Customer identity management is one of the foundational elements of every single product across business units. Instead of various products across the organization building and maintaining their identity systems (which they often do), the company should have one world-class system which can be leveraged across products.
Companies can have dozens of different systems that maintain customer identity data and provide identity services to hundreds of products. Having multiple identity systems not only limits our ability to leverage content and services easily across organizational
boundaries but also provides a sub-optimal customer experience and prevents us from understanding how customers are using our products over time, across the product lines. Based on many conversations in conferences and analyst calls it’s obvious that many companies are seeking to address these limitations by implementing centrally hosted identity and access management services (“IAM”) that will take an SOA-based approach to identity and access management.
Forrester defines Identity Management as a Service (“IDaaS”) as follows: Identity-Management-as-a-Service: A set of reusable, standardized services (typically SOA-based) that provide applications with access management, entitlement, provisioning, attribute, auditing, and policy management products and services.
The IAM implementation should offer core identity and access management services to products across the organization. This will allow the Businesses to focus on developing products and services that meet the customers’ needs without having to worry about implementing the functionality that will be offered by the IAM identity infrastructure such as.
- Provisioning Services (Identity Services)
- Attribute Services
- Authentication Services
- Authorization Services
- Workflow Services
- Auditing Services
The IAM implementation should include graphical, web-based interfaces that allow clients and administrators to interact directly with these services. Additionally, identity and authentication services should be exposed via web services and implemented using architectural styles such as representational state transfer (“REST”).