To borrow another metaphor, the old phrase:
“Beware of Greeks bearing gifts”
…is reborn now as:
“Beware of SasS vendors bearing identity”
In this age of pushing our solutions to the cloud we need to be careful in adopting solutions that involve standing up another identity silo. Having another username and password is a time honored solution to most new applications but in this day and age is no longer acceptable. Stress to your SasS vendors that you need flexibility to:
- Federate with an external Identity Provider (i.e. your enterprise identity)
- Federate with a consumer Identity Provider (i.e. your Facebook/Yahoo/Google/Live identity)
There are certainly cases where SaaS vendors will need to provide both a solution for local username and password (small businesses for example) yet need the forethought to support extended federation scenarios for larger customers.
Another item that SaaS vendors are not immune to is the challenge of profile synchronization. Whenever an application must maintain preference or demographic data (name, title, menu preferences, etc) about you it must either keep that in a local store or rely on all of that data to arrive each time as part of the incoming claim set. In some cases, it’s simply not practical to do everything in the claim as it’s not the Identity Provider’s job to remember preferences for individual applications. The thing to remember here is that the profile data in the cloud must be created and maintained through some process. Look for options other than the manual ones to automate this.
0 comments:
Post a Comment