Here’s a post based on comments by
Andras Cser, Sr. Analyst covering Identity Management, from a discussion we recently had. Andras was just leaving for vacation, so I’m posting this on his behalf.

In the
interviews I have been conducting for my research for my upcoming paper,
Identity As A Service, I repeatedly encountered two interpretations of IDaaS.

One interpretation is fairly simple:
Identity as a Service means Managed Identity Services (MIS). In this offering, a
Managed Service Provider (MSP) provides on-site or off-site services to the
customer, such as provisioning, directory management, or operation of a single
sign-on service (See this post for more on that
topic).

The other definition of IDaaS is
a bit looser: it refers to implementing identity and access management
functionality predominantly as Web services in a service oriented architecture
within the enterprise. Various line of business applications, policy management
applications, and other services then call these IM Web services either
autonomously or in an choreographed manner. Products in the market space aim to
expose functionality as Web services, but still lack an integrated framework in
which all services (authentication, authorization, provisioning, entitlements,
policy query, etc.) are expressed in a cohesive and integrated
way.

It is also interesting to note that
although a SOA based IDaaS is not a requirement for MIS, an MSP will benefit
greatly from using a SOA oriented IM product which supports Web services and has
a thin client side component — think about reusing the Web services based
framework to serve the needs of multiple clients. Additionally, MSPs can also
cut license costs by running the MIS solution on open source operating systems
and databases. Vendor support for such solutions is still sparse, but Fischer
International truly deserves an honorable mention for offering a provisioning
product which was built for MIS solutions from the ground up — even if they lack
an established installed base.

At Forrester, we’re partial to the
latter, broader,definition of IDaaS. It’s representative of a much more
fundamental shift in the market for how products are designed and delivered (and
even which products have what features). Moving forward, we’ll be publishing a
report on IDaaS which outlines why such an approach is needed, which vendors are
evolving their products in that direction and by how much, and what you can do
to prepare for this transformation.

We welcome your
thoughts.