Keynote at the European Identity & Cloud Conference 2013
May 14-17, 2013 at Munich, Germany
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Keynote at the European Identity & Cloud Conference 2013
May 14-17, 2013 at Munich, Germany
Keynote at the European Identity & Cloud Conference 2013
May 14-17, 2013 at Munich, Germany
This keynote will be on tackling the identity explosion, getting a grip on customers and partners. And here you go, Kim. Thank you. I just want you to know that some of my best friends are data commissioners. Okay. So I'm very fond of them. Okay. I'm gonna talk about extending identity management beyond the closed city, which is really what all of us are doing this year.
And I'll just roll back one year to my presentation at which of of last year, I, I always feel a little nervous giving a presentation because I know people will be looking at what I said last year and wondering whether I was actually telling the truth or not. In this case, what, what I was talking about there was, was the first public discussion of what became Azure active directory. And we went through the whole notion that the, that has been discussed today of economic dictates and the radical changes offered by the, by the cloud.
And identity management is a service as being the essential tendency in identity management. And in particular, I spoke about how identity management as a service was, was comprised of a series of composable capabilities. And it had to be able to offer all of those in order to survive and prosper in the cloud environment. And I gave the example, although I wasn't actually able at that time to talk with any specificity about what we were doing in terms of Azure active directory, the example of directory as a capability of identity management as a service.
So since then, let's look at how far we've come. We start off with last year's announcement at, at KuppingerCole. And then on the 23rd of May, we put out a series of announcements about active directory for the social enterprise, where we, we, we defined our, our brand for identity management as a service being active Azure active directory on August the ninth, we put out the active directory developer previews so that people who were building applications and people who wanted to look at the infrastructure proposals could actually get their hands dirty with it.
And on the eighth of we released for production Azure active directory, and that sort of brings us to where we are now at this EIC. There was one other really important event that concerned this whole evolution. And that was on September the 19th when salesforce.com also announced their own directory for the cloud, based on very similar principles, the notion of being not a, not a directory that owned by some entity, but rather a, an operator of directories that belonged to all of the different people using it.
So that was an excellent sort of a news for, for us that we had another very talented entity in exactly the same space. And this summer, the next phase will be new it developer, previews and so on. And I'm going to, to, to hint about some of those in the same way as I did last year. So before I get there, let's just review the, the birth certificates of windows, a the birth statistics of windows Azure active directory. So it was released on 8th of April. The number of organizational directories that had contained at that time was 2.9 million.
So there were 2.9 million enterprises, small businesses and government entities. The number of authentications we had processed on the day that we released, it was 265 billion. And that was the day that we actually took Azure active directory and said, anybody who has, who has been using any of our products that rely on a directory that are centered on a directory, can now have their ownership of that directory and start to use that directory for whatever purposes they want free not only in to, to work in our cloud, but to work in any of the clouds offered by anyone.
So how could we come out with a directory with, at that scale? It really is a, I have to say that I, myself, my mind was boggled by the scale at which we were able to, to come out. And I kind of think, well it's because we were sort of playing Hamburg.
Now, you, you know, I know there are enough Germans in this audience that somebody must have been in Hamburg to see whether the Beatles really were playing there for 10 years. So at the beer garden tonight, I'd like someone to straighten me out. If this myth isn't true, that the Beatles played in Hamburg for 10 years before they arrived as a overnight sensation in England. But if you wish we were working on Azure active directory for four years, because we, we base everything we do on directory. We couldn't exist without it.
At the end of that time, then we realized it was it, it was essential that we turn it over to its rightful owners. So if you look at what Azure active directory does, it extends active directory into the cloud and makes it available as something that can function across the internet and all of the different cloud platforms. So in a sense, you you'd be for, you'd be forgiven if you, if you thought, well, gee, it's just active directory, but running in the cloud.
But I, I guess what I want to talk about today is the fact that, although that is true, it's also something profoundly different, profoundly new. And we wanna look at that. So the key milestones in delivering it to the, to the cloud were were of two kinds. One is the it milestones, and one is the developer milestones. So it was, you know, we had to, we had to make it an independent cloud directory with user management capability and yet fully integrated with on premise directory. And so that involved releasing a push button projection of ad into the cloud.
And we did that with a thin based deer sync appliance. So we took those of you who, who are in the identity management space, which I think is almost everybody probably know FM, and we sort of disguised it, put it, wrapped it up so that it became user friendly and made that an appliance. So you could just push a button and your directory would synchronize with the cloud. But as you know, often you don't want everything to synchronize. You want to have a lot of control, you wanna do all kinds of custom things.
So in that case, you could take off the wrapping and underneath you would have full F and you could do whatever kind of synchronization you wanted. At the same time, we had to introduce a single sign on from ad using our ADFS product. And over the last few months, we, we also were able to add full support for non ad directories and non nonactive directory STSS.
So, so the result is you, you don't have to have ad on premise in order to end up using Azure active directory, you could say, well, I'm gonna source this using say sh as an identity provider and open L DAP as a directory. So we're really talking about the integration of on-premise directory and cloud directory, as opposed to simply the specifics of Azure active directory and ad in the same time, we also put a tremendous amount of effort into compliance, especially the, the fir the first level being to obtain FSMA certification, which processes quite time consuming.
But we're extremely far along in that and developing the business friendly management Porwal so that it could be operated by business people as opposed to technical people. And part of that was management and control of cloud applications and their access to the directory.
On the other hand, we worked on the developer and what I think of as the new generation directory milestones, so that in particular access to authentication through SAML two Ws Federation and or to open standards, support for access from mobile devices, especially iOS, so that iPhones and apple devices could, could all participate Android and windows. And we launched what we called the graph API basical, something very, very similar to the Facebook graph API. The diff the main difference being that the Facebook graph API is closed within the Facebook walled garden.
Whereas the, the graph API we introduced is an open one where you can put in elements of the graph that live in other platforms, in other places in the sky, the, the good thing from a, from, from the, the reason we chose that pattern was because it's, it's understood by 2 million Facebook developers. So it seemed like sort of a good place to start as opposed to inventing another, another pattern. It's like L D but it runs on universally. So we can use it on all the mobile devices and traverse firewalls and all that. And it reuses OAuth two authorization capabilities.
And so with that MIG application, developers can create applications that either run for a single tenant, meaning by a single tenant, I mean, a single enterprise, or they can create an application that can be used by many different tenants and yet be separate from a logical point of view. Now there happened to be some people here from Dayton, Daytona is, was Craig Burton told me about Daytona. He woke me up in the middle of the night because I was in Paris and he didn't know that and said, Hey, you gotta find out about this Dayton thing and you know, what it was worth waking up for.
So what they do is they, they support the API economy concept by letting you take an Excel spreadsheet and dragging it into your Dropbox and synchronizing the Dropbox with a service in the sky that does, that turns your, your, your data into APIs that work against all the traditional forms like SQL and, you know, different kinds of restful APIs and so on. So it's, it's a fascinating company.
And what, what they did with us was they figured out how to take their system and hook it up into Azure active directory. So it's really quite sweet.
And I, I chose it because it gives an example of, of what developers can do. So basically they, the idea is you drag your, your spreadsheet into, into Daytona's service. And then they pump it out using the graph API into Azure active directory and into the Azure graph store. I'll come back to that in a moment.
And they, they create customer principles inside your active directory tenant. So now you start to have in your tenant just using in this case, a simple spreadsheet, which the mind can easily imagine other sources of information. They can start to create representations inside their directories of all of their customers. They also then take advantage of Azure active directory's ability to federate into say, Gmail, Yahoo, Facebook, and so on, so that those customers can log in once again, using the graph API. So I'll give you just a quick idea of what this looks like.
You, you can go if you, our, our, our booth is up there. You can go there and take a look at talk to the Daytona people. You basically go to the, to this, this sample web app they did, and it uses active directory to get you into one of the social networks you log in through the social network, and you end up looking at the EIC agenda, and then that's done using the graph API.
And then, you know, for example, you can move into the favorites. The favorites is a set of relationships between people and sessions. So let's look at that for a minute. That's also done with graph API. So I found this fascinating, and this is why it's about Kuppinger Cole's attendees for customers and partners. That's the gist of the demo about access from the mobile devices and about the nodes in the social graph. And so if you think of it, you have people in sessions and you have different edges.
So you have the person as a, as a speaker, the person as an attendee, the person as a, like this person likes that session. And then, so you can then start to imagine crawling around this social graph and going and seeing well, who are the other people who like, who like the same session as I do, et cetera.
So when, when Martin was talking today, I, I couldn't help think about, this is really an example of the computing Shikha. It's the social computing, it's the mobile computing, it's the cloud computing all brought together. And that's so much at the center of what we're trying to achieve.
I'm I, I have no clock. You have two minutes or three, three minutes. Okay. I'm gonna have to then skip many, many slides, what the wall, there's a clock.
Oh, thank you. So the customer, I guess my main point here is I see the evolution, the next evolution of this as being towards customer and partner identity management. It's the next frontier and identity management as a service turning outwards to embrace all of the stakeholders in enterprise and government social graphs. And so part of what we've been working on for the next iteration is the system that allows you to define various customer journeys, no go here and ads, the, the requisite capabilities for dealing with customers.
So in my view, there, there are series of important new capabilities that had to be added to do this end, to end security in the, within the SAML environment, which has been missing, do not track capabilities to meet the privacy requirements that are emerging claims orchestration, to bring information from many different sources together and amalgamate it and ways to automate the user journey.
The orchestration is really the idea of a cloud-based service to assemble the identity statements that come from all of these different sources and to create user journeys that make that a pleasant experience for the user. So my, my thinking here is that this kind of a, this kind of an identity management is a service frontier. The next frontier that I see as being key can produce a two orders of magnitude simplification in the use of claims and extend the directory from just being internal with, with employees, to being external with your customers and your partners. Thank you.
Thank you, Kim. There's two things I wanna say about Kim.
Oh, oh one is that he is never left us with dead air. He always fills the entire time of his presentation and goes on beyond that. And I've known this man for 15 years and it's always been that way. But the second thing is that the things he tells you about today are things you're gonna be considering in your workplace tomorrow. He's always had the foresight to do that for you.