tag:blogger.com,1999:blog-21995415.post114711697935795006..comments2024-02-01T11:08:01.659-05:00Comments on Matt Flynn: Information Security | Identity & Access Mgmt.: SAML for Secure SOAMatt Flynnhttp://www.blogger.com/profile/09902381553517250020noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-21995415.post-1147157846597444162006-05-09T02:57:00.000-04:002006-05-09T02:57:00.000-04:00Couldn't agree with you more Matt. This is somethi...Couldn't agree with you more Matt. This is something we discuss in our recent report on identity management which you can access (you just need to subscribe - it's published under a Creative Commons license) here: http://www.mwdadvisors.com/articles/index.php?m=P<BR/><BR/>Below as an extract: <BR/><BR/>As a direct consequence of the pervasiveness of IT and a general desire (described in more detail in our report SOA: Handle with care) to more closely align investment in and delivery of IT with business objectives, enterprises are looking to breakdown organisational, functional and resource stovepipes through service-oriented architecture (SOA) initiatives. As they embark on these initiatives they are grappling with the challenge of IT environments which bury identity within a variety of infrastructure and application domains. As a result, they are faced with a fragmented identity management deployment architecture spanning multiple application silos; with each silo addressing particular functional/organisational domains with domain-specific, tightly-coupled, identity management policies, processes and technologies. This challenge is compounded by the development and acquisition of application-specific identity management solutions to address short-term needs which then have to be integrated with each other...<BR/><BR/>The advent of service-oriented architecture approaches is already being felt in the area of identity management and the impact is only likely to increase in the future. As automation of business processes through IT evolves to require the orchestration of multiple services, potentially operating across trust boundaries, there will be a consequent need to authorise access to business functions and information at the level of each service. Furthermore, the ability to dynamically compose services will depend on policy-based approaches to the definition and enforcement of access control requirements, unless a requester were granted access to all of the services which could participate in a composite service...<BR/><BR/>Some identity management capabilities reflect the history and evolution of the technology, perhaps most noticeably in the distinction between “web single-sign-on” and “enterprise single-sign-on”. The reality is that this is an artificial distinction: organisations need single sign-on irrespective of the nature of the resource. SOA initiatives will exacerbate this further. For example, a web-based portal may provide access to mainframe-resident business logic exposed as a service, requiring a combination of web SSO and enterprise SSO, when in reality what is required is a policy-based approach which facilitates single sign-on at the resource tier which can be exploited in the portal tier.<BR/><BR/>The report then goes on to define an architectural framework for identity management in which identity management capabilities are delivered as shareable infrastructure services which can be exploited by services in the same was as you describeNeil Macehiterhttps://www.blogger.com/profile/17207944745656427933noreply@blogger.com