Ian Glazer wants to talk wheels at the Cloud Identity Summit in July.
Specifically, are the wheels on standardized identity round enough yet to smoothly carry enterprises over a bumpy landscape that may include billions of objects each with a simple ID.
At this point, he thinks not. Identity standards remind him of the old joke; Why reinvent the wheel? The answer; because eventually you get a round one.
"The goal is to get workable, useable standards the can be truly useful," said Glazer, who is now senior director of identity for Salesforce.com after a distinguished run as a Gartner analyst.
During his CIS keynote in Monterey, Calif., he will walk through the readiness - or the roundness - of authentication, authorization, attribute services and provisioning and the edges they have that need to be smoothed with an eye on the future.
"Authentication is already a pretty round wheel," says Glazer. "We finally have OpenID Connect and are at a point where we, in the generic sense, we are good to go."
Glazer says Connect can serve multiple use cases, is fairly developer friendly, and that this is really the year to try it out in terms of adoption.
But things aren't so round in terms of attribute services. "We have a sort of lumpy wheel, not quite round," he said. Glazer said there is the tried and true Lightweight Directory Access Protocol (LDAP), but something more modern is needed.
"We don't have a nice Restful, developer friendly attribute exchange standard," said Glazer. He said OpenID Connect helps but is not the final answer.
His third wheel (no pun intended) is authorization, a wheel, he says, that is over inflated and may burst. He notes that the current Extensible Access Control Markup Language (XACML) has as its strength and weakness the fact it can do just about everything.
"It's remarkable, but often the ability to do anything gets in the way of doing anything," he said. Glazer says brain power needs to be spent deciding what is truly needed in an authorization protocol.
Finally, provisioning is the last wheel. SCIM 2.0 is coming this summer and that could be a good step forward.
"Now we lack adoption and we need to fix that," he said.
Glazer looks at all these wheels against a backdrop of a future Internet that may contain million of objects, namely the growing Identity of Things scenario.
"Think about the Internet of Things," Glazer says. "A couple billion IDs that each have 2-3 attributes. Can we actually apply our current standards and techniques in this world?"
He thinks the answer today is somewhere between maybe and no. Traditional identity management deals with a reasonable number of identities that have lots of attributes.
"We know how to do that," he said. "But I am not convinced those same techniques work when you have an unreasonable amount of identities that have few attributes." Certain "things" could have nothing but a name.
"We have to think about our current standards in this future state and maybe that helps guide us on what we need to be developing today."
Registration is now openfor the Cloud Identity Summit 2014, July 19-22, in Monterey, Calif.