10-20 years ago there were no open standards for identity and access management. It was not even clear that “identity” would use HTTPS for transport.
I speak with system administrators, security architects, and web application developers who are describing how day by day it is becoming more difficult for them to manage inbound SSO from partners, and outbound SSO to an array of internal websites, SaaS services and Federated Sso.
Without Internet standards to authenticate a person at a domain, bridge identity solutions have emerged, for example Facebook Connect and Google sign in. At the same time, enterprises are locked-in to bridge solutions like “CA SiteMinder” or “Oracle Access Manager” — high priced, proprietary “identity provider saml and Access Management” suites.
20 years after the Internet explodes, open standards for Identity and Access Management have finally evolved. And there are a few open source implementations of these standards.
Like TCP/IP or the Web, standards for identity can be the coral reef for an ecosystem of enhanced services. Just to give one example, think about document sharing. Google has jumped out in front… but it only works if you a have a Google ID. Without Internet standards to build on, document sharing applications will have to use identity from centralized hubs.
As a society, Internet standards for identity can reduce our reliance on big centralized identity kingdoms like Google, Facebook, and Verizon, who have proven to be easy targets for government spying.
Internet standards for identity will also help us battle some of the smaller identity fiefdoms: for example the websites and applications who do a bad job storing our passwords. This will make the electronic world safer for the average person.
In the next 1-2 years, every domain on the Internet will adopt Internet standards for authentication. Will these organizations use (a) a cloud providers like Microsoft or SalesForce? (b) enterprise software from a company like Oracle? or (c) Open Source? The last option will have to overcome a serious handicap without a book from O’Reilly, telling them that its possible.
How the various platforms interact is complex. Although silo’d guides exist to document these platforms, its hard to figure out how to get the components to work together to deliver a robust authentication and entitlements management service for your domain.
This book is late… it should have been written in the ’90s, but the problem of “Internet identity” was inconveniently large and complex. It requires both “tools” and “rules” to make it happen, and neither were clear when the Internet was under-aged.
The book would have the following sections: (1) OAuth2 (2) SAML (3) LDAP. The sections could contain sub-chapters on available open source platforms. For example Shibboleth, SimpleSAMLphp, and Asimba for SAML. OX, NRI, or MitreID for OpenID Connect, and OpenDJ and OpenLDAP for LDAP.
I speak with system administrators, security architects, and web application developers who are describing how day by day it is becoming more difficult for them to manage inbound SSO from partners, and outbound SSO to an array of internal websites, SaaS services and Federated Sso.
Without Internet standards to authenticate a person at a domain, bridge identity solutions have emerged, for example Facebook Connect and Google sign in. At the same time, enterprises are locked-in to bridge solutions like “CA SiteMinder” or “Oracle Access Manager” — high priced, proprietary “identity provider saml and Access Management” suites.
20 years after the Internet explodes, open standards for Identity and Access Management have finally evolved. And there are a few open source implementations of these standards.
Like TCP/IP or the Web, standards for identity can be the coral reef for an ecosystem of enhanced services. Just to give one example, think about document sharing. Google has jumped out in front… but it only works if you a have a Google ID. Without Internet standards to build on, document sharing applications will have to use identity from centralized hubs.
As a society, Internet standards for identity can reduce our reliance on big centralized identity kingdoms like Google, Facebook, and Verizon, who have proven to be easy targets for government spying.
Internet standards for identity will also help us battle some of the smaller identity fiefdoms: for example the websites and applications who do a bad job storing our passwords. This will make the electronic world safer for the average person.
In the next 1-2 years, every domain on the Internet will adopt Internet standards for authentication. Will these organizations use (a) a cloud providers like Microsoft or SalesForce? (b) enterprise software from a company like Oracle? or (c) Open Source? The last option will have to overcome a serious handicap without a book from O’Reilly, telling them that its possible.
How the various platforms interact is complex. Although silo’d guides exist to document these platforms, its hard to figure out how to get the components to work together to deliver a robust authentication and entitlements management service for your domain.
This book is late… it should have been written in the ’90s, but the problem of “Internet identity” was inconveniently large and complex. It requires both “tools” and “rules” to make it happen, and neither were clear when the Internet was under-aged.
The book would have the following sections: (1) OAuth2 (2) SAML (3) LDAP. The sections could contain sub-chapters on available open source platforms. For example Shibboleth, SimpleSAMLphp, and Asimba for SAML. OX, NRI, or MitreID for OpenID Connect, and OpenDJ and OpenLDAP for LDAP.
RSS Feed