Skip Links

Three potential scenarios for the future of identity federation

Identity gurus meet to thrash out the future of identity federation

Security Identity Management Alert By Dave Kearns, Network World
October 15, 2008 12:06 AM ET
Sign up for this newsletter now!

The foundation for security and enterprise management

Network World - I spent a day last week with SURFnet. And, no, SURFnet has nothing to do with Moondoggie, Gidget, or the Beach Boys and it wasn't in Huntington Beach. It's actually all about education, and this day was about identity. SURFnet is the organization that operates the Dutch National Research and Education Network. It connects universities, hospitals, research institutions and other non-commercial organizations and, in turn, connects to other European and world-wide NRENs. One area that SURFnet has pioneered is in federated identity services. But the organization thought that it was time to plan for the future, and that's what last week's meeting was about.

The group invited a couple of dozen folks to a day long workshop on federation. I was there as was the Burton Group’s Gerry Gebel, Ping Identity’s Andre Durand, the Liberty Alliance’s Eve Maler, representatives from some of the constituent organizations within SURFnet, and identity experts from all over Europe. We listened as Maarten Wegdam of the Telematica Instituut (site is in Dutch) outlined three potential scenarios for identity federation going forward. Telematica organized this session and were contracted by SURFnet to advise SURFnet on its plans.

The three scenarios were described as:
1) Identity as a service – Towards a service-oriented identity federation architecture.
2) The user in control – A loosely-coupled user-centric identity federation.
3) The IDP (Identity Provider)
– A tightly-coupled IDP-centric identity federation.

After the scenarios were outlined, we broke into three groups and each group developed one of the scenarios (I happened to draw the “user-centric” model). We then reconvened, discussed each group's findings and made recommendations to SURFnet as to the next steps they should take. I’m not going to go into the details of each scenario – or the recommendations – but one fascinating thing did occur. At a particularly abstract level, all three scenario recommendations looked very, very similar. The IDP-centric group, for example, recommended that there be at least some measure of user control over the release of data. And the user-centric group foresaw the need for cloud-based identity services (i.e., identity-as-a-service).

There were clear-cut distinctions, of course, but it’s heartening, really, that the three scenarios can share so many different features.

Your organization might not have the budget to pursue an effort like this, but given the excellent track record SURFnet has on networking and on identity issues it must be doing something right.

Read more about security in Network World's Security section.

Dave Kearns is senior analyst for Kuppinger-Cole and editor of IdM, the Journal of Identity Management.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News