a0Identity Management\u00a0will expand to encompass all aspects of identity:<\/p>\n<ul>\n<li>registration of people, organizations, devices and services;<br \/>\nmanagement of credentials;<\/li>\n<li>collection and proofing of attributes;<\/li>\n<li>claims issuance;<\/li>\n<li>claims acceptance;<\/li>\n<li>assignment of roles;<\/li>\n<li>management of groups;<\/li>\n<li>cataloging of relationships;<\/li>\n<li>maintenance of personalization information;<\/li>\n<li>storage and controlled publication of information through directory;<\/li>\n<li>confidential auditing; and<\/li>\n<li>assurance of compliance.<\/li>\n<\/ul>\n<p>The baseline capability of Identity Management will be to enhance the security and privacy of both organizations and individuals.<\/p>\n<p>There will be a new market of next-generation identity management service providers with characteristics shaped by the importance of identity for both the protection of assets and the enhancement of relationships as we enter the era of the <em>social enterprise.<\/em><\/p>\n<p>Meanwhile, the current market for identity management products will be challenged by the simplification, cost reduction and increased innovation possible in the cloud.<\/p>\n<p>Going forward, the term <em>Identity Management As A Service<\/em> will come up so often that we need an acronym.\u00a0 For the time being I&#39;m going to adopt the one my friend Eric Norlan proposed over six years ago\u00a0: IDMaaS. While we&#39;re at it, it is worth looking at <a href=\"http:\/\/www.zdnet.com\/blog\/digitalid\/identity-management-as-a-service\/15\">Eric&#39;s prescient article in ZDNet\u00a0<\/a>&#8211; he wrote it\u00a0back in 2006 when he was a partner at Digital ID World.\u00a0Eric reports on a conversation where Jamie Lewis (then CEO of the Burton Group) argued that &#8220;companies would find identity data too important to hand-over to others&#8221; &#8211; a view that certainly described the\u00a0way enterprises felt\u00a0at\u00a0that time.\u00a0 These issues are still critically important, though many profound evolutions have, I think, transformed the variables in the equations.\u00a0\u00a0These new variables will be ones\u00a0we want to drill into going forward.<\/p>\n<p><strong>Microsoft and IDMaaS<\/strong><\/p>\n<p>One of the reasons\u00a0I want to share my\u00a0thoughts about Identity Management as a Service now is that they constitute part of the theoretical framework that lies behind many of\u00a0the decisions about the kind of organizational identity service we at Microsoft are offering.\u00a0<\/p>\n<p>I&#39;m\u00a0therefore\u00a0really excited to say that today we are able to start\u00a0bringing\u00a0you up to speed\u00a0on exactly what that is.\u00a0\u00a0Here&#39;s a\u00a0quote\u00a0from <a href=\"http:\/\/blogs.msdn.com\/b\/windowsazure\/archive\/2012\/05\/23\/reimagining-active-directory-for-the-social-enterprise-part-1.aspx\" class=\"broken_link\">today&#39;s blog post<\/a> by my close colleague and friend John Shewchuk,\u00a0the Technical Fellow who\u00a0plays a key\u00a0role in getting our cloud identity offering\u00a0engineered right:\u00a0<\/p>\n<blockquote><p><strong>What is Windows Azure Active Directory?<\/strong><\/p>\n<p>We have taken Active Directory, a widely deployed, enterprise-grade identity management solution, and made it operate in the cloud as a multitenant service with Internet scale, high availability, and integrated disaster recovery.<\/p>\n<p>Since we first talked about it in November 2011, Windows Azure Active Directory has shown itself to be a robust identity and access management service for both Microsoft Office 365 and Windows Azure\u2013based applications.<\/p>\n<p>In the interim, we have been working to enhance Windows Azure Active Directory by adding new, Internet-focused connectivity, mobility, and collaboration capabilities that offer value to applications running anywhere and on any platform. This includes applications running on mobile devices like iPhone, cloud platforms like Amazon Web Services, and technologies like Java.<\/p>\n<p>The easiest way to think about Windows Azure Active Directory is that Microsoft is enabling an organization\u2019s Active Directory to operate in the cloud. Just like the Active Directory feature in the Windows Server operating system that operates within your organization, the Active Directory service that is available through Windows Azure is your organization\u2019s Active Directory. Because it is your organization\u2019s directory, you decide who your users are, what information you keep in your directory, who can use the information and manage it, and what applications are allowed to access that information. And if you already have on-premises Active Directory, this isn\u2019t an additional, separate copy of your directory that you have to manage independently; it is the same directory you already own that has been extended to the cloud.<\/p>\n<p>Meanwhile, it is Microsoft\u2019s responsibility to keep Active Directory running in the cloud with high scale, high availability, and integrated disaster recovery, while fully respecting your requirements for the privacy and security of your information.<\/p><\/blockquote>\n<p>John&#39;s post is called <a href=\"http:\/\/blogs.msdn.com\/b\/windowsazure\/archive\/2012\/05\/23\/reimagining-active-directory-for-the-social-enterprise-part-1.aspx\" class=\"broken_link\">Reimagining Active Directory for the Social Enterprise<\/a>.\u00a0 It&#39;s done in two parts, and following that John will join into our broader\u00a0conversation about the identity management reset.\u00a0\u00a0\u00a0I hope the combination of our two blogs can help animate an industry-wide discussion while\u00a0providing a specific channel through which\u00a0people\u00a0can get the information they need about Microsoft&#39;s\u00a0identity service\u00a0offering.<\/p>\n<p>Later this week:\u00a0 <em>The Changing Model of Identity Management.\u00a0 <\/em>I hope to see you there.<\/p>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Identity Management and the way it is delivered are changing dramatically<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[6,2,86,87],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1205"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1205"}],"version-history":[{"count":1,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1205\/revisions"}],"predecessor-version":[{"id":1328,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1205\/revisions\/1328"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1205"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}