As we steam along in 2013 with more releases and more fixes it is time to slow down the frantic pace and figure out what is the future.
Three articles explain what might be in store in the near future. Each article is written and presented by an expert. The first one is a thought provoking article on the future of IAM. The next one is a well researched material. But I am looking forward to the presentation in the European Identity and Cloud Conference which according to me will combine the opinions presented in the other two articles.
In the first article, Ian Glazer talks about rethinking the way data is organized and hit the nail on the head by suggesting the IAM system should mirror the modern web. The idea is yet to be explored and adopted. The good part about the suggestion is that lot of rework might not be needed in order to achieve what he suggests. However, we need to see products that redesigns and redeploys identity data. This is a great opportunity for development organizations. I am yet to see any big players announcing a move in that direction. It will be something worth watching for in 2013.
The second article, a presentation by Earl Perkin talks about People Centric Security (PCS). The idea behind PCS is that the user is responsible for information security. The IAM principles will have to be explored and reassessed in a lot of ways if the idea of PCS has to materialize. This is an area that doesn't need a lot of standards. Innovative ideas combined with existing frameworks like second factor authentication, risk engines, etc can be used to adopt PCS. At the end of 2013 I hope to see some best practices and knowledge sharing by security experts with regards to PCS.
Finally, The step towards extending the existing framework
is on its way as suggested by Martin Kuppinger. UMA and SCIM protocols are two such extensions. However, the adoption is still in its
nascent stages and as I mentioned in the earlier post newer
protocols may not inspire enterprises.
The extensions and
proposals should be made to the existing frameworks and accepted by the
protocol working committee. From an engineering perspective such changes
are easier to implement, adopt and deploy. Agile principles should not
be limited just to development but should be extended to protocol
working committees so that they release extensions to existing protocols more often. This is one change I would like to see in the
future. In 2013, I hope at least some of the protocols are ratified with
concurrence from industry. It will help the product management teams to commit on features and release products based on standards.
I hope in 2013 we can see some new products in IAM that implement some of the ideas discussed by the experts. Otherwise, it will be another year where expert predictions result in nothing but good reading material.
