Note: this blog is a mirror of my HP Labs Blog, on the same topic, accessible at: http://h30507.www3.hp.com/t5/Research-on-Security-and/bg-p/163

Sunday, June 20, 2010

Is Federated Identity Management Dead (at least for Consumers)?

I am really wondering if, beyond the hype, federated identity management is actually happening – from the end-user/consumer side?

No doubt that federation and SSO solutions are more and more adopted by organisations – primarily driven by the need to cut costs.

But what about the adoption of federated identity management by web service providers, for services accessed by end-users/consumers?

I just read this article, written in 2008, called “Facing the pain of passwords”? Has anything improved? I do not think so …

My personal experience is that more and more accounts (and passwords) need to be created to access ***valuable services*** on the web (from web browsers and/or mobile applications).

Interestingly, this is contrast with the concept of “Personal Cloud” – as, for example, described in this article

Is there any up-to-date statistic describing the adoption rate of federation for this kind of services? What is the actual impact of federation to easy the pain?


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

2 comments:

Anonymous said...

Marco,
Disclaimer: I am the Identity Evangelist for PingIdentity.

I would say Fed. ID Man is not dead. Check on PingIdentity. We are seeing more and more companies using Ping Federate (or other tools) to connect to service providers. It's becoming a requirement for many companies to have fed. ID management for these service engagements. Also, check out this Network World story on Gartner identifying ID Man and Fed. ID as the top spending priority for IT.
http://www.networkworld.com/news/2010/061010-gartner-security-identity-management.html
Ping has partnerships with the likes of Salesforce.com and Google. On the consumer front, OpenID is starting to find some traction and we are offering a connector using OpenID to access Google Apps. And Google is becoming an RP to go along with its IDP efforts in order to foster OpenID adoption. See hear for a short article I did with Google's Eric Sachs around opening up identity and their focus on OpenID and OAuth.
http://www.pingidentity.com/blogs/pingtalk/index.cfm/2010/6/10/CIS-Series-Eric-Sachs-Opening-up-identity
A lot is happening and dollars are being spent.
I fact the comments section on your blog lets me us OpenID to verify my post.
take care
john

Marco Casassa Mont said...

Hi John. Thanks for your comments. Agreed. No doubt that Federated IdM is having success in the context of organisations.

However, on the consumer side, I am still struggling to see wide adoption of federation, at least for valuable services (e.g. banks, main online resellers, etc.): of course, this is based on my personal experience. I was looking for some related statistics but I haven't yet found them.

Regards,
Marco