Posted by Frank Villavicencio on Mon, Dec 21, 2009
In the midst of the holiday season, and with the anticipation and emotion that comes with the end of the year approaching, I have decided to write my first blog - an early new year's resolution perhaps. I must state that I have resisted the urge to blog for the last three years of my career for two reasons: on one end, I feared starting to blog and then dropping off and being inconsistent (just like I have been every time I started at the gym), on the other end, I dreaded becoming addicted to blogging and seeing it impact other priorities. But let's just say that I am resolved to give this a good try by sticking to some basic rules: keep the content lean but meaty, keep a constant blogging frequency, and try to be as interactive as feasible - sounds simple. Let's see how I fare (maybe I will also get in shape in the process)...
What is Identity as a Service (IDaaS)?
2009 has seen an increased interest and focus in a relatively new topic in identity management "Identity as a Service (IDaaS)", but just like any upcoming trend, it tends to be understood differently, explained differently and used differently depending on context. Burton Group provides a very concrete definition that focuses on the outsourcing of identity management, such as authentication, provisioning and attributes services. Dave Kearns has covered this topic extensively as well, under the context of "Externalizing Identity into the Cloud". My friend Nishant Kaushik defined the term in 2007 as "the notion of making identity management capabilities available as an infrastructure service to all applications in a SOA environment".
In a way, this reminds of the late 90's when the term identity management was making its foray in the world (yes I admit that I was an identity guy back then - lucky me!), and everyone had its own definition and everybody from Dun & Bradstreet to Access360 to Oblix provided identity management. And I think that the term is still misinterpreted today, though not entirely misunderstood, just like any normal teenager at this age.
So, one would wonder: why propose yet another definition for IDaaS? Well, I encourage you to keep on reading, as I think I will make my point clear, and hope to ignite good comments and discussion along the way.
With that: what is IDaaS? It is an approach to digital identity management in which an entity (organization or individual) relies on a service provider to make use of a specific functionality that allows the entity to perform an electronic transaction which requires identity data managed by the service provider. In this context, functionality includes but is not limited to registration, identity verification, authentication, attributes and their lifecycle management, federation, risk and activity monitoring, roles and entitlement management, provisioning and reporting.
The relevance, or perhaps novelty, of this definition, is that it focuses on the interaction of four elements: the entity, the service provider (which could be the entity in some cases), the specific functionality and the electronic transaction.
The Context of IDaaS
I believe that IDaaS as a concept has seen increased interest and coverage this year, in big part due to the impact of the global economic challenges which are forcing organizations to revisit its models for adopting and implementing IT initiatives that require identity management, as well as an increased emphasis in regulatory compliance and privacy awareness.
In any case, there are some important considerations regarding the definition of IDaaS that I would like to point out:
- It is not meant to be just a technical definition. And while the definition does not conflict (I would hope) with a technical definition or architectural approaches, it is important to think about IDaaS from a legal and jurisdictional standpoint as well. In this context, the definition of ownership, responsibilities and liabilities is significant to all parties involved in IDaaS. Tom Smedinghoff, a well-known contributor to the identity management industry, has created great content and led several initiatives that are bringing the legal aspect of digital identity management at par with its technical evolution, all of which is relevant to adopting IDaaS.
- The strength, rigorousness and thoroughness by which IDaaS is provided, should be measurable in an objective and demonstrable way, such that they can convey a specific level of confidence or assurance to the parties. This in turn will translate to a risk mitigation level that the parties can agree to be sufficient for a specific type of transaction. The Identity Assurance Certification Program run by the Kantara Initiative provides a very concrete vehicle to achieving this measurement.
- IDaaS should not be restricted or misconstrued as only applying to "cloud" based models. While IDaaS is particularly relevant for cloud-based services, IDaaS could also apply to on-premise models. In fact, I argue that it is in this area where the definition is most beneficial, as organizations can view its internally-facing (and possibly internally deployed) identity management infrastructure as identity services, allowing the demarcation of service scope and boundaries that will make outsourced, on-premise, cloud-based models or any combination therein more concrete, and easier valuate in business terms. The intention is not to confuse IDaaS with "Cloud Identity" or with "outsourced identity management", since the term could apply to all these cases.
- The concept should also not be restricted to enterprise IDaaS vs. consumer IDaaS, since the notion is basically the same. Evidently, the actors, the types of transactions, the levels of sensitivity in them, and other elements will vary greatly from enterprise to consumer environments, but the notion of how digital identity management applies to each could be thought of in the context of IDaaS.
Why is this even relevant?
My motivation to introduce this definition at this point is to attempt to set a common understanding of terms, allowing us to better understand the new trends, services and paradigms in identity management that are unraveling before our eyes. As I believe that a significant shift in identity management from a monolithic model to a true services-based infrastructure, has been at play for the past 2 years, with noticeable effects only in the past 6 months.
With this shift has come some degree of confusion in the industry among identity management in the context of cloud-based services (i.e. SaaS, Infrastructure as a service), identity federation (claims or assertion based) and the more traditional enterprise deployment models, to a point where they are at times seen as independent or separate; causing people to think of IDaaS as not relevant to the enterprise facing environment or mystifying it as another "cloud" term. And in some unfortunate instances this confusion has impacted the way an organization looks at implementing an identity management solution (either by limiting the range of options that it could look at or by widening it to include the wrong set of options).
I intend to demystify this concept a bit more in subsequent blogs, and attempt to bring more pragmatism around it by explaining how it applies to concrete scenarios. In the meantime, I appreciate your comments and reactions.
Posted by Adrian Rodriguez on Wed, Apr 22, 2009
You know that something
is new when it is listed in Wikipedia but still is not clearly defined.
Wikipedia says, “The
origin of the terminology "Integration as a Service" is not clearly
defined. However "IaaS" is becoming widely used in reference to Software
as a Service.”
Companies like Bluewolf
and Identropy are paving the way towards defining and implementing IaaS.
"Integration
software has become a commodity," said Lou Fox, CTO of Bluewolf.
"We focus on making sure you are successful with integration by wrapping
in monitoring, maintenance, enhancements and consulting into our
Integration-as-a-Service offering so that clients can get a complete solution,
not just a tool."
Ash Motiwala, CTO of
Identropy has said, “Identity Management lends itself perfectly for Integration
as a Service since the true goal of bringing these products in to any
environment is reducing costs. The next way to continue reducing those
operating costs is by providing support on those integrated systems.”
In my opinion,
technology has progressed from the normal implementations, to the much lesser
known Identity as a Service (which was popular about a year ago but really
never caught on because it is what all implementers were already doing) to
Integration as a Service (which provides the greatest value and return on
investment for an organization).
So if I were to define
IaaS, I would define it as a solution that combines consulting services and
implementation of identity solutions coupled with a proactively managed and
integrated support service.
In future posts we will
dive further into Identropy’s IaaS solution iMIS (Identropy Managed Identity
Service) http://www.Identropy.com/Products_iMIS/.
Posted by Adrian Rodriguez on Mon, Apr 06, 2009
I am so amazed when I
ask myself "how did that guy do it first?". If you think about it
aren't you shocked when you think about the first guy that said to himself I am
going to eat that octopus or that oyster...I mean if you have ever seen an
octopus or oyster you would say how do you eat that? It really doesn’t look
like one of the more edible things out there but guess what it’s a delicacy (of
course not for me because I’m allergic…so if you ever take me out to dinner
skip the seafood).
That brings me to the
thought of how many firsts do you get in this day and age and I must say that
the list of firsts is getting shorter and shorter. Only the really smart guys
are producing those firsts. I guess that Innovators will do things first. SAAS
"software as a Service" and Cloud Computing seem to be the last
couple of firsts that I have seen and I must say they are exciting and
innovative but what’s next and who is going to do it.
I don’t think that I
will have to go too far to find out who will be the next top innovator.
Identropy was mentioned in Gartner’s Magic Quadrant as an Innovator and has
consistently produced technology to improve the identity space.
What have we done
recently to get on this list? IAAS “Integration as a Service” which has been
achieved through the inception of iMIS “Identropy Managed Identity Service”.
Stays tuned for more
briefs or take a look at it on http://www.Identropy.com/Products_iMIS/