Identity as a delegated application.
Most Identity Access management solutions are tied to some membership providers where the request from the user can be authenticated and even authorized. It represents a singleton global instance in an organization that wants to authenticate its members. Such a paradigm inevitably leads to centralized global database-oriented mechanisms. This is primarily due to the fact that most sign-in requests to the users are coming with credentials that a user has or knows. However, such credentials are also stored in a vault or secure store. Consequently, the authentication process is merely an automation process that involves retrieving the credentials and validating it against an IAM provider.
Although vaults, membership providers and authentication modules are centralized for several users, they can also be dedicated for a single user. Such a use case drives applications such as mobile wallet, passport and keychains that can be personal rather than a central repository. It is these use cases that significantly expand the notion of authentication module as not necessarily tied to a single entity or worker but rather a co-ordination between dedicated and global instances.
A personal assistant closer to the user and dedicated to the user can take the credentials once and expand it to all the realms that the user navigates to. It can sign in and sign out the user seamlessly allowing greater mobility and productivity than ever before. The applications that interact with the personal assistant can do so over a variety of protocols and workflows enabling possibilities that were not available earlier.
Distributed authentication frameworks has to be differentiated by virtue of the user it serves. If the membership provider is distributed rather than centralized, that is unknown to the user. While this may be a significant distributed computing perspective, it is not personalized and certainly does not break up the well established design of traditional systems.
Most Identity Access management solutions are tied to some membership providers where the request from the user can be authenticated and even authorized. It represents a singleton global instance in an organization that wants to authenticate its members. Such a paradigm inevitably leads to centralized global database-oriented mechanisms. This is primarily due to the fact that most sign-in requests to the users are coming with credentials that a user has or knows. However, such credentials are also stored in a vault or secure store. Consequently, the authentication process is merely an automation process that involves retrieving the credentials and validating it against an IAM provider.
Although vaults, membership providers and authentication modules are centralized for several users, they can also be dedicated for a single user. Such a use case drives applications such as mobile wallet, passport and keychains that can be personal rather than a central repository. It is these use cases that significantly expand the notion of authentication module as not necessarily tied to a single entity or worker but rather a co-ordination between dedicated and global instances.
A personal assistant closer to the user and dedicated to the user can take the credentials once and expand it to all the realms that the user navigates to. It can sign in and sign out the user seamlessly allowing greater mobility and productivity than ever before. The applications that interact with the personal assistant can do so over a variety of protocols and workflows enabling possibilities that were not available earlier.
Distributed authentication frameworks has to be differentiated by virtue of the user it serves. If the membership provider is distributed rather than centralized, that is unknown to the user. While this may be a significant distributed computing perspective, it is not personalized and certainly does not break up the well established design of traditional systems.
No comments:
Post a Comment