Since the advent of Web services, and other distributed computing standards for that matter, we’ve been wrestling with the notion of identity and how to manage it. Truth-be-told identity management has been put on the back burning are organization attempt to get their first Web services projects up-and-running. However, as Web services become more pervasive, this is an issue that is getting more attention.
With the increasing interest in identity management, so has risen the need for standards to better define this space. These standards are all aiming at binding together identity management systems within all organization into a unified whole, allowing for everyone to be know to everyone else, securely. To that point, let’s examine the emerging standards, along with notion of federated identity management.
Who Are You?
So, why do we need identity management? It’s the fact that Web services are not for internal use anymore, and those who leverage Web services (consumers), or produce Web services (provider), need to know known to each, else we risk invoking malicious or incorrect behavior, which could cost us dearly. This is clearly the case within trading communities that leverage Web services. Many outside organizations are binding to your services and you to theirs, and the potential for disaster increases, unless you know just who you’re dealing with.
Identity is important in the growth of sensitive data and confidential relationships online. Lacking identities there is no way to provide certain users with access to certain resources.
Today, we use managed identities, including different user names, passwords, and other identifying attributes. The same person may have links to many organizations, including frequent flyer sites, banking sites, employee benefit sites, etc. Perhaps you have a list of user names and passwords in your drawer today.
The number of identities that we have creates a challenge. We’ve all written down user IDs and passwords on sticky notes just to remember them. Moreover, IT organizations find it increasingly difficult to manage the profusion of identity databases, even within their own organization. The problem becomes more of an issue as we extend our reach outside of the firewall, inter-organization. Enter federated identity and potential solution to this problem.
Federated identity, including supporting standards, such as those from OASIS and the Liberty Alliance project are defining mechanisms that organizations may employ to share identity information between domains. While most understand the value of an identity management systems internal to an enterprise, federated identity presents a new set of problems, and an opportunity for solutions.