Intro

Kim Cameron and John Shewchuk jointly rolled out Microsoft’s vision of Identity Management (IDMaaS) as a Service and then Microsoft’s implementation of that vision as Windows Azure Active Directory (WAAD). I posted first impressions. Kim Cameron responded.

This morning over coffee I was gesturing through Zite — the iPhone and iPad personal publishing review app. There was my blog post in the headlines. I realize that Zite personalizes the headlines so probably no one else saw that, but that seemed pretty cool.

IMG_0021

Anyway, it got me to thinking what kind of things I would like to have access to in WAAD to see if it is going to work and meet some of the tough requirements.

Keeping it simple, here is what I came up with.

Give me Devices and Device Management in the Cloud

Give me a way to put my devices into the cloud and get events from them, manage them, and allow other apps and systems to manage them.

One way to do the whole thing would be to use the Windows Management Instrumentation design and Apples System Profiler.

Both systems are kind of old and have a legacy of issues around them. But that is perhaps the whole point. Make the legacy management namespaces work. Why reinvent them? Just use the moment to fix the inherent problems and move forward. We need a schema for known devices. No sense in creating a new one. Use the namespace we have; despite its complexities and detractors.

Built in to Windows is a management instrumentation framework. It’s called Windows Management Instrumentation. It’s a cool design but old and hard to get to—the rigorous but complicated Common Information Model and SOAP—both keep accessing WMI relatively hard.

The Apple System Profiler is also relatively complicated requires the use of Apples IOKit.

So here it is—give me device registration and management with a RESTful interface and JSON data format.

Here is on step better, when devices raise events, use the evented-api architecture — or an equivalent — and post them to a webhook so other apps can take independent action on the event.

Why Device Management in the cloud would be Cool

The identity explosion is upon us. Cisco recently published a report covered by Network World that predicts there will be 3 times as many devices as people by 2016 (18.9 billion) — I predict this number is conservative. Let’s see if we can securely put the management and profiling identifiers in the cloud, protect privacy, and enable access.

This way we keep things simple and we don’t have to start with people identifiers which tend to get people all worked up. People can readily start to see why device identifiers and claims in the cloud are useful. Other developers can throw in their management expertise and quit spending so much time building identity infrastructure for protection — after all, doing more with less resources is one of the core purposes of IDMaaS.

Do you have a better idea or any request about WAAD? Let me know and I will post it and see how Microsoft responds.