March 05, 2010

Catalyst Europe is Coming Up Fast!

Blogger: Bob Blakley

We hit the stage for Catalyst Europe on April 19.  If you haven't already made your plans to join us in Prague, we've got a little treat for you at the end of this post.

We're going to focus this year on the emerging identity architecture.  If you're looking, you can see this identity architecture around you already, in offerings from mainstream identity vendors like Microsoft and Oracle, but also in offerings from smaller firms like Gluu, Unbound ID, Radiant Logic, and others.

The elevator-pitch version of the story is this: licensed provisioning software packages compete in a market for identity management systems.  User-centric identity providers compete in a market for identity providers.  What enterprises need is neither a market for identity management systems nor a market for identity providers - what they need is a market for identities.

Federation technology, directory virtualization, and contextual access control can be combined to create a technical architecture on top of which this market for identities can emerge.  The market for identities has many advantages, but getting there will take time and it will take work.  We'll lay out the roadmap in Prague.

If (like me) you're a last-minute kinda person and you haven't registered yet, here's your reward for waiting: use the promo code "INSIDER" during registration, and you'll get your ticket for the discounted price of only 995 Euro.

Sign up today and we'll see you there!

Posted by at 10:07 AM in Bob Blakley, burtongroupcatalyst10, emerging technologies, entitlement management, federation, identity management, identity services, new identity business models, provisioning, relationship, SaaS, user centric identity | | Comments (0) | TrackBack (0)

|

February 01, 2010

Identity Services: Tackling Authorization

Blogger: Kevin Kampman

At the end of 2009, the Identity Services Work Group (ISWG) found a formal home at the Kantara Initiative. Encouraged by its prior work products, and the interest and participation at Burton Group’s Birds of a Feather session at Catalyst San Diego earlier in the year, the group revised its charter and the group was approved by Kantara’s leadership committee.

 

The group anticipates that the Kantara Initiative will increase opportunities for participation and distribution of its results. Observers or participants do not have to be Kantara Initiative members, and there is no investment requirement to become involved, although participants must sign a Group Participation Agreement (GPA). Brett McDowell, Kantara Initiative Executive Director, indicates that the results of the effort will be “freely re-usable and will be advanced by an open, inclusive and democratic process.”

 

At this point, the Identity and Access Services (IAS) group has issued a call for leadership and participation. The first order of business is to continue building out the use cases for authorization. If you are interested in participating, contact Gavin Illingworth at gavin.illingworth@bmo.com or register at http://signup.kantarainitiative.org/.

Posted by at 09:28 AM in entitlement management, identity services | | Comments (0) | TrackBack (0)

|

October 28, 2008

Microsoft and the SAML protocol come together in Geneva

Blogger: Gerry Gebel

At the PDC conference this week, Microsoft announced support for the SAML 2.0 protocol as part of a broader announcement regarding the beta release of the Geneva platform. Don Schmidt and Mike Jones of Microsoft also posted comments on the announcement. Geneva is the successor to the Active Directory Federation Services (ADFS) product and the Zermatt developer framework announced over the summer and has a broad scope as Microsoft’s “claims based access platform.”

Geneva includes the runtime server apparatus to support claims based applications, a developer framework for building those applications, and an enhanced Geneva CardSpace client. This is another positive step for Microsoft as this announcement addresses one of the main pain points for its customers that want to operate in many federation scenarios without imposing a specific protocol on partner organizations. Geneva, according to the announcement, contains support for WS-Federation, SAML 2.0 IDP lite and SP lite profiles, the GSA profile used by the U.S. federal government, WS-Trust and information cards. Finally, Microsoft customers will be able to interoperate in a heterogeneous federation environment using Microsoft tools exclusively. Some early interop testing has already occurred with Internet 2 Shibboleth, IBM’s Tivoli Federated Identity Manager, and Ping Identity PingFederate. 

Microsoft’s Geneva announcement moves applications toward a cleaner architecture that rely on shared services for authentication as well as authorization information. The next step we’re waiting to hear about is entitlement management and policy enforcement. Today, that is still handled by the developer within the business application. Will Microsoft also externalize that function a la entitlement management tools?

Now for the bad news… Can you wait until late 2009 or 2010 for Geneva? Yes, I know you’ve asked for this for at least three years now. Yes, I know that managing SharePoint access and federation is very painful but you’ll have to wait for some unspecified period of time before SharePoint - and other Microsoft applications – utilize the Geneva platform. Additional prerequisites, such as migrating to Windows Server 2008 and Windows 7, will likely be necessary to realize all the promised enhancements. Bottom line: you can continue waiting for Geneva (final composition of features subject to change – you know the drill), implement unsatisfactory workarounds, build some custom code, or look to the third party market for tools that provide enhanced functionality.

Posted by at 10:36 PM in authentication, entitlement management, federation | | Comments (0) | TrackBack (0)

|

September 30, 2008

A balanced discussion of entitlement management

Blogger: Gerry Gebel

Slide19

While attending Oracle Open World this past week, I sat in on an entitlement management presentation given by Bill Dettelback of Oracle. In it, Bill shared some pros and cons on the concept of externalizing authorization processing from applications and instantiating it in a shared infrastructure service. The first slide shows some of the pluses Bill discussed  - it’s a reasonable list and we often include things like savings in development costs and the ease of implementing policy changes when discussing this topic with clients.

It’s certainly not unusual for vendors to proclaim the merits of a technology generally oSlide20r their product in particular. But it is refreshing to hear a vendor willingly discuss some potential deficiencies  or areas of concern, as the next slide illustrates. We came up with our own list of issues in a previous blog post and we are examining these and other aspects of the entitlement management market in a report to be published by year end. What do you think? What is missing from these two lists?

Posted by at 09:22 PM in entitlement management | | Comments (1) | TrackBack (0)

|

  • Burton Group Free Resources Stay Connected Stay Connected Stay Connected Stay Connected

Categories



Archives

More...

About

Blog powered by TypePad