{"id":1208,"date":"2012-05-30T15:03:58","date_gmt":"2012-05-30T23:03:58","guid":{"rendered":"\/?p=1208"},"modified":"2012-11-08T09:40:37","modified_gmt":"2012-11-08T09:40:37","slug":"is-an-inevitability-a-strategy","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1208","title":{"rendered":"Is an inevitability a strategy?"},"content":{"rendered":"<p><a href=\"http:\/\/www.zdnet.com\/topics\/john+fontana\" class=\"broken_link\">John Fontana <\/a>of <a href=\"http:\/\/www.zdnet.com\/blog\/identity\/microsoft-unveils-ad-azure-strategy-id-management-reset\/507?tag=search-results-rivers;item1\" class=\"broken_link\">ZDNet\u00a0<\/a>has written\u00a0a\u00a0pretty <a href=\"http:\/\/www.zdnet.com\/blog\/identity\/microsoft-unveils-ad-azure-strategy-id-management-reset\/507?tag=search-results-rivers;item1\" class=\"broken_link\">high octane report <\/a>on the blog posts <a href=\"http:\/\/blogs.msdn.com\/b\/windowsazure\/archive\/2012\/05\/23\/reimagining-active-directory-for-the-social-enterprise-part-1.aspx\" class=\"broken_link\">John Shewchuk<\/a> and I\u00a0published <a href=\"\/?p=1205\">last week<\/a>.\u00a0 The article starts with a summary:<\/p>\n<blockquote><p>The software giant begins talking publicly about Windows Azure Active Directory service and its strategy to use it as the foundation for its Identity Management as a Service strategy.<\/p><\/blockquote>\n<p>That&#39;s\u00a0an interesting take on things.\u00a0\u00a0\u00a0But is &#8220;Identity Management as a Service&#8221; actually a strategy?\u00a0 I wonder.\u00a0\u00a0<span style=\"line-height: 115%; font-family: \">In my thinking it is an\u00a0inevitability<\/span>.\u00a0\u00a0In other words,\u00a0IDMAAS is\u00a0<em>the world we will end up in\u00a0rather than the means of getting there.<\/em><\/p>\n<p><span><span style=\"color: #333333; cursor: default;\"><span style=\"color: #000000;\">So I think it is more accurate to say, as\u00a0ZDNet also does, that Microsoft&#39;s strategy is to use Windows Azure Active Directory as the vehicle through which\u00a0it offers Identity Management as a Service.\u00a0 \u00a0<\/span><\/span><\/span><\/p>\n<p><span><span style=\"color: #333333; cursor: default;\">I hope this distinction doesn&#39;t appear\u00a0overly\u00a0picky&#8230;\u00a0\u00a0\u00a0I just call\u00a0it out because I would like to\u00a0see our\u00a0conversation focus\u00a0primarily on what Identity management as a service <em>must be<\/em>.\u00a0 After all, if we\u00a0don&#39;t get that right,\u00a0the best\u00a0strategy for getting there will be largely irrelevant.<\/span><\/span><\/p>\n<p><span><span style=\"color: #333333; cursor: default;\">But enough of this.\u00a0 John Fontana cuts to the chase:<\/span><\/span><\/p>\n<blockquote><p>After two years of work, Microsoft has unveiled details and its strategy around Active Directory for the cloud, anointing it the centerpiece of a comprehensive online identity management services strategy it thinks will profoundly alter the ID landscape.\u00a0<\/p>\n<p>The company said changes to the current concepts around identity management need a \u201creset\u201d to handle the \u201csocial enterprise.\u201d Microsoft says it is \u201creimagining\u201d how its Windows Azure Active Directory (WAAD) service helps developers create apps that connect the directory to SaaS apps and cloud platforms, corporate customers and social networks.<\/p>\n<p>\u201cThe term \u2018identity management\u2019 will be redefined to include everything needed to provide and consume identity in our increasingly networked and federated world,\u201d Kim Cameron, an icon in the identity field and now a distinguished engineer working on identity at Microsoft, said on his <a href=\"https:\/\/www.identityblog.com\">blog<\/a>. \u201cThis is so profound that it constitutes a \u2018reset\u2019.\u201d<\/p>\n<p>At the center is WAAD, which is in use today mostly with Office 365 and Windows Intune customers. WAAD is a multitenant service designed for high availability and Internet scale.<\/p>\n<p>In a companion blog post to Cameron\u2019s, John Shewchuk, a Microsoft Technical Fellow and key cog in the company\u2019s cloud identity engineering, provided some details on WAAD, including new Internet-focused connectivity, mobility and collaboration features to support applications that run in the cloud.<\/p>\n<p>Shewchuk said the aim is to support technologies such as Java, and apps running on mobile devices including the iPhone or other cloud platforms such as Amazon\u2019s AWS.<\/p>\n<p>Shewchuk said WAAD will be the cloud extension to on-premises Active Directory deployments enterprises have already made. The two are married using identity federation and directory synchronization.<\/p>\n<p>He said Microsoft made \u201csignificant changes to the internal architecture of Active Directory\u201d in order to create WAAD.<\/p>\n<p>As an example, he said, \u201cInstead of having an individual server operate as the Active Directory store and issue credentials, we split these capabilities into independent roles. We made issuing tokens a scale-out role in Windows Azure, and we partitioned the Active Directory store to operate across many servers and between data centers.\u201d<\/p>\n<p>Some analysts are already noting the challenges Microsoft will have with its cloud directory.<\/p>\n<p>Mark Diodati, a research vice president at Gartner focusing on identity issues, <a href=\"https:\/\/www.pingidentity.com\/blogs\/pingtalk\/index.cfm\/2012\/5\/22\/CIS-Series-Mark-Diodati-Threeheaded-beast-eating-enterprise-IAM\">told me in a conversation about changes the cloud is forcing on enterprise ID management <\/a>that, \u201cthe addition of tablets and smartphones into the enterprise device mix exceeds Active Directory\u2019s management capabilities and there is an impedance mismatch using Kerberos across the cloud.\u201d<\/p>\n<p>While Shewchuk laid out the set-up for a Part 2 of his blog that will focus on enhancements to WAAD, Kim Cameron painted the bigger picture on cloud identity going forward.<\/p>\n<p>He said companies adopting cloud technology will see dramatic changes over the next decade in the way identity management is delivered. \u201cWe all need to understand this change,\u201d he stressed.<\/p>\n<p>Cameron said identity management as a service \u201cwill use the cloud to master the cloud\u201d, and will provide the most reliable and cost-effective options.<\/p>\n<p>\u201cEnterprises will use these services to manage authentication and authorization of internal employees, the supply chain, and customers (including individuals), leads and prospects. Governments will use them when interacting with other government agencies, enterprises and citizens.\u201d<\/p>\n<p>And he added that enterprises will have to move beyond concepts that have guided their thinking to date.<\/p>\n<p>[<a href=\"http:\/\/www.zdnet.com\/blog\/identity\/microsoft-unveils-ad-azure-strategy-id-management-reset\/507?tag=search-results-rivers;item1\" class=\"broken_link\">Full article and links to interviews and\u00a0related pieces.<\/a>]<\/p><\/blockquote>\n<p>I&#39;ll be interested in\u00a0hearing more about\u00a0Mark Diodati&#39;s views.\u00a0 I think\u00a0he is right to say that you can&#39;t just hoist\u00a0Kerberos-based AD into the\u00a0sky and\u00a0claim you&#39;ve solved the world&#39;s problems.\u00a0\u00a0<\/p>\n<p>But that&#39;s why we\u00a0have spent years\u00a0now embedding\u00a0web protocols like SAML into AD so that it could federate and\u00a0become part of\u00a0the Cloud.\u00a0 The truth is that\u00a0Windows Azure Active Directory has already transcended Kerberos &#8211; it\u00a0tips its hat to\u00a0the predominance of things like\u00a0OpenID and OAuth on the Internet.\u00a0 And this is but one example of a whole change in attitude.<\/p>\n<p>Wait.\u00a0 I&#39;m already ahead of myself &#8211; getting into\u00a0details about my little corner of reality before we&#39;ve even defined a landscape&#8230;<\/p>\n<p>[While we&#39;re at it, I notice that John Fontana,\u00a0a\u00a0tried and true\u00a0bellweather when it comes to language, happily uses\u00a0the acronym &#8220;WAAD&#8221;\u00a0while\u00a0refusing to taint himself with\u00a0 &#8220;IDMAAS&#8221;:\u00a0\u00a0hmmmm&#8230; could it be a sign?]<\/p>\n<p>\u00a0\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I would like to see our conversation focus primarily on what Identity Management as a Service must be<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[2,86,87],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1208"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1208"}],"version-history":[{"count":1,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1208\/revisions"}],"predecessor-version":[{"id":1327,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1208\/revisions\/1327"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1208"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1208"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1208"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}