Ping Identity CTO Patrick Harding plans to go off the scalability charts at the Cloud Identity Summit this month in Monterey, Calif.
"We are shifting from tens of thousands of applications and millions of users to hundreds of thousands of APIs and billions of devices," says Harding.
Identity systems and infrastructure must be able to scale massively or they will collapse under the weight of that shift. "We need to understand the ramifications."
Traditional identity management has its weaknesses, such as with native mobile applications, and a crippling reliance on passwords as the lowest common denominator both for end users and for API clients. Modern identity management begins to fix that and other issues mostly using open and emerging standards.
But Harding says we can't be single minded. As identity management architects add layers of convenience such as swipe-based multi-factor authentication, and standard protocols to gain scale, protocols alone do not guarantee security. "Work will need to happen to codify the audit and analytics side of the house as well as the protocol side," says Harding.
Automation will be another hallmark if scalability is to burst off the current charts we use to measure it, Harding says. "We will have all these devices, identifying themselves on the network, integrating with other devices and sharing data, and it will happen without explicit configuration by administrators but will need policy oversight."
The other parts of the equation are elements that aren't routinely considered today or even possible in traditional identity and access management systems, says
Harding. "Our industry is moving away from a stateless system of 'federate and forget' to a very stateful, behavioral system where network entities share data and cooperate to build a bigger, more complete picture of an identity." For example, work is going on to share login hints, session management information, account takeover information, and other interesting things between clients, between device and IDPs, and between RPs and IDPs."
That kind of communication will go a long way toward keeping convenience and security in balance. All that chatter and sharing will fuel on-going, real-time security audits that can trigger zero-minute de-provisioning of federated sessions. In essence, a kill switch if things go off the rails.
It is that kind of scale in terms of security response that should minimize trepidation associated with crossing the gap between massively scaled ID as it intersects with Next Gen Identity that is being built out today.
"As it becomes impossible to individually manage connections and relationships between network identities, something has to give," says Harding. "Next Gen Identity via federation, strong authentication, and standards is the only way we get to this large scale identity that is our next horizon," says Harding.
Registration is now open for the Cloud Identity Summit 2014, July 19-22, in Monterey, Calif.