{"id":1329,"date":"2012-11-08T10:20:11","date_gmt":"2012-11-08T10:20:11","guid":{"rendered":"https:\/\/www.identityblog.com\/?p=1329"},"modified":"2015-01-04T16:34:08","modified_gmt":"2015-01-04T22:34:08","slug":"1329","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1329","title":{"rendered":"Trust will make or break cloud ID management services"},"content":{"rendered":"

ZDNet’s<\/a> John Fontana<\/a>\u00a0has\u00a0written about the Webinar<\/a> on Identity Management as a Service hosted last week by Craig Burton<\/a>\u00a0of Kuppinger Cole<\/a>.\u00a0\u00a0The session began with a presentation\u00a0by Craig on the revolutionary impact of the API economy\u00a0in shaping the requirements for cloud identity.\u00a0 Then\u00a0I\u00a0spoke about\u00a0the characteristics of Identity Management as a Service as they were shaping the\u00a0industry and, especially Azure Active Directory, while Chuck Mortimer\u00a0gave a\u00a0good description of what we will be seeing in Salesforce.com’s emerging cloud directory service.\u00a0\u00a0The Webinar\u00a0is\u00a0available<\/a>\u00a0to those who want the details.<\/p>\n

John\u00a0highlights\u00a0a number\u00a0of the key emerging concepts in\u00a0his piece<\/a>,\u00a0titled “Trust will make or break cloud ID management services”:<\/p>\n

If identity-management-as-a-service is to take hold among enterprises it will need to be anchored by well-crafted rules for establishing trust that incorporate legal parameters and policy requirements, according to a pair of identity experts.<\/p>\n

\u201cWhere we have seen trust frameworks be really successful in the past is where member organizations have some means and motivation for cooperation be that altruistic, economic, etc.,\u201d said Chuck Mortimore, senior director of product management for identity and security at Salesforce.com. He cited the Shibboleth Project deployed in academia that highly incents universities to collaborate and cooperate.<\/p>\n

\u201cWe are seeing both the U.S. government and the British government selecting trust frameworks for their respective identity initiatives,\u201d said Kim Cameron, Microsoft\u2019 identity architect. \u201cYou need a bunch of people who share the interest of having a trust framework.\u201d<\/p>\n

Trust frameworks ensure trust between those issuing an identity and the providers that accept that ID for authentication to access services or data, and in increasing cases, to tap application programming interfaces (APIs).<\/p>\n

To wit, 62% of the traffic on Salesforce.com is API calls, mobile clients and desktop clients.<\/p>\n

Mortimore and Cameron appeared together Tuesday on a Webinar hosted by Kuppinger Cole analyst Craig Burton.<\/p>\n

The identity-management-as-a-service (IdMaaS) concept is rising in importance due to an emerging \u201cAPI economy,\u201d according to Burton. That economy is characterized by billions of API calls to support services sharing data on a massive, distributed scale that stretches across the enterprise and the cloud.<\/p>\n

IdMaaS defines a cloud service that manages identity for an organization\u2019s employees, partners and customers and connects them to applications, devices and data either in the enterprise or the cloud.<\/p>\n

\u201cThis won\u2019t be a point-to-point situation,\u201d said Cameron. He said existing systems can\u2019t handle the identity, security and privacy requirements of the cloud and its API economy. \u201cThe domain-based identity management model of the \u201890s and early 2000s is a non-starter because no one will be staying within the enterprise boundary.\u201d<\/p>\n

Cameron said the only way all the requirements can be met is with an identity service that fosters simplification and lower costs. And the only way that gets off the ground is through the use of trust frameworks that simplify the legal and policy requirements.<\/p>\n

Cameron pointed to a number of current trust frameworks certification programs including Kantara and the Open Identity Exchange.<\/p>\n

Mortimore said end-users need to start with a \u201cbaseline of security and trust\u201d and go from there.<\/p>\n

He said he believes most enterprises will use a hybrid identity management configuration \u2013 enterprise infrastructure plus cloud.<\/p>\n

\u201cWe firmly believe we will see that architecture for a long time,\u201d said Mortimore. \u201cIf you look at the core imperatives for IT, cloud and mobile apps are forcing functions for IT investments, as well as, people looking at existing IDM infrastructure that is running up against friction like how do I expose this API.\u201d<\/p>\n

Mortimore said cloud identity management services represent a nice transition path.<\/p>\n

Salesforce.com backed up that idea last month when it introduced Salesforce Identity, a service baked into its applications, platform, and development environment.<\/p>\n

Mortimore ran the list of features: a directory that anchors identity management, reliance on standard schemas and wire protocols, extensibility and programmability.<\/p>\n

\u201cWe are not running this as a Salesforce identity service, we are running it on behalf of customers. That is a critical part of these identity cloud systems. We need to facilitate the secure exchange of identities, federation, collaboration and attribute exchange,\u201d said Mortimore.<\/p>\n

Cameron concurred, saying \u201cthe identity management service operates your directory for you, that has to be the model.\u201d<\/p>\n

Microsoft\u2019s service is called Azure Active Directory, and it offers the cloud-based services in a similar fashion to what Active Directory and other Microsoft infrastructure products (authentication, federation, synchronization) do within the enterprise.<\/p>\n

\u201cYou need to use the efficiencies of the cloud to enable new functions in identity and provide more capability for less money,\u201d he said.<\/p>\n

While they are giants, Microsoft and Salesforce.com represent just a handful of providers that offer or are building cloud identity services. (Disclaimer: My employer offers a cloud identity service<\/em>).<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

If enterprises want to tap into identity-management-as-a-service they better know the trust models in use.<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[86,87],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1329"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1329"}],"version-history":[{"count":11,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1329\/revisions"}],"predecessor-version":[{"id":1404,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1329\/revisions\/1404"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1329"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1329"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1329"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}