I’ve been listening / reading to information lately on “Application Centric Identity ” and how it’s supposed to be the new wave in Identity Management. Frankly I’m a bit confused.
Basically it sounds like what’s being discussed is the creation of an authoritative store, something I’ve been working with in Identity Management for about 5 years now.
The “newness” to this offering seems to be the implementation of SOA / Web-services architectures to make it more interesting and accessible to authentication / authorization services.
I’ve always felt that by gathering the authoritative attributes from each enterprise repository and linking them together in an authoritative store (metadirectory) you create the clearest picture of what each identity “looks” like. Furthermore, these authoritative entries can then be used as the basis for provisioning new application entries and update existing ones.
To me it seems like the backers of this school of thought are finding a new way to talk about the integration of Enterprise level ERP systems with Identity Management. This is not a bad thing. The one thing we need to do is break out of the idea that Identity Management is solely provisioning or Access Management. One without the other is worse than useless given the potential for malicious behavior.