When discussing the IAM product development plans of a company like Microsoft with clients, I sometimes refer to the idea that Microsoft’s engineers have their eye on the development of a “planetary” IAM system, meaning one that is very scalable yet enterprise secure. They (and other vendors in the industry) seem to have this as an aim, but such a vision gives rise to the question regarding what they might use to build such a system.
Enterprise IAM systems have matured some since their original introduction as suites or portfolios of products to address customer concerns about managing and administering access. But except for some externally facing implementations, scale and availability (in terms of being available everywhere) have eluded the design. We see some signs of the possibilities in efforts by standards bodies and industry consortiums in “setting the rules” and design to deliver large-scale planetary access management and identity administration, but it is still very much a minimalist design. The advent of cloud computing (both in hype and a little bit of reality) and software as a services (SaaS) is only highlighting the issue more. For example, you can witness the significant efforts being made by infrastructure software vendors to deliver both a software development environment to construct identity and security-aware SaaS as well as the IAM infrastructure elements for “cloud-construction tool kits” for the secure delivery of SaaS and cloud-based services. This in turn is being examined and tested by enterprises for enterprise use where applicable.
What issue am I talking about? I’m speaking of the convergence of enterprise IAM architecture and extranet/SaaS/cloud computing IAM architecture. It would be good if there were a common taxonomy and set of infrastructure software components that allow one IAM design to address both the enterprise and the ‘outside’ (another subject of a later discussion is what constitutes ‘outside’ these days, but let’s assume for the sake of this discussion it means the extranet/Internet). There would be the benefit of bringing enterprise-level IAM design attributes (such as layered security and reliability) to the construction of SaaS and cloud computing, while bringing the scale and user experience that consumers enjoy to the enterprise.
This wouldn’t be for architecture or engineering’s sake, but for the sake of the customer– both in the enterprise and in the consumer arena. Lower costs, easier training, improved service: we’ve seen this occur before when web architectures were adopted as formal enterprise infrastructure components– but only after efforts were made to secure them more effectively and create a robust business-ready environment in which to run.
It will eventually happen. Such development for infrastructure has precedents, and the pieces and enablers are there. It’s now up to customers, vendors and their partners to bring it together. Understanding and acting upon the timeline of when “out” (the extranet/Internet IAM architecture) is ready to be “in” (the enterprise) is a key planning effort for enterprises and providers alike.