Thursday, October 12, 2006

The Truth About Federated Identity Management

"It doesn't matter if you have a telephone. It only matters if someone you want to call has a telephone."

Sarah Scalet wrote a great article in CSO Online about federated identity management that you can find here. She talks about why Aramark implemented federation and why it hasn't really gone anywhere past their initial internal implementation. She makes some great points - I especially like her comment about "history being littered with supposedly revolutionary communications methods that sputtered and failed from too few adopters".

There are still lots of problems and issues that folks need to think about before they kick one of these projects off. Sarah's article goes into a lot of these issues including the competitive standards that are out there (SAML and WS-Federation), security paranoia and the hunt for the Holy Grail of computing: single sign-on.

The story's not all doom and gloom since she also has written in some great overviews of what Aramark, Boeing, Fifth Third Bank, McGraw-Hill and others are doing. But, the moral of the story is to make sure you understand what you are getting into and the business benefits (and risks) of federated identity management.

The question I have is where are the early adopter programs for federation from IBM, Microsoft and the other players? Where are the compelling scenarios and their solutions that would get us excited to jump on the band wagon? Who is helping to get the pump primed? Where's the eco-system?!

I get the distinct feeling that B-2-B federation is going to be limited to very specific scenarios (i.e., manufacturers and their suppliers) where the big buyer calls the shots...

Technorati Tags:
, , ,

No comments: