Here on the private cloud architecture blog we make it a point to make sure that we always ground ourselves in strong principles and practices. Without that foundation, you end up making decisions based on current opinion, personal preferences and often just what seems like might be the right decision at the time. Of course the trick is to find the people with the experience, knowledge and know-how to provide that information.
And that’s what is so great about working at Microsoft. You can say a lot of things about Microsoft, and one of those things would be that there are probably more smart people here per square inch than any university in the world. That’s a real advantage when you’re trying to discover, define, explicate and delineate key architectural principles for cutting edge concepts such as identity management in the age of hybrid IT.
In a previous blog post I introduced our paper The Four Pillars of Identity: Identity Management in the Age of Hybrid IT. That white paper is intended to help the enterprise or cloud architect get a start around thinking about what the key issues are when it comes to designing a well architected identity management system for on-premises IT and the future of hybrid IT. Consider it a foundational document – a prerequisite.
The next step is to get a better understanding of the common identity infrastructure capabilities that either are, or are anticipated to be, in big demand. To get you there, we’ve put together the white paper Identity Infrastructure Capabilities: Identity Management in the Age of Hybrid IT. This collection of capabilities might be thought of as the identity management “toolset”. Not all enterprises or cloud service providers will need all the capabilities described in the paper, but each will pick one or more “tools” that will solve the problems that the enterprise or cloud service provider will face.
The paper focuses on the following capabilities and discusses them in some detail:
- Access Control:
Role-based access control
Attribute-based access control
Policy-based access control
Risk-based access control
- Application Access Management
- Multi-factor authentication
- Public Identity Provider Federation
- Self-service Password Management
- Single sign-on (SSO)
We’ve made this white paper available to you in two forms:
Please let us know what you think of this paper and if you have ideas and suggestions for improvement or need clarification, please let us know! You can write to me at firstname.lastname@example.org or leave a comment below. We always read the comments in this blog and take them seriously.