English (USA)
Français (France)
Deutsch (Germany)
Call toll free:
1.877.898.2905
Archives By Subject
Cloud (121) [RSS]
Cloud Identity Management (4) [RSS]
Cloud Identity Summit 2011 (16) [RSS]
Communities (24) [RSS]
CTO (6) [RSS]
Customers (16) [RSS]
eNews (2) [RSS]
HR Technology (1) [RSS]
IdM (229) [RSS]
Internet (45) [RSS]
Mobile (11) [RSS]
Ping Identity (129) [RSS]
PingConnect (7) [RSS]
PingFederate (2) [RSS]
Protocols (4) [RSS]
Standards (11) [RSS]
This Week in Identity (37) [RSS]
TV Everywhere (10) [RSS]
Cloud Identity Management (4) [RSS]
Cloud Identity Summit 2011 (16) [RSS]
Communities (24) [RSS]
CTO (6) [RSS]
Customers (16) [RSS]
eNews (2) [RSS]
HR Technology (1) [RSS]
IdM (229) [RSS]
Internet (45) [RSS]
Mobile (11) [RSS]
Ping Identity (129) [RSS]
PingConnect (7) [RSS]
PingFederate (2) [RSS]
Protocols (4) [RSS]
Standards (11) [RSS]
This Week in Identity (37) [RSS]
TV Everywhere (10) [RSS]
Calendar
Search
Subscribe
View By Author
Ping Talk Blog
CIS Series. Eric Sachs: Opening up identity
June 10, 2010, John Fontana
|
Cloud
Below is one in a series of interviews I am doing with some of the
speakers for Ping’s Cloud Identity Summit in July.
For Google, its cloud identity vision is wrapped around OpenID, OAuth, consumers and the two million corporate domains that it hosts.
“We saw an opportunity there,” says Eric Sachs, Google product manager in the company’s security and CIO department. “Those enterprises already had email outsourced, and we know how to authenticate a user, so we said lets go to enterprise SaaS members and try to get them to establish a connection through Google Apps.”
Sachs, who has more than 15 years of experience in user identity and security for hosted Web applications, will fill in the details why Google went down the OpenID and OAuth path during a session he is hosting at the Cloud Identity Summit in July entitled “Google’s Vision for Cloud Identity.” The company is positioning the technology for both consumer and corporate usage.
Sachs will explain why Google chose to base authentication on OpenID. “It is technically more complicated than SAML, but we can hide that under the hood.”
And hide they did, adding OAuth to its identity portfolio and using it to gate access to APIs that support mashups and to let services exchange data behind the scenes.
Google, however, isn’t thumbing its nose at SAML, or any other protocols. In fact, it wants to make sure it can interoperate with any identity protocols and plumbing that an IdP or a service provider may deploy. “It’s all about open standards,” says Sachs.
To wit, in April, Ping announced OpenID Internet Single Sign-On for Google Apps, a connector for PingFederate that gives SSO access to users who authenticate via their Google Apps domain.
"We are working closely and collaborating with Google and expect interoperable OpenID and OAuth features available in PingFederate by the end of the year," said Ping CTO Patrick Harding, who has been collaborating with Sachs.
Sachs says Google will use and run its OpenID and OAuth technology in-house and rely on other vendors, such as Ping, to help with plumbing. Google’s hope now is that more providers start to deploy services that make cloud-based identity available. Services, he says, that will be designed to interoperate with companies that are deploying their own identity infrastructure on the back of standard technologies such as SAML.
“We are outsourced identity, but we don’t want to be the only IdP in the world. And we know we cannot control OpenID use in relying parties,” said Sachs.
He is working tirelessly in the standards realm to make it all come together. To that end, he is a board member for the OpenID Foundation along with Ping's Pam Dingle, and is involved with industry groups developing OAuth and OpenSocial.
Register for the Cloud Identity Summit, July 20-22, 2010 at Colorado's Keystone Resort.
Follow John on Twitter and check out our Identity-Conversation Tweet list
TweetBacks
There are no comments for this entry.
[Add Comment] [Subscribe to Comments]