Identity Management solution already exist so why look to an ESB for the integration services. Like any solution you want an identity and access management platform that meets certain criteria such as sustainability, ongoing innovation, Integration capabilities and completeness of platform.
Why are the above issues relevant for an identity management platform? The reasoning comes from the fact that almost all identity management platforms are built up by acquisition and not innovation. Because of the manner IDM platforms are built most are usually proprietary. The build-by-acquisition methodology usually translates to costly licensing scenarios and relatively slow innovation with incremental improvements that usually lag behind the industry. While the solutions are presented as a purposefully designed product suite, in actuality they are separate products that are bolted together and altered to look like a relatively seamless offering, however to really make the solution work, you need expertise in each bolt on component in the solutions
The following part of the blog will deal with “identity based services” and how they fold into the service oriented framework.
What is IDM?
IDM stands for Identity Management and is often also referred to as IAM Identity and Access Management. The critical business needs delivered by this service stack are: provisioning and de-provisioning of user accounts, rights, entitlements and roles. At the core IDM is usually a specialized platform for delivering integration services for user accounts.
ESB and IDM
The fundamentals of an ESB provide an exceptionally capable Integration platform. The platform that is capable of delivering key IDM services such as provisioning and de-provisioning of users rights accounts and entitlements. IDM is a service that requires a robust and flexibly platform for delivering integration services, to various platforms and applications.
IDM requires the capability to deliver integration services to applications both in the cloud and within the enterprise. The core requirements for an IDM solution are to provide technological solutions to transform business decisions into actionable integration activities, synchronization, work-flows, micro-flows, auditing and reconciliation and remediation activities. In addition to these core services there are several other general categories that it must delivery on.
Being able to provide integration between data-stores and services both within theenterprise boundaries and the cloud is paramount for IDM. The cloud presents new intermediation scenarios which include SaaS and cloud services, custom cloud apps, on premise applications, and on premise services/resources.
Security covers the ability to authenticate and authorize access to any resource on the platform, the ability manage access to SaaS and cloud applications, encrypt and store sensitive data in a multi tenanted environment, secure published services using technologies like OAuth, SAML, and WS-Sec, SSL support, firewall rules and possibly VPN access.
One of the main services needed in implementing an IDM system is the orchestration required to make decisions based on input from many different platforms and systems. This requires connectivity and the ability to quickly and accurately map data between services. Also, micro flows, Event processing and workflow capability are required.
There is plethora of critical data in the enterprise protected by firewalls. IDM offers key services to provide secure channels and methods for a user to securely access data on premise, as well as in the cloud. There are also many identity related stores that need to be synchronized and updated inside and outside the organization.
Identity management ecosystems are almost exclusively built up using “proprietary engine and integration services” that are unique to a specific vendor. In contrast, an ESB provides a solid reliable integration platform that is continuously evolving due to the natural market pressure forcing continuous improvements across the board.
The use of an ESB for an identity management solution provides an ideal environment to squarely address issues such as sustainability, flexibility, on demand services, future proofing, and skill set availability. So, after knowing this, why would you want to invest the money and time to implement a legacy system. This approach can only lead to incurring a technological deficit which must be addressed at a future date usually requiring a complete system replacement.
Guest post from William Brant, CEO at Directory Services, Inc., a MuleSoft partner.
Directory Services, Inc. is a leader in the development of Identity Integration solutions. William developed and founded the Grey Tower Project, a key tool for creating open source Identity Management Solutions. He later expanded GreyTower to include SOA and ESB functionality to any IDM Platform, which is now the foundation of the Enterprise GreyTower family of products. William continues to champion the development of key Identity centric solutions, and is the main voice of bringing SOA and IDM together as compelling identity solution set.