Federation: "a union of organizations"
(Merriam
Webster Online)

Today’s topic is not nearly so fun as yesterday’s,
but perhaps more practical. But I pose more questions than I can yet answer.

It was evident from the recent Catalyst Conference that Federated Identity
is a topic whose time has come. It is clear that customers want this stuff.
Products are maturing to match previous hype. But some big questions remain:
Can enterprises and other organizations effectively implement federation technology
to unify disparate organizations, as the dictionary definition suggests? Who
will solve the business issues concerning organizational interaction?

First – we see the demand: Sun is currently working with a
major US company who purchased licenses for Sun’s Access Manager product with
the intent to replace a vendor’s SSO product. However, since that original purchase,
their focus has switched to using the product to enable federated SSO with business
partners, reasoning that customers and partners, not employees, generate new
revenue. Federation enables that new revenue creation.

We see other customers, who offer services from themselves and partners through
online portals, anxious to implemented federated SSO to give their customers
a better user experience. This is directly in line with the conference address
entitled "Uniting the Universe: Identity Management Enables the Participation
Age," by John
Loiacono, Sun’s Executive Vice President of Software. John claimed that
"Federated technology enables aligning participants for rapid growth and
infinite scale."

Dave Temoshok from the US General Services Administration reported that the
federation infrastructure being architected by GSA "addresses Trust, Interoperable
Technology and Business Relationships." He observed that a federated architecture
may enable better citizen interaction with the federal government without assembling
a single master Identity repository that many fear and loathe.

Second – technology is maturing: The featured technology
demonstration at the conference was focused on

Federated Interoperability. Twelve
vendors enthusiatically demonstrated how they could interoperate with others
using a variety of federation protocols.

Dan Blum
of the Burton Group observed that on the federation standards front, Liberty/SAML
is making the most progress now, but Microsoft and IBM, champions of the WS*
suite of protocols, are progressing slowly. However, we should "beware
of the tortoise overtaking the hare." The interoperability demonstration
at the conference, echoing the sentiments of the Sun and Microsoft interoperability
work, showed that federated services can exist, even in a multi-protocol
world.

Sun’s decision to offer basic single-domain SSO capability to the open source
community sends the message that basic SSO is old stuff, that the future is
with federation. John Loiacono stated that "OpenSSO changes the conversation
from plumbing to innovation."

Third – the gotcha: Despite all the good hype about federation,
Brook Schoenfield of Cisco warned that "trust establishment is a currently
a manual process that must be in place before web services interaction."
Trust is an essential element of any federated business relationship. As I observed
in a recent blog entry,
"Trust between enterprises is a prerequisite to establishing federated
exchange of Identity Information."

An overriding theme in the Catalyst Conference was that business issues are
more important than technology in effectively implementing an Identity Management
strategy. So it is with Federated Identity. In order to make the advances in
federated technology effective, organizations must learn how to easily put in
place the legal agreements and business cultures that support federated business
operations. Brook Schoenfeld went on to propose that automated methods for trust
establishment may be part of the solution to this issue.

Regardless of the methods, it would seem to me that Organizational
Behavior theory addressing the interactions between organizations will be
as important as technical federation expertise in acclerating the effective
implementation of Federated Identity. Perhaps the science of Social
Networks will apply. I just hope that you OB experts out there, where ever
you are, can connect your thoughts with all the federation techies to solve
these real-world business challenges. Any ideas?

Tag: Identity