IDM Technical Blog

Why an ESB for Identity Management Makes Good Sense

 Email Article  

Tweet  

  

I was recently asked the question “why are ESB and IDM good together”.  ESB and IDM are good together because the ESB platforms provide the integration services necessary for IDM (Identity and Access Management) Implementations.

Identity Management solution already exist so why would you look to a for the integration services. Like any robust solution you want an identity and access management platform that meets certain criteria such as sustainability, ongoing innovation, Integration capabilities and completeness of the platform. 

Why are these issues relevant in an identity management platform?  The reason comes from the issue that almost all identity management platforms are built up by acquisition and not innovation.   Because these platform are proprietary this usually translates in to costly licensing scenarios and relatively slow innovation (typically innovation by acquisition) with incremental improvements that usually lag behind the industry.   While the solutions are presented as if they were designed as an integrated product suite in actuality they are bolted together and altered to look as if they were a relatively seamless offering, however to really make the solution work, you need to have expertise in each bolt on system.

The following part of the blog will deal with “identity based services” and how they fold into the service oriented framework.

What is IDM

IDM stands for Identity Management and is often also referred to as IAM Identity and Access Management. The key services delivered by this service stack are provisioning and de-provisioning of user accounts, rights, entitlements and roles.  At the core IDM is usually a relatively specialized platform for delivering integration services.

ESB and IDM?

The fundamentals of an ESB provide an exceptionally capable Integration Platform. It is this platform that is capable of delivering key IDM services such as provisioning and de-provisioning of users rights accounts and entitlements.  IDM is a service that requires a robust and flexibly platform for delivering on integration needs to various services, platforms and applications.  IDM could be considered analogous to Paas (Platform as a service).

IDM requires the capability to deliver integration services to applications in the cloud and within the enterprise. The core requirements are to deliver technological solutions to transform business decisions into actionable integration activities, synchronization, work-flows, micro-flows, auditing and reconciliation and remediation activities.  In addition to these core services there are several other general categories that it must delivery on.

Inter-mediation

Being able to provide integration between data-stores and services both within the org physical boundaries, but also in the cloud is paramount for IDM.  The cloud presents new inter-mediation scenarios which include SaaS and cloud services, custom cloud apps, on premise applications, and on premise services/resources.

Security

Security covers the ability to authenticate and authorize access to any resource on the platform, the ability manage access to SaaS and cloud applications, encrypt and store sensitive data in a multi tenanted environment, secure published services using technologies like OAuth, SAML, and WS-Sec, SSL support, firewall rules and possibly VPN access.

Orchestration

One of the main services needed in implementing an IDM system is the orchestration required to make decisions based on input from many different platforms and systems.  This requires connectivity and the ability to quickly and accurately map data between services.  Also, micro flows, Event processing and workflow capability are required.

Enterprise Data

There is plethora of critical data in the enterprise protected by firewalls.  IDM must offer key services to provide secure channels and methods for a user to securely access data on premise, as well as in the cloud. There are also many identity related stores that need to be synchronized and updated inside and outside the organization.

Follow Up

Identity management ecosystems are almost exclusively built up using “proprietary engine and integration services” that are unique to a specific vendor.   

In contrast, an ESB provides a solid reliable integration platform that is continuously evolving due to the natural market pressure that forces continuous improvements across the board. 

 The use of an ESB for an identity management solution provides an ideal environment to squarely address issues such as sustainability, flexibility, on demand services, future proofing, and skill set availability.  So, after knowing this, why would you want to invest the money and time to implement what is essentially an instant legacy system?