We’ve recently returned from the Gartner Catalyst Conference in San Diego, which was an incredible opportunity to learn from analysts, do a little salesmanship, and share a drink with new friends.
One of the hallmarks of these events is the proclamation that a technology, standard, or practice “is dead.” Of course, such proclamations are generally made tongue-in-cheek, and have even spawned the occasional zombie meme and fears of a standards-hungry serial killer.
Whatever protocols rise or fall, the demise of a particular technology does not mean enterprises (and the Internet more generally) will not need to reliably identify users and assert their permissions. Indeed, as ever more credentials and valuable data are shared among servers across the web, robust authentication and authorization are becoming more important every day.
Bob Blakley famously proclaimed “the death of authentication” at last year’s Ping Cloud Identity event. But he didn’t mean the time had come to give up on confirming users’ identities across computer networks; he was foretelling the demise of simplistic authentication techniques like technologically obsolete Form Based Authentication (the ubiquitous username and password), and the rise of more sophisticated identification schemes. While most systems the world over are still based on FBA, technological advances and the proliferation of myriad access devices have enabled and then necessitated the emergence of smarter user recognition.
This secure recognition is dependent on an attribute-rich and context-based view of users, their online personas, and the devices they carry. Attribute-based authorization is pretty intuitive: by leveraging more of the information a company has about its users in building secure tokens, enterprises can enable more nuanced permissions to their users. To restate a classic example of context-driven IAM, we might authorize financial transactions by the CFO very differently when they come in at 3 PM from his desktop computer at corporate headquarters than if they come in the middle of the night from a mobile device in the Cayman Islands.
As Gartner analyst Ian Glazer stated in his presentation on externalized authorization at Catalyst, the value of a federated virtual directory becomes ever clearer as the need for attribute-rich and context-driven authorization grows. In order to deliver this level of fine-grained security, any identity provider or policy server will require access to as much identity data about users as possible – roles, seniority, geography, device permissions, and so on. Yet, for many enterprises, the identity backend is a tangle of heterogeneous data silos and custom script routines, making it all but impossible to deliver the coherent and comprehensive logical view of users needed to grant access rights.
Simplifying a complex, distributed and heterogeneous patchwork of identity silos so that it is ready for use, whether by on-premise, SaaS, or federation applications is the job of a federated identity service. This system forms a virtual layer that integrates with each of your organization’s underlying data silos, performing a union of user populations and joining their attributes from across the enterprise. That federated hub becomes the authoritative source for identity data for your identity provider and applications.
No matter how you slice security, the need to identify your users—and the context surrounding them—is greater than ever before. Specific technologies come and go, but the changing computing landscape doesn’t mean an end to those fundamental issues; it just means the technologies that deliver it must evolve.
- 07 May 2013From Groups to Roles to Context: The Emergence of Attributes in Authorization
- 30 Apr 2013In Context: The Next Frontier of Your Digital Identity
- 15 Apr 2013Bringing IAM Back to Life with a Federated Identity Service: Leveraging Your Silos for Authentication and SSO
- 09 Apr 2013The Next Big Leap in Identity and Access Management Is Here