Federating between companies in different industries can also raise other, unforeseen issues, particularly in today’s regulatory
environment.
“You may be great at manufacturing, but you’re not that aware of the SEC regulations for accessing financial data -- or privacy
information … in a hospital,” says Roger Sullivan, vice president of business development for the application server division
at Oracle. These issues become even more complex when you consider the multinational nature of most large enterprises (see
The Global Challenge).
“One source that we point our customers to is the business guidelines documents being produced by the Liberty Alliance,” Sun’s
Shikiar says. “Those raise key issues around federated identity at a generic level -- things around risk, compliance, indemnification,
nonrepudiation, issues like that.” Resolving specific issues, of course, is up to you.
Driven by demand
Despite the various business, operational, and regulatory hurdles that must be overcome, federated identity is building real
momentum. The standards and technologies developed during the past several years have moved beyond the hypothetical into real-world
deployments.
“In the last six months, we’ve seen a lot of the plans that were put into place in 2002 and 2003 now come to maturity with
live implementations,” Liberty Alliance’s Nicholson says, citing significant deployments by AOL, Fidelity, and European mobile
carrier Orange, among others.
Indeed, businesses that have not yet considered federated identity may soon find themselves under pressure from vendors and
partners to get on the bandwagon. Steve Kessler, director of information security at Reynolds and Reynolds, a provider of
IT services, solutions, and software to the automotive industry and a Netegrity customer, says his company’s identity efforts
are definitely customer driven.
“[Federated identity] is definitely on the road map,” Kessler says. “Four different car companies or retailers have requested
cross-portal authentication, which leads into federation. So it’s absolutely something we’re looking at.”
In much the same way that Wal-Mart standardized its warehouse operations around RFID, larger companies may soon begin requiring
their customers to enter into federated identity relationships or else pay a premium to access services using traditional
means. Given this eventuality, it makes sense to begin planning for federation today.
The path to federation
Implementing federation certainly won’t be as easy as flipping a switch, but it doesn’t have to be a monumental hurdle, either.
This is one race in which slow and steady definitely wins.
“You need to take a stepwise approach,” Sun’s Shikiar says. “You need to start with an assessment. Where is your architecture
today? Where does it need to be? What standards do I need to embrace and how do they match up with my current architecture?”
As with most promising new ideas, the best policy is to focus on the areas of greatest need first.
“If I’m looking at federation, I would probably want to identify a few areas where it can help me the most, where I can implement
it initially,” Shikiar says. “Where do I have existing technologies or partnerships that could be facilitated by this? And
within those, which of those partners would be most likely to work with me on this project?”
Before jumping on the federation bandwagon, however, interested organizations must first establish a solid internal identity
infrastructure.
“You should be getting your identity infrastructure in order because you can’t share identities unless you’ve got your own
under control,” Oracle’s Sullivan says. That means making sound technology decisions that emphasize flexibility and building
in federation as a requirement from the beginning, even if you don’t have an immediate need for it.
After all, as Liberty Alliance’s Nicholson says, a federated approach is only natural. “Identity is inherently federated anyway.
It’s a distributed thing,” he says. “Is federated identity going to become a core part of how we do stuff on the Web without
realizing it? Yes, I believe it will. It solves real issues; it solves real requirements. The protocols may change over time,
the underlying technology may adapt and shift and change, but the concepts? Definitely.”
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
