A number of significant trends are causing the authentication (AuthN) and authorization (AuthZ) architectures and technologies to significantly change.
Cloud, mobile and Social computing combined (The Computing Troika) are causing an identity explosion that is requiring organizations to embrace and evangelize authenticated access to any resource by anyone from any device.
At the same time, organizations are being required to address this more complex and demanding authentication environment with fewer resources and to do so more efficiently.
In short, the traditional point-to-point Federated Identity architecture is now obsolete. Organizations are required to move beyond Federation with centralized and single Identity Provider (IdP) designs to a Hybrid that is both distributed and multi-centered.
Organizations need to embrace the API Economy authentication mandates by allowing multiple types of entities to have authentication and authorization to information and resources. In this context, the word “entity” is used to describe possibilities that go beyond people. An entity can be another service, or an application, or an organization or a device. The multiple entity type of the API Economy needs to be able to authenticate independently for its own purposes or on behalf of another or others. “Another” can be described as any other single entity and “others” can be multiple entities.
Finally both traditional authentication standards and the new web-friendly standards are merging together in this Hybrid environment to address the multifaceted needs of the future of authentication.