The Enterprise and The Perimeter
Cloud, Services & The Modern Enterprise
Organisations are not the same as they were 15 years. I talked about this recently with the onset of the 'modern' enterprise. What does that mean? Due to economic changes and changes in working patterns, organisations are now multifaceted complex beasts. No one team or department can be associated with a single process or business function. Supply chains are now swollen by outsourced providers, all rapidly engaged and critical to short term product launches or business deliverables. These business changes rely heavily on an agile identity management and authentication infrastructure, that can not only quickly engage new partners or suppliers, but also track, authorize, audit and remove users when they are no longer required or a partner contract expires.
Identity from a consumer sense has also altered. More and more individuals have an identity context on line. That could be something like a Facebook or LinkedIn account, right through to personal email, banking and ecommerce as well as consumer outsourced services such as Spotify, Kindle books or iTunes. Individuals are embracing applications and services that can give them non-physical access to experiences or data stores, all centred about their own identity. These online consumer identities are only as valid of course, if the identity owner is able to connect to those services and sites. That connectivity is now ubiquitous, making life experiences richer, whilst increasing demands for consumer scale infrastructure.
Standards and More Standards
I recently watched the Gartner on demand catch up series of the recent Catalyst event, that was neatly titled the "Identity Standards Smackdown". A panel of 5 leading identity go-getters, represented some of the emerging and long standing IAM standards, promoting their worth in the current landscape. The five represented were OAuth2, SCIM, XACML, OpenID Connect and SAML2. The details of each are all varied and there are numerous pro's and con's to each. What is interesting, is that we are now at a position where all of these standards are now playing a part in both public and private enterprise adoption, acting as catalysts for new service offerings by services and software vendors, as well as acting as a yardstick to aid comparisons, maturity metrics, interoperability and more.
The standards all play slightly different parts in the provisioning, authentication and authorization life cycle, but the healthy debate goes to show the both end user and vendor interest in this space is as hot as it has even been.