Identity Trend 6: Identity Federation
By identity on Oct 23, 2009
This post is the sixth in a series of eleven posts I am writing about important trends in the Identity Management industry.
Identity Federation refers to the “technologies, standards and use-cases which serve to enable the portability of identity information across otherwise autonomous security domains. The ultimate goal of identity federation is to enable users of one domain to securely access data or systems of another domain seamlessly, and without the need for completely redundant user administration.” (Wikipedia – Federated Identity)
At the present time, Identity Federation technology has been well-proved is in production in many enterprises and government agencies. As the most broadly deployed standard for enabling cross-domain federation, SAML is well supported by a wide array of software vendors. Several successful business models have emerged to support federation technology, and implementation of this technology is becoming less complex. This growth in adoption will most likely continue, both within and beyond enterprise boundaries.
For several vertical markets, such as health care, the need for broad, integrated networks comprised of many interrelated enterprises (e.g. National Health Information Network) is accelerating the demand for federation deployment.
However, business challenges associated with federation are often more difficult to address than technology challenges and continue to be the primary impediment to broader adoption of this technology. Unless understandable and enforceable trust relationships exist between business entities, the technology to support such trust relationships is meaningless. Just like technology standards have emerged to enable the technical side of federation, I expect that more standardized legal agreements will be developed to simplify the establishment of legal trust relationships.
As cloud computing gains momentum as an alternative or complementary means to deploy systems and applications, federation can be a key technology to enable integration between various cloud systems or components. Discussion of how employ federation in cloud systems has led to interesting statements such as proposed by Symplified, Inc., at the recent Digital ID World Conference: “Federation is Dead. Long Live the Federation Fabric.”
The essence of Symplified’s argument is that using Identity Federation for point-to-point system integration is too complex and expensive. Therefore a web or fabric of federation is needed to simplify and extend current federation models. I expect that we will see “Federated Service Bus” technology to emerge to address this need, much like Enterprise Service Bus technology is currently employed to simplify complex integration challenges within enterprise systems.
To determine how you should address Identity Federation, consider questions such as these:
- Where have you already employed Federation?
- Where can federation simplify integration within your enterprise?
- Where would Federation enable more business value for your customers and your partners?
- Which of these relationships is highest priority for you?
- What trust relationships have you already established with other enterprises?
- What must you do to establish new trust relationships?