Enterprise Identity Management and Business Relationships

Enterprise Identity Management has reached an awkward adolescent period, with prior success, tumultuous present, and uncertain future.    My colleague Ian Glazer at Gartner, published a thought provoking video entitled “Killing Identity Management in Order to Save It.”     The basic premise,  conventional Enterprise  Identity Management  inhibits  dynamic business relationships across today’s prevalent web interactions.   Traditional Enterprise Identity Management leads to lost customers, poor revenue growth, and inefficient business interactions.

Given the large historical investment in Enterprise Identity Management, how can IT Teams move beyond legacy practices and embrace New Web interactions, ad hoc team formation,  and promote business relationships?

New Enterprise Identity Management Future

Consider, for a moment, (Alfred Hitchcock theme song playing),

 The first priority for Identity Management is to facilitate business relationships, rather than simply authorize access.

Twitter, Facebook, LinkedIn, and Google have built billion dollar businesses based on Identity and Identity Relationships, without implementing traditional identity management practices and infrastructure.

Enterprise Identity Management must transform to implement The New Web paradigm embracing external identity assertions, user based authorization, trust models, and dynamic relationships.

As Ian mentions,   traditional Enterprise Identity Management is:

  • Static and relying on central control

  • Does not keep pace with the modern enterprise

  • Is often a separate set of services disconnected from core business picture

To create a more adaptive business, based on dynamic collaboration and accessible business capabilities, we must recast the purpose of Identity and definition of Identity Management.

Identity is about Relationships

People establish names and reputations to foster relationships.  Relationships drive business interactions leading to opportunity and revenue.   An Identity Management strategy built to adapt will:

  1. Place relationships at the center (e.g. Chris is a friend of Anne Thomas)
  2. Define identity based on attributes (e.g. Chris knows SOA and Cloud)
  3. Authorize access based on context (e.g. Chris is working on Project Tango)

New Web standards such as OAuth, OpenID, XACML, and XDI seek to build a cross-organizational, cross-stakeholder framework that decentralizes control, and encourages grassroots participation (similar to the principles accelerating  Internet and Web adoption).

When searching for a Responsive IT framework that underpins a business friendly identity management strategy, IT geek-speak will include:

  • Web Single Sign-On and Federation
  • Fine-Grained Access Control
  • API Security
  • Cloud Identity Provisioning (SCIM)


The time is now to evolve identity management, adapt to contemporary web identity,  and enable value web business models that increase  customer interaction and expand channel opportunities.


Recommended Reading

Killing IAM in Order to Save It

Identity Server as a SCIM Provider

Why OAuth Itself is not an Authorization Framework









1) Web SSO and Federation – 4.5 / 4.5.1

- Provide SSO across various apps.
- WSO2 example : Manage various u/p across systems
Explain SAML vs. Open ID for SSO, pros/cons
SSO between various apps, internal and external
Example : SalesForce and Google Apps  . Login on Google Apps, you’re on SalesForce as well.
2) Fine-grained Access Control 
XACML support
Policy Distribution Model – Manage centrally / publish globally
Mention scénarios with API Manager / ESB
Example : Using XACML with Liferay -
3) API Security 
Translate Webinar into article
How to leverage OAuth and XACML for API security ( auth and  AZN)
4) Identity Management 
Managing users/roles
Multiple user stores (explain setup)
Tenant-wise user stores
Passwd Recovery/policies
Case Study: how we applied this at WSO2 ?
5) Identity provisioning (SCIM)
What is it ?
Why use it
API Overview
Case Study: how we applied this at WSO2 ?


One thought on “Enterprise Identity Management and Business Relationships

Comments are closed.