The forces of cloud, mobile devices, social media and electronic data (context) continue to drive new waves of change in the Identity and Access Management (IAM) space. (Gartner calls these forces the Nexus of Forces.) Originally the phrase “federated identity” meant that that partners could use their own logins to access enterprise resources, or an employee could access multiple systems from different without having to login multiple times using different credentials (Single Sign-On.) Specific technologies and standards were developed to support these use cases. Now new challenges and opportunities are driving new types of IAM. For example, some companies are allowing customers to login using social media credentials (Facebook, Gmail, etc.) This is also leveraging “electronic identity credentials and attributes across system domains to support real-time sessions or transactions”, but it uses very different technologies. Does this mean that federation is becoming more important (based on the general functional definition of federation?) Or does this mean that federation is becoming less important because a smaller percentage of transactions use traditional federation tools in a traditional way? Normally one resolves such questions by using the definition preferred by the buyer or end user, but end users tend to talk about reusing logins , and buyers of IAM software typically refer to SSO. In general, neither group talks about identity federation. I’ve been tasked to think about the future of federated identity and I’ve been thrashing back and forth about whether “federation” is becoming more prevalent or going away. One thing is certain, the boundaries on the old narrow definition of federation are blurring and increasingly the word federation doesn’t bring clarity to the discussion.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.