It is a fascinating experience, getting to sit in a room with a group of people who have a great deal of experience working with Active Directory and many of Microsoft's other products. There are some very smart people sitting in a very close space!
As one guy reminds us, he is very much a type A personality. The rest of us just kind of laugh, we are all type A.
However, my thoughts tonight turn towards more of where directory services is going in the future. Microsoft has been pitching the idea that Windows 2012 is the server built from the cloud up for a while, and they really like their new Azure AD (which is really just directory services in the cloud). Combine that information with their history of going toe to toe with Oracle in the DB market and VMWare in the virtual server market, both places that Microsoft has made HUGE strides forward with the 2012 versions of their software. Now that Microsoft has put themselves in a place where there technologies have reached a mature point, they can turn their guns on the next big target:
Identity management.
To this point, Microsoft has kind of toyed around with it through their FIM solution; but you take that, combine in token services through ADFS, mix in some directory services through AD DS, and you put it all in a stable environment like Windows 2012 and they have an opportunity to push into a market that has so far been dominated by two different groups:
On premise identity management, providing companies with a way to present a single identity to each user that they use to access "everything" within their walls (and sometimes in the cloud, although it usually takes a combination of products).
In the cloud identity providers, which is really a very new market. Companies like OneLogin have put themselves in a good position in this market. Virtually replacing an on premise ADFS (or other SAML) solution. However the cloud solutions do not extend very well inside the boundaries of the company itself.
Microsoft, on the other hand, already has ties into a identity solution in the cloud (through their Live ID), has the leading on premise directory service (Active Directory) and has been managing SAML (token based), PKI (certificate based), and encrypted access for a long time. Add in their FIM product which is a good tool for interacting between directory services and you have what could be a very impressive identity management solution if the pieces are assembled correctly.
I imagine a time when users are able to take their identity with them from company to company and use it to authenticate into services like you do with a Facebook account. While at the same time companies are able to accept that identity, merge it into their environment and provide controls around access and gain insight into their own employees.
The solution could empower both employers and employees alike!
What kicked off this stream of thought? A PowerPoint presentation I came across while studying: http://download.microsoft.com/download/d/0/8/d08e709d-e760-45c7-80c7-e20727e993b4/IDENTITY_RAFAL/Identity_and_Access_Management_Overview.ppt
No comments:
Post a Comment