Ian Glazer's posting about the idea of federated provisioning over on the Burton Group blog, and in so doing, exposing a whole hornet's nest of identity topics.
As I've said recently, I think we just ended "the first wave" of identity. The period ran (roughly) from 2001 to 2008 (7 years). It began with Passport, evolved into the rise of "real" identity management vendors like Netegrity and Oblix, morphed through the Liberty Alliance, SAML and federation, transformed into real implementations around provisioning and GRC, and collapsed (exhausted) with the release of "passport 2.0" (facebook connect).
That first wave saw identity become a real enterprise implementation. Identity vendors that could barely define what "digital identity" was in 2002, did the hard work of building all of the pieces needed to actually provide a substantial business benefit in the next five years.
Now, though, the enterprise is truly beginning to explore SaaS, the cloud, and "service-based" offerings.
And that brings with it the challenges of what I think is now the "second wave" of identity. So, while de-provisioning from LDAP vs. Salesforce.com shouldn't be much different technically, the truth is that conceptually it is.
Enterprise IT departments are awash in the "consumerization of IT" - that broad phenomenon wherein line of business managers can buy (or find for free) tech functionality via service-based offerings (no longer having to wait for IT to implement it). And that fundamental change is a big boulder being dropped into all technology ponds.
Identity will begin by adapting existing offerings to "secure" SaaS applications, but eventually identity management itself will have to be changed by the changing nature of how technology is bought and used.
Welcome to the second wave. (Hat tip to Toffler.)
--Eric Norlin
