Services as defined interfaces in identity management are becoming more and more important. They make it possible to use product functions as web services or via other standardized interfaces. A number of manufacturers are already working on such service layers, among them Oracle and HP—SAP, too, is going to implement such a layer in its NetWeaver Identity Management.
As explained in detail in the KCP report “Trend Report: Identity as a Service“ (http://www.kuppingercole.de/articles/trend_report_identity_services_art), these layers are important for the use of identities in applications and make the implementation of security easier, and they play a vital role in the support of network security-components or the implementation of customized user interfaces for identity management and security services.
According to our assessment, the availability of such layers will blur the presently rather rigid borderlines between different identity management products. The trend will be towards more complete suites with extensive service layers in favor of separate solutions for, e.g., provisioning, access management, and federation or single sign-on.
We expect that initially service layers will be proprietary and largely defined by each manufacturer according to their own standards. Yet, in some fields standards like SPML, SAML, DSML, XACML, and others do exist, and at least parts of them will be found in the above mentioned service layers. We expect that later on, this is to say in the years after 2010, a certain standardization will gradually conquer the market, partly due to specific standards in certain fields, partly due to de facto standards established by the market leaders.
Increasing service orientation will simultaneously lead to a better interchangeability between identity management products, although it won’t lead to a plug and play standard in the near future. Besides the service layers themselves, the support of standardized processes and workflows, for example via BPEL, and a more widespread use of SPML (and perhaps upgraded and more powerful releases) will play an important role in this process.
Basically, we can say that the use of service layers enhances interchangeability of the underlying engines—i.e. today’s IAM stand-alone products—which provide the services. This is especially true of the rather cost-intensive field of an enterprise’s own applications, which will be made much more flexible with the use of services. This increasing interchangeability will also prove effective during the phase when a manufacturer spanning standardization of services does not yet exist, because “mapping” other services above the service layer is relatively easy.
Insofar, service orientation does help to increase flexibility in sourcing—and therefore makes sense. But, like in other IT areas, matters will be more complicated than just to plug and play.
Created: 22.10.07, modified: 22.10.07