Identity and Access Management Framework Book

One thing I really, really, really hate about Windows 7 and the latest Office suite (other than the fact that these idiots have once again moved everything around for NO GOOD FREAKING REASON WHATSOEVER, requiring us to find old options in new places) is the need to be mouse-bound. I have an old colleague who amazed all of us by his ability to navigate Windows, including Explorer and all the other functions, strictly by keyboard. Lightning fast, in fact. He complains now that without a mouse, which is far slower, you can't get around.

Even without having taken a class on interface design, and creating Windows screens using C and Owl, I intuitively started building screens that could be easily operated with hot keys and shortcuts. But it seems nobody does that anymore.

Eventually, there won't be any more mice. It'll all be touch screens and voice activated. On a recent episode of 30 Rock, Alec Baldwin stands in front of a voice-ac TV and mutters the word "crap," which instantly brings up the Kardashians.

So what's the future hold for IAM? Like everythign else we do, it's heading for the cloud. But not instantaneously.  And the foot dragging isn't for technical reasons, primarily.

We still hear of having to mitigate multiple sources of authority, which sounds like an oxymoron, except when you consider this: we don't trust each other. I'm the source of authority for the CRM system, you're the source of authority for the forecasting system, and so on. In fact, fine-grained entitlements thrive on the notion that multiple authorities must be consulted.

I recently read a whitepaper which was trying to sell a particular vendor's cloud service for IAM, and it said that integrating new apps into an SSO structure was tough because for web SSO, you need to run agents on each app server. I'm not sure I buy that one, and regardless of how you do it, even if you're completely SAML-based, you still need to run something on every participating server just to eat and spit out SAML. So there's a weak argument.

You're always going to have limitations to SSO. In fact, as I've written in this space previously, we hear more and more about Reduced Single Signon, or RSO, in place of SSO. Regardless, with anything that’s got an “SO” tacked on the end of it, you have the additional complexity of multiple identities. I’m jeff.scheidel here, I’m jscheidel over there, I’m jeff1234 in the other place. My SSO/RSO function needs to look up the right identity for the right job, or at the very least provide to my target app whatever creds it needs to let me in. Oracle uses recently-acquired Passlogix for this. Other people use Symplified, Citrix OpenCloud, and then I’m writing something in Assembler on the side. Y’know, just for kicks.

There’s also still the need for connectors, or tunnels, or whatever terminology the vendors use, in order to jam creds into those individual apps.

But there’s always going to be that big limitation to IAM in the cloud: you’re not going to want anybody to provision for you. You will always want to control who represents you. Self-registration still needs approvals. In fact, it needs EXTRA approval.

When I was younger, I wanted to be a pro boxer. I was only able to get just so far. That’s just the way it is. Well, IAM in the cloud is only going to get so far, at least given the current environment.