Access tokens, authorization and bridging identity data between enterprises and cloud service providers are three emerging trends that will dominate the identity landscape in 2012, according to Bob Blakley, a vice president and distinguished analyst at Gartner.
In addition, three additional trends that were prominent in 2011 will continue this year, most notably a focus on tactical identity projects as opposed to strategic ones, policy battles over identity and privacy, and the move toward assuring valid identities as demonstrated by the government's high-profile National Strategy for Trusted Identities in Cyberspace (NSTIC) program.
"As more and more information moves onto the Internet and devices, identity is going to be one of the levers of control that allows us to have predictable behavior with respect to the interaction between users and data on the Web," said Blakley, author of Gartner's "2012 Planning Guide: Identity and Privacy." (note: available for a fee).
Traditional security barriers that protected the enterprise are breaking down and the new security perimeter is draped across a new generation of service providers, online applications and mobile devices.
"It's an exciting time for identity unless you made a sizable investment in yesterday's infrastructure," Blakley said.
Gartner's report shows advancements are starting to bring about change, not only in the way IT thinks about identity and how it needs to manage it, but in the technologies and standards available to implement it.
"I think we are starting to see the outline of the identity system that is worth building for the long term," he said. But he added a caveat that the government could blur the outline as it weights tensions among the needs of law enforcement, the needs of commerce and the needs of citizens.
"If the government doesn't make it illegal to build this identity system, than I am hopeful [it will succeed]," Blakley said.
He sees four macro trends that will drive the IT market in 2012, including volatility in the economy, identity technology and privacy policies.
The other three trends are an increase in the number of identity producers, consumers, standards and stakeholders that IT teams have to deal with; the need to accommodate new architectures, services and devices; and mobility concerns around provisioning current identities to mobile devices and how to use mobile devices to strengthen existing identities.
Blakley says the three emerging trends driving identity in 2012 bring new challenges to the landscape, but also begin to chip away at existing issues.
Tokens are important because they move identity away from the confines of a stateful environment to a stateless model that maps to the RESTful architecture of the Web. The stateless model does not store identity information but merely passes access tokens with each request. The Open Authorization (OAuth) protocol is helping define this token model.
The rise of awareness around authorization highlights the need to build a centrally managed access policy structure that allows companies to log and track user actions. This structure can be applied across resources. This trend is closely tied to the rise in use of the Extensible Access Control Markup Language (XACML).
Finally, Blakley's "identity bridge" concept, which was created by colleague and fellow analyst Mark Diodati, recognizes that a centralized authoritative source of identity is being rendered obsolete. The goal now is to manage at the dividing line between the edge of the enterprise and the outside digital world of services. Within this trend the Simple Cloud Identity Management (SCIM) protocol is emerging as a standard although its scope is still limited. Services for managing identities between enterprises and cloud services are emerging, as well as, hubs for managing federations among partners.
Blakley's outlook is pragmatic.
"The light at the end of the tunnel is brighter but the tunnel is longer than we thought," he said .