Bringing SOA to Identity Management


Very few people have heard or a familiar with applying services with SOA , However, once you get past the business and marketing hype of Identity Management and SOA, what does it really mean to introduce these services into your organization?

Typically in an environment you have a CRM (Customer Relationship management) System, a Billing System, HR System and an Email system.

The complexity here is you have different applications running on different platforms, some are within your organization and some are cloud based. You also have different platforms; different protocols and you have different API’s.

So the CRM is on Linux and the HR system may be cloud based and only accessible through web services. Your billing system, might be on Linux, but supports JMS. And finally your email system may be on Windows but integration is done through .NET services.

So those are some of the challenges that SOA and Identity Management have in common, you have different operating systems, platforms, protocols and you have different API’s.

Complexities SOA Addresses

Where this gets complicated is that your CRM system needs to talk HR system and your billing system needs to talk Windows based email service. Your email also wants to speak to the CRM system and it wants to speak to the HR System. And the billing needs to talk to the CRM.

Each of these connections represents an integration challenge, and each one of these integration challenges represents code that you have to write inside your organization and maintain over time. Furthermore, if you need to add functionality to these integration points, such as security, error management, and transactions, you have to build that yourself as well. This adds even more complexity.

Most organization will look like this as they integrate applications over time in this typical point to point manner. The problem is that this approach doesn’t scale very well, so the releveant question is what are the alternatives to this flawed point to point integration methodology? An answer to this interesting question is provided further along in this blog.

Complexities Identity Management Addresses

Where this gets even more complicated is your identity system must connect and integration efficiently all these system. The identity system or (Vault) must be able to manage user accounts and to timely and efficiently provision, de-provision and provide password synchronization services.

Each of these connections represents an unique integation challenge, and represents propriety and expensive “connectors”, these connector also require a specialized skill sets to manage and maintain inside your organization. f you change A connectors functionality you will need access to specialized skill sets.

Most organization today have this point to point solution sets at the core of their identity management implementations. So the question comes up again as what are the alternative to this non scalable and flawed point to point integration methodology?

The ideal way of doing this is though the implementation of an enterprise service bus. The enterprise service bus gives you a common communication backbone between different applications.

The applications can share information between other applications just by producing and consuming information on that bus. So now if my CRM wants to talk to my reporting, or vice versa, that information will be made available on the bus as a common medium.

The identity Vault can communicate with the applications just by producing and consuming information on that bus. So now if I need to provision or de-provision account or synchronize on my CRM I can do that using the bus as a common medium.

The enterprise service bus gives you a communication platform and a common set of services that allow you to easily integrate other applications inside and outside your organization.

This is done simply by identifying the application and then providing the integration service.

So if you’re a CIO or an enterprise architect and this situation is familiar to you, or you want an alternative to an expensive point to point integration, the ESB really is your best answer.

Guest post from William Brant, CEO at Directory Services, Inc., a MuleSoft partner.

Directory Services, Inc. is a leader in the development of Identity Integration solutions. William developed and founded the Grey Tower Project, a key tool for creating open source Identity Management Solutions.  He later expanded GreyTower to include SOA and ESB functionality to any IDM Platform, which is now the foundation of the Enterprise GreyTower family of products. William continues to champion the development of key Identity centric solutions, and is the main voice of bringing SOA and IDM together as compelling identity solution set.


We'd love to hear your opinion on this post

2 Responses to “Bringing SOA to Identity Management”

  1. What’s an ID Vault? What sort of data and feature does it provide? is it more then just a thin layer to a DB User table?

  2. An IDVault is typically an LDAP directory that contains User Identities, Password for an organization.