At the last Digital ID World conference, I bumped into Douglas Anter by sheer luck at the Ping Identity party. He is responsible for Public and Analyst Relations at Compuware, the company that owns Covisint. Whether I would have some time for a briefing, he asked. You bet! I said.
I already knew that Covisint runs one of the largest federation networks for the automotive industry - tying together a large network of car manufacturers, the whole supply chain and retailers. But I didn't have the full picture yet, so I was eager. Well, as eager as you can reasonably be expected to be considering the aftermath of yet another of Ping's legendary parties and the fact that our "briefing breakfast" was scheduled at 9 AM. I met Doug, Todd Foland and to my pleasant surprise also Dan Beckett, who I remember from my previous times at Symlabs - he used to work for Dewpoint, an Identity Management consultancy in the US Midwest.
Covisint was founded in 2000 in order and one of its first undertakings was to manage an on-line auction for components used in the automotive industry. That auction was not popular - margins within the industry were already razor thin, and an auction to drive prices down even further was not met with a lot of enthusiasm.
(QUESTION) Maybe one or two sentences more about ANX?
Covisint quickly recognised the potential of connecting manufacturers for integrated supply chain management, and set up a large exchange for the automotive industry - which all but supplanted the ANX (automotive Network Exchange) that was set up in 1995 by the Automotive Industry Action Group.
As federation standards evolved, Covisint was one of the first companies to embrace the new technology and not only one of the first, but also largest users of the SAML standards. Building upon the OpenSAML platform, Covisint built its own heavily customised software infrastructure to cope with the massive amount of federated logins, and streamlined the management of federation agreements and trust relationships by building a comprehensive suite of management tools. Diversification was next - what had been accomplished for the automotive sector could now be replicated for other industries seeking to build integrated exchanges to enable supply chains and drive down costs. Within the energy sector, Covisint managed to build an exchange for BP, Shell and Chevron. The hottest market for Covisint is currently health care. Whilst revenue is growing at a healthy 44% overall, the business from the health care business is currently growing at a whooping 70% p.a. Whilst I will be focusing mostly on the identity management service offerings, Covisint offers other services as well, such as portal, collaboration and messaging services.
Covisint has certainly managed to address several pain points in federated networks. For one, running a complex federation network between multiple partners is a major undertaking - a good candidate for outsourcing by subscribing as a service. When the federation network is between one or few large organisations (hubs) with many smaller endpoints (spokes, or in the case of the automotive industry - suppliers), external identities and federation agreements must be managed. Smaller organisations do not typically have the knowledge nor the mechanisms in place to do so, in which case Covisint hosts the identities and allows organisations to managed them in a delegated fashion. In fact, Covisint runs the largest Identity Management-as-a-Service (IdMaaS) network in the world, partly by integrating with large organisations' internal Identity Management systems, partly by hosting identities itself and providing delegated administration to smaller organisations.
Another major pain point is the mapping of data in exchanged messages - in the case of complex federation agreements, this is often related to part within SAML messages that deal with context and privilege or group information. Covisint here has the advantage of long experience in exchanging EDI messages, converting and mapping data contained in them, so switching SAML messages must have come as a natural thing.
(DOUG - maybe this assumption is a bit carried away - or can I safely assume this?)
It was through the establishment of the federation networks that other services got added to the offering. Under the title "Identity Management as a Service" Covisint also offers access management and authorisation through its "Trusted Authorization Manager".
DOUG - How does Trusted Authorization Manager work? Is it a proxy that sites in front of a customer's web site? It this hosted by you guys, or can the proxy part actually be hosted by the customer?
At Kuppinger Cole we are seeing growing demand for "Identity as a Service" from two segments: small and medium enterprises, and large federated circles of trust. The appeal for IaaS for small and medium enterprises is clearly the possibility to outsource a business functions that would be more cumbersome tomaintain in-house. Identity is not an obvious candidate for outsourcing, as identity management solutions for small and medium enterprises are more ad-hoc and less regulatory pressure. However, as the trend towards Software as a Service (SaaS) and cloud computing continues, identity management must be extended outside of the enterprise, and IaaS becomes a natural fit. The appeal for large federated circles of trust are lie in the fact that the maintenance of a large or complex federation is costly and time-consuming, hence a well placed target for outsourcing. Companies such as Covisint that offer IaaS services are enjoying a healthy grow in revenue and we expect competition in that segment to increase, specifically as large players will begin to offer IaaS services through their cloud computing offers.