The ever thought-provoking Pamela Dingle has issued a challenge to Enterprise Application vendors. In it, she puts forth the idea that technology and market demand has reached the point where those in the business of building and selling enterprise applications should (must?) figure out how to externalize authentication. But she also points out what has held off vendors from doing this already:
“In talking to your fellow vendors, I can almost feel the panic – you can’t possibly support all of the new technologies coming out, you aren’t even supporting technologies that are years old – how do you choose?”
That sentence captures in a nutshell the need for Identity Services, and why those of us in the IdM industry would do well to develop this vision. Externalizing identity is all about providing application developers reusable services that are independent of the underlying provider of those services. That will enable, as Pam puts it, vendors to “set up your application so that the customers can write their own identity front-end integrations”.
Authentication and Authorization are definitely at the forefront of this revolution in application development, mainly due to the ratification of decent standards in this area (like SAML and XACML). But there are many more facets to identity that need to escape from the application black box.
Oracle, as an application vendor with its large suite of enterprise applications and its full stable of IdM products, is faced with this same issue, probably more so than any other vendor. It is a question that has produced many hours of hallway discussions and burnt up the conference lines (I wouldn’t want to see that phone bill). Oracle is tackling this issue head on, as should be evident from today’s announcement (and Thomas Kurian’s keynote) at RSA unveiling our strategy for Service-Oriented Security. SOS covers the four stages of an application lifecycle – development, deployment, administration and governance. With SOS, organizations can now centralize and externalize security solutions as part of a flexible security architecture. Recent identity related efforts like the Identity Governance Framework are also part of this architecture, providing the ability to deliver privacy-aware applications.
The vision for Identity Services that I have been (passionately) talking about on this blog and in conferences is part of this larger view of an application’s lifecycle. In fact, the IdM team has just published a whitepaper on Identity Services to accompany this announcement, to which I contributed a lot of the content that I have been developing and presenting in my talks. If you are up for some interesting reading, download and check out the whitepaper. And as always, send your comments on the ideas and thoughts my way. I would love to hear your views on the vision.