Two faces of Identity as a Service (IDaaS)

Here's a post based on comments by
Andras Cser, Sr. Analyst covering Identity Management, from a discussion we recently had. Andras was just leaving for vacation, so I'm posting this on his behalf.

In the
interviews I have been conducting for my research for my upcoming paper,
Identity As A Service, I repeatedly encountered two interpretations of IDaaS.

One interpretation is fairly simple:
Identity as a Service means Managed Identity Services (MIS). In this offering, a
Managed Service Provider (MSP) provides on-site or off-site services to the
customer, such as provisioning, directory management, or operation of a single
sign-on service (See this post for more on that

The other definition of IDaaS is
a bit looser: it refers to implementing identity and access management
functionality predominantly as Web services in a service oriented architecture
within the enterprise. Various line of business applications, policy management
applications, and other services then call these IM Web services either
autonomously or in an choreographed manner. Products in the market space aim to
expose functionality as Web services, but still lack an integrated framework in
which all services (authentication, authorization, provisioning, entitlements,
policy query, etc.) are expressed in a cohesive and integrated

It is also interesting to note that
although a SOA based IDaaS is not a requirement for MIS, an MSP will benefit
greatly from using a SOA oriented IM product which supports Web services and has
a thin client side component -- think about reusing the Web services based
framework to serve the needs of multiple clients. Additionally, MSPs can also
cut license costs by running the MIS solution on open source operating systems
and databases. Vendor support for such solutions is still sparse, but Fischer
International truly deserves an honorable mention for offering a provisioning
product which was built for MIS solutions from the ground up -- even if they lack
an established installed base.

At Forrester, we're partial to the
latter, broader,definition of IDaaS. It's representative of a much more
fundamental shift in the market for how products are designed and delivered (and
even which products have what features). Moving forward, we'll be publishing a
report on IDaaS which outlines why such an approach is needed, which vendors are
evolving their products in that direction and by how much, and what you can do
to prepare for this transformation.

We welcome your


re: Two faces of Identity as a Service (IDaaS)

I completely agree with the distinction raised here. In fact, I had brought up the same distinction in a blog post of my own defining Identity As A Service ( a few months back.The key thing to remember here is that while MIS will initially take off as a way to cost effectively deploy IdM, the real benefits of MIS will only come when it becomes part of the broader IDaaS-enabled SOA architecture, enabling the development of true identity-enabled applications.

re: Two faces of Identity as a Service (IDaaS)

Much has been discussed about Identity Theft, user ID's and Passwords stolen or hacked, credit cards being used without the owners knowledge and so on. Now there is a safe way of protecting your passwords and identity online from being copied, stolen and hacked by keyboard trojans, using your biometric fingerprint and face recognition, and even voice, to log on to web sites. By simply scanning your finger or face or voice you can log on to a web site, log on to your computer, and even encrypt files and folders. No more worrying about who might hack into your online accounts or even your email. No more remembering passwords or using the same passwords on many sites. This is an exciting new innovation from myBiodentity and they have about fourteen products that are enabled with biometrics including email encryption, password manager, virtual disk, and many more. You can read more at About Identity Theft and stolen passwords, recently I came across a site that uses Biometrics of finger, face and voice verification so the user just scans to log on. You can read more at