Already today, some manufacturers find it difficult to separate application ranges of certain products clearly from one another. This becomes evident when we look at the used terms: Access Management, for instance, nowadays is used on many levels. And the single sign-on approaches reach from pure client solutions via standardized architectures up to Web single sign-on, which, in turn, is delivered mostly by Web Access management solutions, sometimes by federation products as the Microsoft ADFS (Active Directory Federation Services).
Taking the view of customers and users, the point is no longer to buy a certain product, but to solve a specific problem. One user needs defined auditing information, the other is looking for cryptographic or digital signature solutions, others again want to be able to store and re-read identity data of an application or are interested in easily accessing a reliable identity.
In short: The user doesn´t want products, but services. The components he needs are sometimes parts of complete suites, sometimes separate products. But usually he doesn´t really care whether what he uses is a provisioning solution or a meta directory service, as long as it provides access to defined identity information. The thing is that is works. The technical details and differences of course become manifest in the implementation, but this is the techies´ business. The user wants to see results.
For decision makers in business and persons in charge of budgets, the vital point, anyway, is if the service provided is able to solve the problem. The role of technology is reduced to delivering results. This is why nobody buys technology as long as it does not solve a business problem. When we look at it in this way, the current development away from focusing on specific (technical) products towards service-oriented approaches is not only logical, but inevitable.
KCP´s experience from strategy consulting projects point into the same direction. At present, the key point is no longer which products should be introduced, in which order this should happen and how the products interdepend, but to establish a clearly defined layer of services which allows identity information to be accessed, authentication services to be used and so on. In the light of this development, “Identity as a Service” was one the main issues at this year´s Digital ID World in Santa Clara, as my companion Tim Cole reported, even if – so far – the discussion was more concentrated on the consumer domain.
In this respect, some users seem to be a step further than the manufacturers who still cling to their individual products – probably a justifiable attitude facing today´s market. But it is not enough. Manufacturers whose efforts are not, in addition, directed towards creating a services infrastructure, will miss this development of the market.
Facing an infrastructure which encapsulates the different technologies by the help of services might at first sight suggest that only vendors of product suites are capable of following this development, since they are in a position to offer various service components at the same time. But the crux of the whole thing is that the underlying technologies become increasingly exchangeable. Best-of-breed products as individual solutions are most suitable to be integrated in order to offer specific services and, if necessary, can be replaced easily.
This is especially true for services which provide an identity repository for applications, i.e. an application directory. Since access is controlled via standards such as LDAP and DSML, replacing the utilized repository is (relatively) easy when changing to another product.
According to KCP, the discussion about Identity Management strategies should not only be concerned with products designed to solve specific tasks, but also with a service-oriented overall strategy comprising issues such as auditing, federation, cryptography, storage of identity data and many more. Technologies are of vital importance – but they must not be considered to be the only basis of important investment decisions.