Federated Identity flourishing

Enterprise federations

Madyax

These, and multiple other SSO and authentication technologies, are enabled by federation, say experts. However, depending on their use, federated networks come in many different flavors, all of which are impacted by what analysts call an alphabet soup of standards.

Confusion over these standards have, so far, held up widespread adoption of federation, says Eve Maler, principal analyst with Forrester Research.

She estimates that large-enterprise adoption of federation for business process outsourcing, such as access to human resources web apps, is higher, although there is no formal data available. She adds that adoption will really take off now that the Security Assertion Markup Language, or SAML, became a standard once Microsoft adopted it for its Active Directory Federation Services (AD FS) 2.0, released in mid-2010.

“All vendors, services and enterprises need to get onboard with SAML if they want to federate identities,” says André Gold (left), senior director of technology operations and IT security at AutoTrader.com, a subsidiary of Cox Enterprises.

AutoTrader, which recently completed the acquisition of VinSolutions, a provider of end-to-end solution platforms for auto dealers, has been developing SSO provisioning internally based on SAML and other standards, and is now providing SSO to some of its customers.

“Federation has become a key component of our mergers and acquisitions strategy,” Gold says. “It will enable us to on-board new companies and, ultimately, new customers and consumers too, in a quicker and more cost-effective manner. More importantly, we will be able to provide a richer experience to these groups as they interact with different applications and products across the AutoTrader.com portfolio.”

While Gold has worked for organisations that have been able to build their own hooks based on SAML APIs, a growing number of organisations are turning to vendor products or identity service providers to federate their whole identity infrastructures, say analysts.

“Managing your identities, your PKI certificates, assertions and authentication is complicated in this ever-changing identity federation landscape,” says Dave Miller (right), CSO of Covisint, which supports nine million users of OnStar, linking vehicle drivers with remote services. “This is why analysts see a growing service industry around identities: These services handle the hard work of standardisation and identity management for them.”

American Hospital Association (AHA), based in Chicago, is one company that turned to an identity service from Symplified after federating the first five of 16 widely used software-as-a-service (SaaS) applications for the cloud. Some of the service applications they are federating include social intranet and collaboration provider Socialtext, document management and collaboration provider Box.net, IT self-service management provider Numara FootPrints, and HR payroll/time entry service UlitPro.

“In one example, we had our own custom SAML adoption for one of our performance management tools, but that tool vendor kept changing the way its login works around the exchanging of public and private encryption keys, and our links kept getting broken,” says Karthik Chakkarapani, the AHA's IT director of technology solutions & operations. “We didn't want to do this with 16 applications. And we didn't want to write our own code to enable the single sign-on to all these applications either.”

Next: Federating to mobility