The buzz around Identity as a Service is heating up. I'll be discussing this in an online Webinar later this month ("Externalizing Identity into the Cloud,") but there are a couple of things I want to mention today that should be of interest.

First, the always fascinating Phil Lieberman (founder and CEO of Lieberman Software) weighed in on our recent discussions.

"My position has been that in theory IDaaS makes sense. [But] I believe that the IDaaS model breaks down in many areas: first, there is the reality that most IAM systems have extensive customizations done to them to support the unique business models (unique schemas). Second, most of the IAM systems also have integrations with third party line of business applications, that may or may not be supported in an IDaaS outsourced scenario. Third, and most critical in my mind, the IAM function is the most sensitive function in an organization (holding the keys to the kingdom), so the trust level in the vendor's confidentiality as well as business continuity/longevity issues would need to be brought into focus continuously. As a vendor of privileged identity management solutions, we see that most organizations are extraordinarily risk averse and secretive when it comes to identity management and security."

It's a very valid point Phil makes. One that an up-and-coming Austin, Texas, start-up is trying to address. But first a couple of other opinions on IdaaS.

Both Quest's Jackson Shaw and Sunview's Jeff Bohren weigh in on the problems of provisioning software-as-a-service (SaaS) applications. Jackson, in fact, mentions the start-up I want to tell you about -- Conformity.

I had the opportunity to talk to Conformity's founder, Scott Bils, last week and he assured me that Provisioning Services Markup Language (SPML) would be a cornerstone of the next release. That should alleviate some of the fears Jackson and Jeff voiced.

Conformity bills itself as a SaaS Gateway. They don't necessarily store your identity data, but can bridge from your in-house identity store (Active Directory, for example) to the various SaaS services you might use (currently Salesforce.com, NetSuite, OpenAir, Xactly, Google Apps and Amazon's EC2 with more being added regularly). According to Bils, Conformity wants to remove the three major problems that occur when an organization moves to SaaS:

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.