I’ve noticed that there is a (relatively) new buzzword in the Identity Management space: “Identity Services”. This term is already overloaded, as it is used to refer both to technological solutions/services and consulting services.
Sticking with the “technological view”, an interesting post in the Burton Group Identity Blog (http://identityblog.burtongroup.com/bgidps/2007/03/the_latticework.html) provides some insights, a view on their work on “Latticework of Identity Services” and the fact that customers might need multiple Identity Services (such as authentication, authorization, provisioning, credentialing services, etc.).
I noticed that Liberty Alliance provides an “Identity Service Interface Specification” (http://www.projectliberty.org/resource_center/specifications/liberty_alliance_id_sis_1_0_specifications).
Another post in the Loosely Coupled blog (http://www.looselycoupled.com/blog/lc00aa00124.html) makes a case for the need of “Identity Services” (as killer apps) in SOA and Web 2.0 contexts.
However, I am still struggling to see (at the very core) what the novelty on “Identity Services” is and how this would be different from what is already available today. Would an Identity Provider (IdP) be an example of an entity providing “Identity Services”, such as authentication, SSO, etc.?
What characterises an “Identity Service”? What are its key properties and features? What should be done differently from today? Are standardisation, interoperability and openness key requirements?
In my quest for better understanding of “Identity Services” and their implications for organisations and end-users, your input and views are really welcome …
No comments:
Post a Comment