One thing was clear to me this week as I wandered the halls of the Hilton at Torrey Pines for the Cloud Identity Summit, and it had nothing to do with the famous golf course or the trees for which it’s named. Whatever the subject, enterprise scale brings with it complexity, and one of the ways to counteract that complexity is developing standards.
In fact, a persistent theme across the conference was a need for standard ways of doing all this identity stuff. From what I could glean, it’s a problem that the industry is beginning to solve with a series of standards like OAuth, the identity standard that Twitter (and others) uses to allow you to use or easily revoke your Twitter credentials to sign onto other services.
There are a range of others, an alphabet soup of acronyms that got thrown around this week with dizzying regularity with an expectation that if you were here, you’re a member of the club and you would just know what they meant. I spent a lot of time looking these things up. Google was my friend in the know.
Ping Identity CEO Andre Durand sees these standards as the platform on which every company can build their identity business. If we can all agree on the basic ways of doing things, companies like his can differentiate themselves by what they build on top of those standards. It’s actually a proven way of industry building.
As Ian Glazer, senior director of identity at Salesforce put it in his humorous but pointed keynote, not adhering to standards was akin to running a toxic waste dump. He also said anyone who operates in this fashion must really hate their customers.
In the end, it just makes sense for everyone to operate from a common set of rules and libraries. It saves vendors from forever reinventing the wheel — or from having dozens of different wheels, a chaotic situation for customers and developers alike.
“Enterprise customers will want to see identity standards as a natural part of the services they deploy and consume,” Glazer said. In fact, he said, nobody should charge for helping to implement these standards, quite the opposite. “We [should] charge for extended support on bad practices,” he said.
As for identity, what’s clear is we can’t throw a new password gate at each app because that is an untenable situation for everyone involved, according to Durand. That’s where federated identity comes into play or the notion that you carry your identity with you like a digital passport that moves across borders.
“Perimeters have their place in a defense,” Durand said, but echoing the main theme of the summit, he said, “identity is borderless.”
“Identity is the new perimeter, this notion that we can move through all these domains,” he said.
As we’ve seen, standards bring order to every industry, not just identity, and when we have that order, good things generally follow. The Identerati — As Ping referred to its guests — get that. It’s a lesson every industry must learn.