There has been some activity on cloud based IAM lately, most recently with the release of the new Intel Cloud based IAM solution. It looks pretty expensive for high volumes, but it might make sense for something that has total cost recovery or for small, elastic groups of transitory users. In HE, I am thinking about alumni or prospective students specifically. But in addition to writing about this, I wanted to make an updated rundown on the standards, since there is now movement on SCIM. Continue reading Run down on current cloud based IAM standards
The architectural ideal is to have a single source of authority for identity and AuthN/Z claims, hopefully based on something nice and open like LDAP. Then we began to see lots of federated identity solutions entering with SAML type federations. This, and SaaS solutions in the cloud take us back to the days of multiple identity silos maintaining duplicate (at least partially) records of identity. SaaS providers even see this identity that they maintain as a business asset with which they can create stickiness with their platforms. Questions arise in terms of comparisons of internal provisioning with cloud use models, typical workflows and functions required for cloud provisioning, synch of id profiles and attrs, and what motivates SaaS providers in terms of identity stores. Continue reading ID provisioning with clouds
Some interesting webinars on modern security practices, including tokenization and federated SSO strong factor AuthN. Continue reading Strong Factor AuthN and Federated SSO
[InCommon](http://www.incommon.org/basics.html) has just added [National Research Labs](https://spaces.internet2.edu/display/InCCollaborate/2011/06/21/InCommon+Expands+to+Include+Research+Organizations) to its federation, but still has an incredible distance to go to get a [significant amount](http://chronicle.com/article/Chasing-the-Single-Password/65343/) of the US HE space on board. But all of these places will not have true, enterprise SSO, since the advent of services across the network will break the single identity model. Are your users using twitter, fb, etc.? probably, even if you don’t know it. [Shadow systems](http://seanmehan.globat.com/blog/2011/06/17/it-empire-balkanizaiton/)! And this breaks your myth of true enterprise SSO and single identity.