COmanage Developers List

[Keith Hazelton <>]

Blakley article on "The Emerging Architecture of Identity Management"   --k

_________________

Begin forwarded message:

From: Harold Teunissen <>

Date: January 6, 2011 15:08:24 CST

To: Emily Eisbruch <>

Cc: Harold Teunissen <>,

Subject: Re: [paccman] Bob Blakley article on "The Emerging Architecture of Identity Management"

Folks,

A quick scan on google reveals the paper on http://mms.businesswire.com/bwapps/mediaserver/ViewMedia?mgid=237020&vid=1

Not sure whether this is the latest version.

Cheers,

Harold

On Jan 6, 2011, at 8:41 PM, Emily Eisbruch wrote:

Hello MACE-paccman Working Group,

On today's MACE-paccman call, I offered to resend instructions on accessing the  Bob Blakley article "The Emerging Architecture of Identity Management."

The link is: 

http://ww2.radiantlogic.com/lp/whitepaper/gartner_report_2010.html  

Note that to access the full article it is necessary to provide your email to RadiantLogic.

For context, please reread the section on "Pull vs. Provisioning" from the minutes of the 2-Dec-2010 MACE-paccman call, provided below.

Thank you,

Emily

From the minutes of the 2-Dec-2010 MACE-paccman call: 

Pull vs. Provisioning

Tom Zeller would appreciate comments on Bob Blakley's "The Emerging Architecture of Identity Management."  Copyright belongs to Burton Group, so permission to distribute the article is being sought. It is possible to download the article for free without Burton subscription if you provide your email to RadiantLogic.

http://ww2.radiantlogic.com/lp/whitepaper/gartner_report_2010.html 

The core idea in the Blakley article is that in the next several years there will be an emerging market for identities. It will be possible to monetize username and password, espeically those with higher level of assurance, such as exist in higher ed. Having a large LOA federation is valuable. Push-based provisioning won't support the market.  Real time pull will be essential. Blakley suggests that the model for the future is a virtual federated diretory. Applications getting data from this virtual federated directory will not need to be SAML-aware, so more applications will be able to use this.

TomZ has been spending time working on a push model, writing shim code, connector code. The SAML Change Notify proposal could be important in this approach, as was mentioned in the "Bleeding Edge of Identity Management" presentation at FMM:

http://www.internet2.edu/presentations/fall10/20101103-edge-zeller.pdf 

But what about the concern that the push model does not scale? Is there a way to wrap SPML and SAML to fit into the new emerging market? In any case, the push model will still be needed for a while.

There is a chance Bob Blakley would join a future MACE-paccman call to discuss, which would be helpful.

Emily Eisbruch, Technology Transfer Analyst

Internet2

office: +1-734-352-4996 | mobile +1-734-730-5749

Visit our website: www.internet2.edu
Follow us on Twitter: www.twitter.com/internet2
Become a Fan on Facebook: www.internet2.edu/facebook

 

===

SURFnet
Radboudkwartier 273
3511 CK Utrecht
The Netherlands
M: +31 6 1164 0105

http://www.linkedin.com/in/haroldteunissen