Wednesday, November 17, 2010

Gartner: New Directions in Federation

by Bob Blakley. I’m live blogging from the Gartner IAM Summit in San Diego.

What are the demand drivers for federation?
  • Externalization: The users have left the building and so have the applications!
  • Economic pressures: Emphasis on cost reduction/containment. If you don’t specialize in an activity: outsource it, offshore it, or buy it as a service
  • Globalization and externalization: Enterprises interact with everyone: partners, customers, value chain, governments, higher education, joint ventures, etc. Applications, data, and users are everywhere.
No application is “safe” from SaaS. CRM, IAM, HR, Contractor Management, Payroll, Travel and expense reporting & processing, web conferencing, productivity applications, 10Q preparation and filing.

I think if I was starting a new business today I’d look to a goal of 100% of my infrastructure and business tools as SaaS apps.

There’s a growing supply of federations:
  • Shibboleth deployments in 25 national federations representing 1,500 apps and 15M users
  • Exostar has doubled its customer base to 66,000 orgs
The ecology is robust and growing.

Protocol wars are over. SAML 2.0 is preferred by enterprises. OpenID and OAuth continue to attract interest, but mostly for low-assurance uses. Information cards also have interesting use cases. The focus is on solving business problems and using right protocols for the business scenario.

The business model for federation as a hosted-model still needs to be shaken out.

An IdP service needs to handle: registration, ID proofing, authentication and federation.  Still some holes like SPML missing from this.

I highly recommend this paper by Bob: "A Relationship Layer for the Web". It's a free download.

What are some of the challenges around federation?
  • SAML is not ubiquitous
    • Many apps are not federation ready
    • A hybrid SSO capability will be needed
    • Federated provisioning is in a much worse state than SSO
  • Point to point federations are not scalable for large environments. How do you scale to 100s or 1000s of partners?
  • Compliance: Who audits what?!
Expanding federation’s scope:
  • Federation focuses on authentication today
    • But real federations require much more than authentication
    • Federation capability needs to be broader and deeper
Federation trends in 2010:
- Demand is strong.
- Cloud is driving
- Market is responding with innovative solutions
- Many unresolved issues remain: Uptake of federation protocols; SPML

Overall this was a great session. But, as Bob pointed out while a lot of progress has been made there’s also a very long road yet to be travelled for federation to really become ubiquitous.

Technorati Tags: ,,,,,

1 comment:

Jacob-Steen Madsen said...

At WAYF (The Danish federation in higher ed and research) we did create a product where it is possible for federation operators to manage SAML2 metadata in a configurable workflow with opportunities for idP's and RP's to manage their own metadata.
info can be found at:
We did develop that product for scalability reasons.