We completed a four-part blog series about Identity and Access Management (IAM). By now, one thing is clear: for an IAM to work in any enterprise, we must have an interoperable set of standards-based identity, authorization, and authentication tools couple with emerging standards.<\/p>\n
Today, standards from the World Wide Web Consortium (W3C), the FIDO Alliance, the OpenID Foundation (OIDF), the Internet Engineering Task Force (IETF), the Organization for the Advancement of Structured Information Standards (OASIS) and the National Institute of Standards and Technology (NIST) help form a foundation that extends across the web to address authentication, authorization, federation, account management and government regulations emerging worldwide.<\/p>\n
Our Identity and Access Management series identifies that getting an organization to design Identity architecture with the identity standards discussed above will come with a few bumps in the road. <\/strong>There is a solid group of standards aiming at actual enterprise issues in need of solutions.<\/p>\n We want to define an enterprise-accepted future state architecture that we can tie back to the issues, and associated requirements to what assessment identifies. Once we define these issues, we can develop a roadmap to implement solutions in a cost-effective, time-effective, and security-focused IAM infrastructure.<\/p>\n Part 1<\/strong>, Planning IAM\u2019s Success for Enterprises and Consumers in Cloud and Digital Transformation Era<\/a>— We discuss how IAM looked a decade ago and then how Federation delegates authentication and removes the siloed app authentication repositories.<\/p>\n Part 2<\/strong>, Using Claim Based Authentication for Identity and Access Management<\/a>— We explore Claim Based Authentication (CBA) in more detail. We talk about token, claims, and discussed the types of applications. We also note that CBA is more complicated by implementation but is also more secure than authentication mechanisms of the past.<\/p>\nThe Series<\/h2>\n