Security & Risk Management
HomeAbout This BlogForrester Research

« Are We Ready For Managed Identity Services? | Main | Credit Crunch - Good for Security? »

Posted by Jonathan Penn on August 16, 2007

Two faces of Identity as a Service (IDaaS)

Here's a post based on comments by Andras Cser, Sr. Analyst covering Identity Management, from a discussion we recently had. Andras was just leaving for vacation, so I'm posting this on his behalf.

In the interviews I have been conducting for my research for my upcoming paper, Identity As A Service, I repeatedly encountered two interpretations of IDaaS.

One interpretation is fairly simple: Identity as a Service means Managed Identity Services (MIS). In this offering, a Managed Service Provider (MSP) provides on-site or off-site services to the customer, such as provisioning, directory management, or operation of a single sign-on service (See this post for more on that topic).

The other definition of IDaaS is a bit looser: it refers to implementing identity and access management functionality predominantly as Web services in a service oriented architecture within the enterprise. Various line of business applications, policy management applications, and other services then call these IM Web services either autonomously or in an choreographed manner. Products in the market space aim to expose functionality as Web services, but still lack an integrated framework in which all services (authentication, authorization, provisioning, entitlements, policy query, etc.) are expressed in a cohesive and integrated way.

It is also interesting to note that although a SOA based IDaaS is not a requirement for MIS, an MSP will benefit greatly from using a SOA oriented IM product which supports Web services and has a thin client side component -- think about reusing the Web services based framework to serve the needs of multiple clients. Additionally, MSPs can also cut license costs by running the MIS solution on open source operating systems and databases. Vendor support for such solutions is still sparse, but Fischer International truly deserves an honorable mention for offering a provisioning product which was built for MIS solutions from the ground up -- even if they lack an established installed base.

At Forrester, we're partial to the latter, broader,definition of IDaaS. It's representative of a much more fundamental shift in the market for how products are designed and delivered (and even which products have what features). Moving forward, we'll be publishing a report on IDaaS which outlines why such an approach is needed, which vendors are evolving their products in that direction and by how much, and what you can do to prepare for this transformation.

We welcome your thoughts.

Posted by Jonathan Penn at 05:41 PM in Identity and access management |

Digg This | Save to del.icio.us

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341c50bf53ef00e3933b75958834

Listed below are links to weblogs that reference Two faces of Identity as a Service (IDaaS):

Comments

Nishant Kaushik

I completely agree with the distinction raised here. In fact, I had brought up the same distinction in a blog post of my own defining Identity As A Service (http://blogs.oracle.com/talkingidentity/newsItems/departments/identityAsAService/2007/05/08#a107) a few months back.

The key thing to remember here is that while MIS will initially take off as a way to cost effectively deploy IdM, the real benefits of MIS will only come when it becomes part of the broader IDaaS-enabled SOA architecture, enabling the development of true identity-enabled applications.

Posted by: Nishant Kaushik | August 17, 2007 at 03:12 PM

biometric01

Much has been discussed about Identity Theft, user ID's and Passwords stolen or hacked, credit cards being used without the owners knowledge and so on. Now there is a safe way of protecting your passwords and identity online from being copied, stolen and hacked by keyboard trojans, using your biometric fingerprint and face recognition, and even voice, to log on to web sites. By simply scanning your finger or face or voice you can log on to a web site, log on to your computer, and even encrypt files and folders. No more worrying about who might hack into your online accounts or even your email. No more remembering passwords or using the same passwords on many sites. This is an exciting new innovation from myBiodentity and they have about fourteen products that are enabled with biometrics including email encryption, password manager, virtual disk, and many more. You can read more at About Identity Theft and stolen passwords, recently I came across a site that uses Biometrics of finger, face and voice verification so the user just scans to log on. You can read more at http://www.mybiodentity.com

Posted by: biometric01 | March 31, 2009 at 02:16 AM

The comments to this entry are closed.

Enter your email address:

Delivered by FeedBurner

Search this blog

SRM Podcasts

Forrester SR&M Links

Categories

Recent Posts

Archives

More...

Research Documents

Forrester IT Blogs

Security & Risk Analysts on Twitter

Entire contents ©2009 Forrester Research, Inc. All rights reserved. Forrester® is a registered trademark belonging to Forrester Research, Inc. Any use of the Forrester name is subject to Forrester's Citation Policy, available at www.forrester.com. The content on this Weblog is available for your informational and non-commercial use only. Usage by a company or organization for promotional, sales or advertising purposes must adhere to Forrester's Citation Policy and must be approved by the Forrester Citation Team. The views expressed by outside contributors and links to outside websites do not represent the views of Forrester, its management or employees. All content on this Weblog has been made available on an "as-is" basis, and Forrester shall not be liable for any direct or indirect damages arising out of use of this Weblog.