{"id":1219,"date":"2012-06-26T14:46:23","date_gmt":"2012-06-26T22:46:23","guid":{"rendered":"\/?p=1219"},"modified":"2012-06-27T10:03:03","modified_gmt":"2012-06-27T18:03:03","slug":"there-is-no-hub-there-is-no-center","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1219","title":{"rendered":"There is no hub. There is no center."},"content":{"rendered":"

Mary Jo Foley<\/a> knows her stuff, knows identity and knows Microsoft.\u00a0\u00a0She just published a\u00a0piece called\u00a0“With Azure Active Directory, Microsoft wants to be the meta ID hub<\/a>“.\u00a0\u00a0The fact that she picked up on John Shewchuk's piece<\/a> despite all the\u00a0glamorous announcements\u00a0made in the same timeframe\u00a0testifies to the fact that she understands a lot about the cloud.\u00a0 On the other hand, I hope she won't mind if I push back on part of her thesis.\u00a0 But\u00a0before I do that,\u00a0let's hear it:<\/p>\n

Summary: <\/span><\/strong>A soon-to-be-delivered preview of a Windows Azure Active Directory update will include integration with Google and Facebook identity providers.<\/em><\/p>\n

Microsoft isn\u2019t just reimaginging Windows and reimaginging tablets. It\u2019s also reimaginging Active Directory in the form of the recently (officially) unveiled Windows Azure Active Directory (WAAD)<\/span><\/a>.<\/p>\n

In a June 19 blog post that largely got lost among the Microsoft Surface shuffle last week, Microsoft Technical Fellow John Shewchuk delivered the promised Part 2 of Microsoft\u2019s overall vision for WAAD<\/span><\/a>.<\/p>\n

WAAD is the cloud complement to Microsoft\u2019s Active Directory directory service. Here\u2019s more about Microsoft\u2019s thinking about WAAD<\/span><\/a>, based on the first of Shewchuk\u2019s posts. It already is being used by Office 365, Windows InTune and Windows Azure. Microsoft\u2019s goal is to convince non-Microsoft businesses and product teams to use WAAD, too.<\/p>\n

This is how the identity-management world looks today, in the WAAD team\u2019s view:<\/p>\n

\"\"<\/a><\/p>\n

And this is the ideal and brave new world they want to see, going forward.<\/p>\n

\"\"<\/a>
\nWAAD is the center of the universe in this scenario (something with which some of Microsoft\u2019s competitors unsurprisingly have problem).<\/span><\/a><\/p>\n

[Read more <\/a>of the article here]<\/p><\/blockquote>\n

The diagrams Mary Jo\u00a0uses are from John's post.\u00a0\u00a0And the second clearly shows the “Active Directory Service”\u00a0\u00a0triangle in\u00a0the center of the picture\u00a0so one can understand why Mary Jo\u00a0(and others) could think we are talking about\u00a0Active Directory being at the center of the universe.\u00a0<\/p>\n

Yet in describing what we are building, John writes,<\/p>\n

“Having a shared directory that enables this integration provides many benefits to developers, administrators, and users.”<\/p><\/blockquote>\n

“Shared” is not the same as “Central”.\u00a0 For the Windows Azure AD team the\u00a0“shared directory” is not “THE hub” or “THE center”.\u00a0 There is no one center any more in\u00a0our multi-centered world.\u00a0 We are not building\u00a0a monolithic, world-wide directory.\u00a0\u00a0We are\u00a0instead consciously\u00a0operating\u00a0a directory service that contains hundreds of thousands of directories\u00a0that are actually\u00a0owned by individual enterprises, startups\u00a0and government organizations.\u00a0\u00a0These directories are\u00a0each under the control of their data owner, and are completely independent until their data owner decides to share something with someone else.<\/p>\n

The difference\u00a0may sound subtle, but I don't think it is.\u00a0\u00a0When I think of a\u00a0hub I think of a standalone\u00a0entity\u00a0mediating between\u00a0a set of claims providers and\u00a0a set of relying parties.\u00a0\u00a0<\/p>\n

But with Azure Active Directory\u00a0the goal is quite different:\u00a0 to offer\u00a0a holistic “Identity Management as a Service” for organizations, whether startups, established enterprises or government organizations – in other words to “operate” on behalf of these organizations.\u00a0\u00a0<\/p>\n

One of the things such\u00a0a service\u00a0can do\u00a0is\u00a0to take care of\u00a0connecting an organization\u00a0to all the consumer and corporate claims providers that may be of use to it.\u00a0 We've actually built that capability, and we'll operate it on a 24\/7 basis\u00a0as something that\u00a0scales and is robust.\u00a0 But IdMaaS involves a LOT of other different capabilities as well.\u00a0 Some organizations will want to use it for authentication, for authorization, for registration, credential management and so on.\u00a0\u00a0The big IdMaaS picture is one of serving the organizations that employ it – quite different from being\u00a0an independent\u00a0hub and\u00a0following\u00a0a “hub” business model.\u00a0<\/p>\n

In this era of the cloud, there are many cloud operators.\u00a0 Martin Kuppinger has pointed out that “the cloud” is too often vendor-speak for “this vendor's cloud”.\u00a0 In reality there are “clouds” that will each host services that are premium grade and that other services constructed\u00a0in different clouds will want to consume.\u00a0 So\u00a0we will all need the ability to reach accross clouds with complete agility, security and privacy and within a single governance framework.\u00a0 That's what Identity Management as a Service needs to facilitate, and the Active Directory Service triangle in the diagram above is precisely such a service.\u00a0\u00a0There will be others operated by competitors handling the identity needs of other organizations.\u00a0 Each of us will need to connect enterprises we serve with those served by our competitors.\u00a0<\/p>\n

This said, I really\u00a0accept the point that to express this\u00a0in\u00a0a\u00a0diagram we could (and should)\u00a0 draw it very differently.\u00a0 So that's something\u00a0John and I are going to\u00a0work on over the next few days.\u00a0\u00a0Then we'll get back to you\u00a0with a diagram that better expresses our intentions.<\/p>\n

\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"

The big IdMaaS picture is one of serving the organizations that employ it – quite different from being an independent hub and following a “hub” business model.<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[2,86,87],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1219"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1219"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1219\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1219"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1219"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1219"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}