Architecture Presentations


Wednesday, November 27, 2013

Identity and Access Management

IAM is a huge topic as most architects know and deal with on a daily basis.
But some interesting trends on the IAM industry.
I classify the work involved in IAM into a few categories

  1. Traditional Provisioning Challenges - User Provisioning / de-provisioning, centralized user stores, Corporate LDAP / Directories.
  2. Enhanced Provisioning challenges - User / Group / Role management, Learning/Skill/Cert/Attestation based role changes, attributes management and utilizing them in corporate and business application
  3. Extend IAM to large end user population, solve the provisioning for scale,volume,high availability etc
  4. Entitlement/Permissions management - Move apps from managing permissions to more centralized permission management model
  5. Declarative access control / resource protection - Reverse proxy model to protect web resources by a centralized policy store
  6. Federation of identities and social integration
  7. Support for standards based identity integration using SAML, OAUTH.
  8. Identity management in Mobile devices - MDM and IAM integration story
As we all know the large players in this space are Oracle, CA, IBM, Microsoft and whole set of boutique niche players such as Okta, Ping, Courion,Sailpoint,Hitachi ID, Symplified and a variety of open source systems like OPENAM and  JOSSO.
Recently amazon introduced the AWS IAM support for SAML to promote federation as well.
For an independent IT organization centeralized IAM and Cross domain SSO is a long vision and to realize it requires strong vision, leadership, product roadmap and an effective combination of best of breed products that stand out in their own realms.


No comments:

Post a Comment