The forces of cloud, mobile devices, social media and electronic data (context) continue to drive new waves of change in the Identity and Access Management (IAM) space. (Gartner calls these forces the Nexus of Forces.) Originally the phrase “federated identity” meant that that partners could use their own logins to access enterprise resources, or an employee could access multiple systems from different without having to login multiple times using different credentials (Single Sign-On.) Specific technologies and standards were developed to support these use cases. Now new challenges and opportunities are driving new types of IAM. For example, some companies are allowing customers to login using social media credentials (Facebook, Gmail, etc.) This is also leveraging “electronic identity credentials and attributes across system domains to support real-time sessions or transactions”, but it uses very different technologies. Does this mean that federation is becoming more important (based on the general functional definition of federation?) Or does this mean that federation is becoming less important because a smaller percentage of transactions use traditional federation tools in a traditional way? Normally one resolves such questions by using the definition preferred by the buyer or end user, but end users tend to talk about reusing logins , and buyers of IAM software typically refer to SSO. In general, neither group talks about identity federation. I’ve been tasked to think about the future of federated identity and I’ve been thrashing back and forth about whether “federation” is becoming more prevalent or going away. One thing is certain, the boundaries on the old narrow definition of federation are blurring and increasingly the word federation doesn’t bring clarity to the discussion.
Category: Uncategorized Tags: