Identity management as a service

Identity management as a service

Summary: Is Identity Management as a Service ("IdMaaS") a viable option?


Last week, fellow ZDNet blogger Phil Wainewright mused about who might buy next. In the course of doing so, he raised the possibility of federated identity as a possible target, but (rather kindly) deferred to us.

All of that got me thinking of a conversation I had at last year's Digital ID World conference. This type of service was tried once before - you might know it as Passport. One hallway conversation with Jamie Lewis, CEO of Burton Group found me asserting that identity management as a service ("IdMaaS" ?) was going to happen, while Jamie argued that companies would find identity data too important to hand-over to others.

At the time of that conversation there were two prominent niche example of IdMaaS: the now-defunct (at least in its past form) Grand Central communications, and Covisint, which began running IdMaaS for the automotive industry and has branched out into healthcare. So it would seem that Identity Management as a Service is at least possible. The real question is, is it viable, and thus a possible acquisition area for

Full disclosure: From October 2002 to August 2005, I was the VP of Marketing at Ping Identity - helping to establish initial analyst and press relationships, building the initial go-to market strategy, launching sales lead generation campaigns, helping to raise Angel, Series A and Series B rounds, and interacting with customers and prospects on a regular basis.

That last part is the part that is especially pertinent to this screed, as I will say that on more than one occasion, prospects expressed the desire for a federated identity *service* that both they and their partners could hook up to. The irony, of course, is that this type of service was tried once before -- you might know it as Passport. The difference being that Passport sought to centralize identity data, while federation seeks to integrate and transport distributed identity data (to be fair, Microsoft is now following the same model with Active Directory Federation Server).

All of this leads me back to my initial conversation with Jamie. I do believe there is room for identity management as a service -- IdMaaS -- but I also think that the marketplace for that service is still a ways off. The identity market is very much in the traditional enterprise software mode -- by that I mean, enterprises writing large checks for on-site installations of software. However, as that market deepens (into the SMB world) and matures (large enterprises grow disillusioned with promises made and not fulfilled), the SaaS model will surface as a viable option in the realm of enterprise identity management.

So the real question is this: Is the type of company that acquires ahead of market (i.e., cheap), or do they wait for real marketplace validation?


Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • Windows LiveID

    We commented on an post from Phil earlier in the year on this very subject

    Your references to Passport are interesting in light of this white paper from Microsoft discussion Passport 2.0 aka Windows LiveID:

    which includes the following:

    Microsoft has published its vision of a universal identity solution that is inclusive of a plurality of identity operators and technologies?the identity metasystem. In such a metasystem, identity providers, relying parties, and subjects can select, request, transfer, transform, and consume identities through a suite of well-defined and open Web Services (WS-*) protocols. Microsoft is working to implement components of the identity metasystem, as are many other companies in the industry. As a result, various building blocks for the metasystem are being developed. Some of these components will be delivered to end users in the form of software installed and running locally on their computers and devices, while others will be online services.

    The design philosophy of the identity metasystem is not to replace the existing identity systems in use today, but instead to bring these existing systems together by enabling interoperation among subjects, relying parties, and identity providers through industry standard protocols. The Windows Live ID service will participate in the identity metasystem as a "managed" identity provider already at Internet scale. Windows Live ID will bring a large base of end users and relying parties to the metasystem, taking us one step closer to Internet-wide identity federation and doing our part to help the industry move beyond the "walled garden" paradigm.

    The Windows Live ID service will play several essential roles that are strategic for Microsoft. The service:

    * Is an Internet-scale identity provider intended primarily for users of Microsoft online services, which are all relying parties of the Windows Live ID service.
    * Is open and issues claims in a form that can be consumed by any relying party, any device, and any other trusted identity authority.
    * Serves Microsoft online services as a "claims transformer," allowing those services to accept identities issued by third-parties. Third-party identity providers include other Internet service providers and managed-identity providers, such as the planned Active Directory Security Token Service (STS).
    * Will be the identity provider and federating authority for third party services and software built on top of the Microsoft online services platform.