- Forrester Councils
- Councils Overview
- log in
Posted by Eve Maler on May 30, 2013
Social sign-in has become a powerful force for marketers and consumers, validating the notion of federated identity in consumer-facing contexts. (Ironic that consumerization of IT is successfully tackling even the single sign-on problem that has bedeviled IT, showing how identity for the top line of the business can overcome resistance in ways that business-to-employee scenarios typically can't.)
But not all consumer-facing federated SSO is social. When I was with PayPal, our team worked on the underpinnings of what eventually turned into Log In with PayPal, which is strictly about federated identity flows for commercial purposes. And today Amazon has come out with Login with Amazon, a powerful statement of Amazon-as-identity-provider. They've been testing this with their own web properties Zappos and Woot; now they're enabling third-party merchants and other sites to use Amazon for authentication of people who already have active Amazon accounts, along with learning a few selected user attributes: name, email, and optionally the zip code of the default shipping addresses. No huge social graphs here, just data that partner eCommerce sites need to function (and make money).
As I discussed in my Outsourcing Identity Assurance research a while back, consumer-facing federated identity puts the focus on volume and the business upside therein, not (formal) verification. Active Amazon customers, numbering 200 million, are already online purchasers. That's super-valuable to merchants considering the relying party proposition, even though it's entirely outside the various government efforts to support "trusted identities in cyberspace" for more and safer eCommerce.
Where is all this going?
Separately, Amazon Web Services came out with interesting identity news of its own, unveiling something called Web Identity Federation as their answer to the challenge of propagating end user identities into developer/application/API contexts. There's now a lot of identity and credential data being flung around in cloud and mobile situations; let's try and tease them out. In my recent report API Management For Security Pros, I presented this diagram:
AWS already knows about developer and app identities (the entities in green), but the actual end user of the app (the entity in orange) may not be known yet. In fact, that person may not even have an Amazon login, much less AWS credentials. So Web Identity Federation is its bid to enable inward propagation of the end user's chosen identity (which could be hosted by Amazon or even Facebook or Google – yes, AWS is becoming an equal-opportunity relying party) for proper access control, personalization, and so on. A new Security Token Service (STS) API helps manage all the cross-domain "flinging." It's good stuff, and about time; this was becoming a competitive catchup issue. Microsoft's Windows Azure already has a fairly well thought-out answer to this problem.
What to take away from this news, then?
Lead BT Transformation
Develop customer-obsessed strategies to drive growth »
Forrester's CX Index
Predict how actions to improve CX will affect revenue performance.
Measure the customer experiences that matter most »
Free On-Demand and Live Events
Latest events from Forrester analysts, online and in person. »