Driven by the need for scalable services, a unified "identity infrastructure" will slowly (2000-04+) emerge based on directory, authentication (first Web single sign-on, later PKI), and management utility components.
PKI will proliferate for centralized management of external users (2000/01), internal users (2001/02), and consumers (2003/04). Enterprise-scale functionality, application externalization via directories (LDAPv3), public interoperability, and outsourcing solutions will remain problematic through 2003/04.
Organizations are increasingly discovering the need for an identity infrastructure, serving a dual purpose: providing for e-business and streamlining internal infrastructure operations. Indeed, there are often so many requirements in these areas that fulfillment prioritization becomes confusing within IT project management offices, particularly when implementing two strategies (i.e., one for e-business, the other for internal needs). Such offices rarely have adequate resources to meet every requirement.
Effective deployment strategies also require some projects to be completed as foundations for others. It is vital IT organizations be able to quickly identify, prioritize, and implement the initiatives necessary to build the enterprise and e-business identity infrastructure.
E-business requirements for identity infrastructure will impact directory and authentication/authorization services deployments through 2001 as they compete for infrastructure resources and focus. A dual strategy for enterprise (i.e., internal) and extranet (i.e., external) identity infrastructures will be required through 2001 as well.
IT organizations will continue to struggle with ownership and quality of data issues across multiple directories during deployment (2001-03). Extranet infrastructure creation will be the dominant concern for most through 2003, and deployments will be double the rate of the previous two years.
Consolidation and standardization of internal infrastructure will occur concurrently. Though some integration will occur between external and internal identity infrastructures, a single solution addressing both environments will elude most organizations through 2006.
As a first priority, many organizations currently have a unique, but limited, window of opportunity to construct an identity infrastructure for e-business and get it right.
This involves the careful selection of directory services, authentication/authorization capability (i.e., Web-based single sign-on), delegated administration services, and methods of ensuring the quality of directory data.
The primary purposes of the extranet identity infrastructure are:
Ensuring an external identity infrastructure that is adaptive is the second key priority. Authentication and authorization solutions must be able to evolve efficiently into more robust security mechanisms, incorporating such technologies as public key infrastructure (PKI) without significant effort or modification.
Directory schema must be designed (and documented) flexibly and simply to incorporate a changing set of business partners and customers, as well as absorb merger, acquisition, and divestiture activities. Applications must be chosen and/or written based on their ability to integrate with the Web-enabled single sign-on solution. Even projects involving corporate intranets should be capable of reusing large portions of the external infrastructure.
Often organizations make a priority decision regarding identity infrastructure without realizing it when they upgrade the corporate network operating system (NOS). Whether the decision is Novell eDirectory or Microsoft Active Directory, a strategic component of the enterprise strategy is chosen with this decision.
Microsoft's current strategy for Active Directory services is more focused on taking Novell market share and moving Microsoft NT 4.0 users to Windows 2000 than on actually establishing Active Directory as the centerpiece for both internal and external identity infrastructure.
Novell's current strategy is to establish eDirectory as both an internal and external solution, but it faces formidable competition from Microsoft in the internal enterprise and iPlanet in the external environment.
While Novell's eDirectory is still a superior product to Active Directory, IT organizations must now decide if Microsoft's solution is "good enough" for their business needs, because it comes as part of Windows 2000 Server and few organizations are willing to continue with mixed NOS environments when performing an upgrade. Novell's future as a company will be determined by the adoption rate of eDirectory for both environments (i.e., internal and external).
The NOS directory serves as a foundation for an enterprise identity infrastructure, but deployment is actually part of a series of strategic initiatives. NOS upgrades and e-mail application reductions (if there is more than one e-mail system) should be part of the first phase of reduction (i.e., reducing the number of directories in an organization).
However, undertaking such an effort requires a detailed inventory of existing directory services within the enterprise, an effort consistently underestimated. Consolidating remaining directories, particularly "people store" information (e.g., human resources, authentication tables for applications access), is the second phase.
Phase three involves synchronizing critical data within the remaining directories where applicable. This may require significant management tools and some organizations may even dictate the use of metadirectory services.
To implement an effective identity infrastructure for the organization, IT groups should remember:
Build an adaptive infrastructure for e-business; provide single sign-on and management for applications; ensure security
Finish the NOS wars; reduce, consolidate, and synchronize directory stores (in that order); use external infrastructure wherever possible
It is not enough to identify critical business requirements and their solutions for an organization. Discerning the priority of implementing those solutions for those requirements is the key to success.
IT organizations must identify the requirements of identity infrastructure across their enterprise, and prioritize them for implementation according to business need and available resources.