Identity management as a service

Is Identity Management as a Service ("IdMaaS") a viable option?
Written by Eric Norlin, Contributor on

Last week, fellow ZDNet blogger Phil Wainewright mused about who Salesforce.com might buy next. In the course of doing so, he raised the possibility of federated identity as a possible target, but (rather kindly) deferred to us.

All of that got me thinking of a conversation I had at last year's Digital ID World conference. This type of service was tried once before - you might know it as Passport. One hallway conversation with Jamie Lewis, CEO of Burton Group found me asserting that identity management as a service ("IdMaaS" ?) was going to happen, while Jamie argued that companies would find identity data too important to hand-over to others.

At the time of that conversation there were two prominent niche example of IdMaaS: the now-defunct (at least in its past form) Grand Central communications, and Covisint, which began running IdMaaS for the automotive industry and has branched out into healthcare. So it would seem that Identity Management as a Service is at least possible. The real question is, is it viable, and thus a possible acquisition area for Salesforce.com?

Full disclosure: From October 2002 to August 2005, I was the VP of Marketing at Ping Identity - helping to establish initial analyst and press relationships, building the initial go-to market strategy, launching sales lead generation campaigns, helping to raise Angel, Series A and Series B rounds, and interacting with customers and prospects on a regular basis.

That last part is the part that is especially pertinent to this screed, as I will say that on more than one occasion, prospects expressed the desire for a federated identity *service* that both they and their partners could hook up to. The irony, of course, is that this type of service was tried once before -- you might know it as Passport. The difference being that Passport sought to centralize identity data, while federation seeks to integrate and transport distributed identity data (to be fair, Microsoft is now following the same model with Active Directory Federation Server).

All of this leads me back to my initial conversation with Jamie. I do believe there is room for identity management as a service -- IdMaaS -- but I also think that the marketplace for that service is still a ways off. The identity market is very much in the traditional enterprise software mode -- by that I mean, enterprises writing large checks for on-site installations of software. However, as that market deepens (into the SMB world) and matures (large enterprises grow disillusioned with promises made and not fulfilled), the SaaS model will surface as a viable option in the realm of enterprise identity management.

So the real question is this: Is Salesforce.com the type of company that acquires ahead of market (i.e., cheap), or do they wait for real marketplace validation?

Editorial standards