Ping Identity® — One password is all it takes.

Call toll free:
1.877.898.2905

Archives By Subject


Cloud (32)
Communities (10)
CTO (3)
Customers (6)
HR Technology (1)
IdM (184)
Internet (25)
Ping Connect (1)
Ping Identity (96)
TV Everywhere (4)

 

Subscribe


Enter your email address to subscribe to this blog.

Calendar


<< September 2010 >>
Sun Mon Tue Wed Thu Fri Sat
 - - -1234
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 --

Search


View By Author


Andre Durand (295)
Jil Backstrom (2)
John Fontana (77)
Patrick Harding (27)
Pete Geoly (1)
Sid Sidner (10)
Ping Identity > Blogs > Ping Talk 

Ping Talk Blog

Got trust?

August 24, 2010 , John Fontana | Cloud, Internet

John Fontana

This morning I got a reminder why trust is such an important part of the identity architecture that is being constructed as corporations begin to understand concepts from federation to cloud computing.

In fact, why trust is an indispensable tool for any architecture, organization or society.
 
Here in Denver, the city’s safety manager Ron Perea resigned last night after being engulfed in a controversy over the discipline he handed police officers involved in abuse cases involving citizens.
 
Perea told his boss, Mayor John Hickenlooper, that he didn’t think he could rebuild trust with the public after his decision not to fire two police officers caught on video tape beating a young man.
 
"Once he put it in that context, it was hard to argue with," Hickenlooper told the Denver Post. "It would be very difficult to rebuild after all the events of the last four or five days. It would be very hard to rebuild that trust."
 
Three months on the job and Perea, the former head of the Los Angeles office of the U.S. Secret Service, knew that a public that distrusted him made impossible his job of ensuring safety.
 
Without trust, all is lost.
 
The same is true whether you’re protecting the streets of a city or the virtual pipes of a global distributed network.
 
PayPal’s Andrew Nash described to me a few months ago how a collection of trust brokers on the Internet were needed to create any sort of relevant connections online. In other words, without trust between parties, between machines, nothing of significance gets done.
 
A few days ago, a panel of experts on a Webinar on Federal News Radio concluded that trust was indeed the next killer app. They talked about integrity, policies, transparency and just the plain fact that people will need a system that allows them to trust other people.
 
At Ping’s recent Cloud Identity Summit, Accenture’s Mike Neuenschwander told the audience, "If we are going to have an environment of any-to-any and not repave existing partnerships, the industry has to develop a systematic approach to trust."
 
Trust frameworks were a foundational element of the Obama administration’s recent National Strategy for Trusted Identities in Cyberspace (NSTIC).
 
Get yourself plugged into the work of groups like Kantara, InCommon and the Open Identity Exchange (OIX), which was approved by the federal government in early March to certify online identity management providers.
 
Trust me, watch this space.
 
 
Follow John on Twitter and check out our Identity-Conversation Tweet list
 
 

You there, on the grassy knoll

June 30, 2010 , John Fontana | IdM, Internet

John Fontana
(Updated with  link to CDT blog, June 30, 4:40 MDT)
So what’s going to hamstring the U.S. government’s National Strategy for Trusted Identities in Cyberspace (NSTIC), which calls for an “Identity Ecosystem?’
 
Protocols? Infrastructure? Liability? Warring geeks heavily armed with ones and zeroes?
 
The early returns point to paranoia. Here are some of the comments I’ve culled so far from the NSTIC home page and some media websites.
 
“This is not for you, it's for Big Brother.”
 
“It is laughable that a totalitarian like Obama thinks that we won't notice that he's asking for access to every bank account and private email in the country.”
 
“Look at the Gulf Oil mess and then ask yourself, "Do I really want them messing with cyberspace?"
 
“I should *also* mention that I suspect Microsoft is pushing this on you. Because trusted systems rely on secrets, they cannot be implemented in full form in open source software.”
 
And there was this comment supporting the use of multiple passwords that seems to ignore the fact that many people simply use the same one over and over (so long as they can remember it).
 
“30 passwords are more secure than one universal identity.”
 
What many are missing is that NSTIC is not about one password, but about a non-government infrastructure interconnected through various trusted parties and with the user in control of multiple credentials and identity attributes.
 
Not for a second do I think NSTIC is without issues (establishing/implementing a trust framework jumps out), but the government’s strategy seem to be tracking with what is going on in the private sector among technologists and vendors attempting to create an open identity system. In fact, many in the private sector had input into the NSTIC draft, which is open for public comment until July 19.
 
Remember, the Internet can trace its roots back to a government project.
 
Now I know anything emanating from any partisan government leadership is bound to attract conspiracy theorists and NSTIC is no exception.
 
Digital identity is a tough technology issue to solve and perhaps even tougher to understand for the non-techie, especially down there in the weeds.
 
But to me, NSTIC is an arrow pointing in the right direction, what do you think? (Conspiracy theorists need not apply.)
 
Heather West at the Center for Democracy and Technology argues that the government needs to incent industry and users to adotp digital ID, but laments the lack of discussion on how to create trust.
 

Follow John on Twitter and check out our Identity-Conversation Tweet list

Register for the Cloud Identity Summit, July 20-22, 2010 at Colorado's Keystone Resort.
 
 

Federation, one foot in the future not in the grave

June 22, 2010 , John Fontana | IdM, Cloud, Internet

John Fontana
HP’s Marco Casassa Mont, a senior researcher in the company’s labs, wondered on his blog the other day if federated identity management is dead from an end-user/consumer perspective.
 
I would say there is mounting data and active trends that point in the opposite direction.
 
Mont concedes that organizations are using federation and SSO to cut costs, but I would argue they also are doing it because they see many other business benefits.
 
Furthermore, Mont wonders about adoption rates of federated identity management by web service providers.
 
I would point to early returns of a survey conducted by TechValidate (and funded by PingIdentity) that shows 61% of Ping’s SaaS partners see SSO requests from their customers rising moderately to dramatically this year. Hint, if you are providing a web-based service you better offer SSO and federated identity – today based on SAML and later on an integration of established and emerging protocols.
 
Here’s more. JanRain last week announced that a handful of media outlets, such as the L.A. Times, Better Homes and Garden and the Dallas Morning News, are adopting its OpenID engine. Not just for convenience, but to gain awareness of who their readers are given that their shrinking physical-world subscription lists have left media outlets nearly blind to their internet user base.
 
Ping for its part added an OpenID connector for Google Apps in March and broader OpenID support is coming later this year.
 
Some will classify this as hype, but I’m fairly certain Ping and JanRain are not developing Internet protocol support in a vacuum.
 
In addition, Gartner said last week identity management is the top priority in IT security spending. The firm’s conclusion was, “Identity management appears to be taking the lead as a top priority as businesses look to deploy some of the more advanced federated identity technologies both within the enterprise for single sign-on and as a way to potentially extend identity-based access control into cloud-computing environments.”
 
I would argue the trend has impact on the consumer side, as a cultural shift is underway among end-users – corporate or consumer – to clean-up a world littered with passwords. And end-users exposed to the shift on the corporate side are going to crave it on the consumer side. A sort of techno-reverse from typical adoption trends.
 
But if you want to play purely on the consumer side, Google, with 25 million users on Google Apps, in March introduced Google Marketplace and declared itself an OpenID IDP, giving users SSO and federated identity with other SaaS providers. In May, Google stated its intentions to become a RP to help seed the market for such services.
 
Ping CEO Andre Durand likened the announcement to a starter’s pistol going off for the race to SSO and federate identity management. 
 
Add to the mix NTT DoCoMo’s 65 million users with access to OpenID authentication, and Japan’s Ministry of Economy, Trade and Industry adoption of OpenID.
 
The list of OpenID supporters includes Facebook, Twitter, Yahoo!, LiveJournal, Blogger, flickr, Orange, mixi, WordPress and AOL. And OpenID providers include chi.mp, ClaimID, myID.net, myOpenID, Verisign Labs, and Your Internet ID (Yiid).
 
And don’t forget the emergence of OAuth 2.0, XACML and trust frameworks from the likes of Open Identity Exchange, Kantara and InCommon.
 
I checked in with Ping’s Pam Dingle, who is on the board of the OpenID Foundation, and her belief is that federated identity for consumers is just getting started not dying out. “It’s a baby but will advance rapidly next year,” she said.
 
Others, like Microsoft, believe the same thing and plan to support open identity protocols in both consumer and business scenarios.
 
Dingle’s conclusion, however, is that federated identity won’t make a grand entrance like Charlie running down the street with his golden ticket to Willy Wonka’s Chocolate Factory, but will instead happen more like “coincidental federation.”
 
Consumers, dying to get to their messages, will log into an IDP such as Google and find that they no longer need a unique username and password when they visit their next favorite Web-based application, which just so happens to be a relying party.
 
The federation will happen where companies like Ping put it, in the plumbing where it belongs.
 

Follow John on Twitter and check out our Identity-Conversation Tweet list

Register for the Cloud Identity Summit, July 20-22, 2010 at Colorado's Keystone Resort.

 


XAuth debate a game of PingPong

June 9, 2010 , John Fontana | IdM, Internet

John Fontana

I thought I might just interject here as this week’s debate over XAuth ping pongs back and forth across the harsh landscape of blog-land. What’s on my mind is indeed PingPong, Ping’s IdP discovery protocol that debuted at the Internet Identity Workshop (IIW) in May.

It differs in one major way from the current implementation of XAuth in that PingPong is designed from the get go to work across distributed domains.

The debate this week, focuses mostly on XAuth being centralized in a single domain, which is currently beingHammer-Lahav run by Meebo.
 
Eran Hammer-Lahav, (photo, top right) who is a frequent contributor to OAuth, OpenID and other emerging standards and Yahoo's director of standards development, threw down the gauntlet on XAuth with a blog post outlining the protocol as “a terrible, horrible, no good, very bad idea.”
You can read Hammer-Lahav post here, where he basically takes the stand that “a server-hosted, centralized solution goes against everything the distributed identity movement has tried to accomplish over the past few years.”
 
No sooner were the pixels cool on Hammer-Lahav post, Google’s John Panzer, a software engineer and engineering manager at Google, shot back with a point-by-point retort defending XAuth’s design.
 
Hammer-Lahav’s main argument against XAuthis that it is tied to a single domain. Penzer attacks that notion saying that is only a temporary set-up and that the real limitation is found in the browser.
 
Both posts are worth a read if for nothing else than to get a running start at XAuth’s pros and cons.
 
But also circle back on PingPong, its design begins where this debate will likely end. There is a screencast put together by PingPong creator Eric Fazendin and a short video interview with him.
 
At the conclusion of IIW, I wrote about the creative tension I observed at the conference and how I hoped it would help push everything forward. The belief is that with all the questions and opinions on the table, the process moves at a better clip and toward a better solution.
 
This week's debate highlights that creative tension.
 
Follow John on Twitter and check out our Identity-Conversation Tweet list
Register for the Cloud Identity Summit, July 20-22, 2010 at Colorado's Keystone Resort.
 
 

Is cloud the technology industry's equivalent to penicillin

May 11, 2010 , John Fontana | Internet

John Fontana
The cloud is being taken more seriously as a topic and will have a dramatic impact on the enterprise, according to a panel of technology journalists at the opening of SIIA’s All About the Cloud conference here in San Francisco.
 
Jon Fortt, a reporter for Fortune, said cloud is the No. 1 technology topic even though it still suffers from multiple definitions, and Kara Swisher, co–executive editor of the D:All Things Digital web site and co-producer of the conference that goes by the same name, said cloud is a topic that cannot be ignored.
 
She said Apple’s Steve Jobs will be at her conference this year with his “dumb” device (iPad) that relies on a connection to the cloud, and that Microsoft counter-part Steve Ballmer will also be there with his cloud, cloud, cloud rant.
 
Rachel King, a staff writer for Bloomberg BusinessWeek, says cloud is the one topic that scares enterprise CIOs, and that private cloud build-out will emerge ahead of public cloud adoption. “The [public cloud] is going to be a big deal, but it is not a big deal yet. It will take companies time to make the shift.”
 
Fortt said CIOs are likely to get serious when there is a catalyst event, like the need for an expensive software upgrade. That moment may be upon many companies quicker than most think.
 
What could be arguably the biggest milestone for getting the cloud in the face of CIOs and other IT executives is in fact coming tomorrow – the release of Microsoft’s Office 2010 that includes Web-based versions of the productivity applications. It is already disrupting the cloud landscape, as evidenced by a Google blog today attacking the Microsoft upgrade path and urging users to refuse another “expensive and laborious” migration in favor of Google Docs. 
 
Swisher characterized Office, which owns upwards of 90% of the market, as the last bastion of desktop software and said five years from now we won’t be debating ideas around SaaS. “[The cloud] is inevitable,” said Swisher, who throws quips and arrows like E! television comedian Chelsea Handler. “It is like penicillin, we are going to use it. When is the last time you put packaged software on your computer? When is the last time you used a pay phone?”
 
All the panelists acknowledged that security, privacy and other issues will need time to be worked out.  King referred to the cloud as one more way to hack company data – and potentially hack it all in one place.
 
“The cloud is very scary for most CIOs,” said King, because it represents giving up control. “They like their control in the data center. When something goes wrong they know who to yell at.”
 
But the conclusions came back like this: CIOs are going to have to learn new tactics.
 
“A CIO has to be pushed into these things,” King said, noting that software services supporting non-essential tasks are becoming a key groundbreaker. She gave the example of a company getting employees to sign up for a wellness program online, a software as a service that had a return on investment
 
“ROI is a big thing,” she said.
 
The panel was followed by analyst Bill McNee, founder and CEO of Saugatuck Technology, who brought along a wealth of data and painted a picture that was not all-or-nothing, but an “interwoven” world with most new spending happening in the cloud and on technologies to bridge between existing infrastructure and new online worlds.  I’ll get into McNee’s conclusions and data in another blog post.
 
Follow John on Twitter and check out our Identity-Conversation Tweet list
Register for the Cloud Identity Summit, July 20-22, 2010 at Colorado's Keystone Resort.
 
 

 


Defining security in the cloud

May 5, 2010 , John Fontana | Internet

John Fontana

Christofer Hoff, director of cloud and virtualization for Cisco, offered up on his blog a few days ago three models for how he thinks about security in the cloud. The full post is here.

The models will likely track with a workshop he is presenting in July at Ping’s Cloud Identity Summit along with Gunnar Peterson, ArcTec’s managing principal.
 
In the interim, here is Hoff’s list of those models to help people start to make sense of cloud security:
 
In the cloud: Security (products, solutions, technology) instantiated as an operational capability deployed within cloud computing environments (up/down the stack.) Think virtualized firewalls, IDP, AV, DLP, DoS/DDoS and IAM, etc.
 
For the cloud: Security services that are specifically targeted toward securing OTHER Cloud Computing services, delivered by Cloud Computing providers (see next entry) . Think cloud-based anti-spam, DDoS, DLP, WAF, etc.
 
By the cloud: Security services delivered by cloud computing services which are used by providers in option #2 which often rely on those features described in option #1.  Think, well…basically any service these days that brand themselves as cloud…
 
For more information on Hoff’s workshop coming up in July, entitleld "Security in the Cloud," check the "Program" page at the Cloud Identity Summit Web page. 
 
Follow John on Twitter and check out our Identity-Conversation Tweet list
Register for the Cloud Identity Summit, July 20-22, 2010 at Colorado's Keystone Resort.
 

 

ADFS 2.0 Half-empty? Half-full?

April 28, 2010 , John Fontana | IdM, Internet

John Fontana

(updated with RTW date)

On May 5, Microsoft will RTW (release to Web) Active Directory Federation Services 2.0, a piece the software giant needs to extend Active Directory to create single sign-on between local network resources and cloud services.

Back in October 2008, I was the first reporter to write about the impending arrival of ADFS 2.0, then code-named Geneva, and Microsoft’s plan to storm the identity federation market with its claims-based model. I followed Geneva and wrote about its evolution, including the last nail in the project – support for the SAML 2.0 protocol to go along with Microsoft’s similar protocol WS-Federation.
 
But what will arrive next week is more of a glass half-full, glass half-empty story, one end-users should closely evaluate.
 
Half-full. Microsoft validates a market when they move into it with the sort of gusto that is behind ADFS 2.0, a Security Token Service, even though smaller companies such as Ping have been providing federation technology since 2002. That validation should help IT, HR and others more easily push their federation projects. And more than a few companies should join those, such as Reardon, already enjoying identity federation and Cloud SSO.
 
ADFS 2.0 is “free” for Active Directory users, which is a word that resonates with CIOs. And Microsoft has been running ADFS 2.0 on its internal network since May 2009, giving it nearly a year to vet bugs and other issues.
But potential users should look deeper.
 
Half-empty. ADFS 2.0 was slated to ship a year ago, what were the issues that caused it to slip and have they been corrected?
 
Microsoft’s support for the full SAML spec is first generation. Late last year was the first time Microsoft participated in and passed an independent SAML 2.0 interoperability test, an eight-day affair put on by Liberty Alliance and Kantara.  Ping, which had participated previously, also passed and was part of the testing group with Microsoft.
 
Microsoft's testing during the event focused on SAML's Service Provider Lite, Identity Provider Lite and eGovernment profiles. The ‘”lite” versions of those are a significant sub-set of the full profiles. Microsoft says it plans to support other SAML profiles based on demand. After the testing, Burton Group analysts said Microsoft had “covered the core bases” for SAML 2.0 support. For some deploying SAML that will be enough, for others it could fall short.
 
And Microsoft’s SAML implementation will have to interop with third-party service providers, many of which roll their own SAML implementations and won’t have ADFS 2.0 running on their side. There is no shortage of details to address with such one-off integrations.
 
In addition, ADFS 2.0 is part of a larger identity platform that includes the Windows Identity Foundation (WIF) and Windows Cardspace.
 
But with this release, Cardspace 2.0 will not roll out with ADFS 2.0, and Microsoft says a Cardspace release “isn’t imminent.” While Cardspace is not widely adopted, it remains an integral part of the user-centric identity package Microsoft has been pushing. When Microsoft rolled out Geneva internally, one of its IT architects told a session at the company’s TechEd conference "Geneva is a lot more than ADFS 2.0.” The client story here is fractured.
 
The other piece, WIF, is an extension to the .Net Framework 3.5 that helps developers build applications that incorporate a claims-based identity model. While Microsoft has an army of devoted developers, a critical mass of claims-aware applications does not yet exist.
 
So the bottom line is that ADFS 2.0, despite RTW, and its companion components are still a work in progress. And while the technology will bring awareness to an already active federation market, ADFS 2.0/Geneva still has a ways to go if it wants to be a defining technology.
 
Follow John on Twitter and check out our Identity-Conversation Tweet list
Register for the Cloud Identity Summit, July 20-22, 2010 at Colorado's Keystone Resort.
 


The gluttony of cloud computing

April 20, 2010 , John Fontana | Internet

John Fontana

Yesterday I was reminded of the classic old TV commercial for Pepto-Bismol, the nector of the gluttonous, that featured an immobile man with a seriously upset stomach moaning out the tag line “I can’t believe I ate the whole thing.”
 
The memory trigger was here at the Cloud Computing Expo as presenters laid out public and private cloud environments that included hypervisors, virtual machines, system management, data management, storage clusters, data protection, cloud application development, deployment scenarioes, business intelligence, security, compliance, privacy, governance, proprietary stacks, open source options, standard-based must haves, IaaS, PaaS, SaaS and grid computing.
 
No hard-working IT pro could possbily eat the whole thing and live to tell about it. Especially given all they have on their plates running the systems they currently have.
 
I think you get the picture.
 
What I took away is that “the cloud” is self-defining, and can be doled out in reasonable servings. That the starting point and the finish line are different for just about everyone.  And that a corporate cloud is as individual as one's own finger prints.
 
Some companies may just need to tap Amazon for some storage resources and that is their cloud. Some may need to write a .Net app they can run on Windows Azure, and that is their cloud. Some may tweak internal systems to support business units and subsidiaries. Some may just need a few SSO connections to applications run by a service provider such as SuccessFactors or Google or SalesForce.com. And that is their cloud.
 
The task at hand was best characterized by presenter Kevin Jackson, an Engineering Fellow with NJVC, one of the largest IT solutions providers supporting the U.S. Department of Defense (DoD).
“For the past 20 years networks have been works of art; hand-made works of art,” he said during his talk on how the Defense Information Systems Agency, National Geospatial Intelligence Agency, National Security Agency and even the Central Intelligence Agency are adopting cloud computing “in one form or another.”
 
The point was that despite the high-tech, hand-crafted beauty of the present, the future is the time to do things more efficiently.
 
Jackson said some federal agencies were mimicking Amazon’s infrastructure, others concentrating on virtualization, some housing huge data sets online, and some just renting apps on an as-need basis.
 
But it all flies under the government’s banner of cloud computing as a “strategic imperative.”
 
And it all means that companies don’t have to eat the whole thing, they just need to fill up on what's good for them.
 
Follow John on Twitter and check out our Identity-Conversation Tweet list
Register for the Cloud Identity Summit, July 20-22, 2010 at Colorado's Keystone Resort.
 
 


Consumer identity takes on another acronym

April 19, 2010 , John Fontana | Internet

John Fontana

You’ve likely heard buzz today around toolbar vendor Meebo, which introduced Extended Authentication (XAuth), an open authentication platform that will help Website owners discover what Internet social services a user logs into.
 
Well here’s the context if you are wondering about this latest acronym that promises a level of discovery and authentication sharing, has a cross-hair on Facebook Connect, and raises questions about privacy and opt-out choices.
 
XAuth gives Web site owners that display a Meebo toolbar the ability to collect data about a user from a central source and use that data to personalize a toolbar for that user that includes social or other sites they are a part of. On one level it is all about tapping into the growing "friends" network users are building.
 
XAuth is another entry on a growing list of emerging consumer-based identity technologies. It includes an open source XAuth framework, which is still under development, and XAuth.org, a site that will store and pass tokens that validate user log-ins.
At Ping, we’re watching these developments because they are part of a consumer identity trend that in some forms is potentially additive around the high-assurance SAML-based Internet SSO commitments that Ping users have already made. To stay on top of these ongoing consumer identity developments, Ping has made moves such as joining the board of directors of the OpenID Foundation and developing an OpenID IdP Connector for Google Apps.
 
It's all about understanding what will matter and what won't in the long run.
 
Meebo, which develops an IM aggregation technology and toolbar, is creating partnerships with the Open Identity Exchange (OIX) and the OpenID Foundation to create an open consortium to host the XAuth technology.
 
XAuth has its upside and its downside, with the downside being questions around privacy. Those questions will be a major part of the vetting that will go on around XAuth. And there will be other questions, especially around the touchy subject of users having to opt-out instead of opt-in to the service. In addtion, this adds another layer to authentication, and to make things even more confusing Twitter also has an authentication mechanism it brands XAuth.
 
The XAuth web site describes the technology this way: “Participating services generate a browser token for each of their users. Publishers can then recognize when site visitors are logged in to those online services and present them with meaningful, relevant options.”
 
When a user signs into say Google Talk, Google will inform XAuth.org, and when that user logs out, Google will expire that information. XAuth enabled Web sites will check the XAuth.org IdP to discover the user's browser tokens indicating they are logged onto Google Talk.
 
Meebo CEO and co-founder Seth Sternberg said XAuth is not a replacement for OpenID or OAuth. What it does is tap into the existing user authentication mechanisms of Web-based social services.
Watch a video of Meebo’s Sternberg explaining how it all works.
The bottom line here really is that Meebo, Google, MySpace and others are battling against the social sharing dominance of Twitter and Facebook Connect (neither have said they will support XAuth). They want to slow the march of those two toward becoming the de facto social sharing options presented on other Web sites. 
 
With XAuth, users will make the decision on social sharing integration based on attribute information XAuth provides – namely what site the user is already signed into.
 
Meebo has been joined in the XAuth initiative by Google, Microsoft, MySpace, Yahoo, JanRain, DISQUS, and Gigya.
 
Follow John on Twitter and check out our Identity-Conversation Tweet list
Register for the Cloud Identity Summit, July 20-22, 2010 at Colorado's Keystone Resort.
 
 


Unraveling a twisted tale of identity

April 15, 2010 , John Fontana | Internet

John Fontana

I read a curious article at SearchCIO.com this morning that tried to outline identity management in the cloud, but ended up as one confusing hairball of identity tools, including an incorrect competitive comparison of technologies, which included Ping Identity.
 
Unfortunately there was not a comment section, so I thought I would dissect it here.
 
The article mixed together into one lump a series of separate disciplines/technologies that all live under the generic banner of “identity." The writer, Laura Smith, jumped between identity management, strong authentication, federated provisioning, trust frameworks and identity federation.
 
Clearly all these pieces can be considered parts to any identity architecture either deployed internally or in the cloud, but by way of comparison they all have their own fundamental characteristics. And taken alone none defines identity in the cloud or otherwise.
 
Besides that confusion, what also jumped out to me was that Fischer International, a company highlighted in the article, is listed as a competitor to Ping Identity.
 
In fact, the two make very different products, although both could be part of one corporate identity infrastructure that includes provisioning, authentication, SSO and other security needs.
 
Fischer’s identity access management speaks to setting up and maintaining user accounts and federating that task across sites, while Ping’s Internet single sign-on focuses on passing user credential attributes between a company and other end-points for secure authentication be they business partners or SaaS vendors.
 
Fischer is focused predominantly on provisioning, federated provisioning, and password management, as outlined on their Web site. Ping provides Internet SSO and identity federation via PingFederate and PingConnect, which is a hosted service.
 
Unfortunately, the SearchCIO article didn’t mention either Ping product by name so I don’t know where it was trying to compare, but the competition snafu may revolve around the fact both vendors operate identity services in the cloud.
 
The SearchCIO story goes on to say “SAML is at the heart of Fischer International Identity's Technology for Managed Identity Services, which is designed to be used by enterprises, as well as Fischer Identity, an identical Software as a Service (SaaS) solution.”
 
SAML at its core is an identity interoperability technology. It requires at least two end-points in order to perform federation. It is unclear how Fischer incorporates SAML and it is difficult to even find mentions of the protocol on their Web site.
 
Fischer’s identity management gateway, according to their documentation, “leverages federation” based on SAML and WS-Federation. While SAML can carry attributes that can be used in lightweight provisioning, a capability Ping Federate and PingConnect support, that use-case is not the heart of the spec.
 
While Ping and Fischer could conceivably live within the same identity architecture, one is not a mirror or replacement for the other.
 
The identity landscape can be a confusing place, users need to think about the individual pieces on their merits and then devise an identity architecture paying careful attention to where those pieces fit and how they might interoperate.
 
Follow John on Twitter and check out our Identity-Conversation Tweet list
Register for the Cloud Identity Summit, July 20-22, 2010 at Colorado's Keystone Resort.
 
 
 


More Entries