End-to-end Identity Management with open source?

After working with a relatively large identity and access management implementation over the last year, I’m really interested to continue working in this field.

There are with large projects many lessons learned, and plenty of times when you think to yourself “could I have done this better?”

And so, I’m contemplating getting into the Identity Management business.

But before I do, there seems to be a few different paths to take:

Each of decisions has their own pros and cons, so lets explore those.

First, supporting Oracle. Big organisations need heavy identity solutions. They have many different providers of identity data, and many different services that consume that data. While the organisation owns that identity data, they don’t have much control over where that data is stored and consumed. Hence the need for lots of different agents to interact between identity provider <> identity consumer. And that’s all well and good, but the competition for providing support in this space is fairly niche. You must be big enough to support the product, and to find customers big enough to want the product. In New Zealand, this is a fairly limited market, and is owned, unsurprisingly, by Oracle.

Next, there’s supporting the Sun identity stack. I have lots of experience on the Sun identity stack, and it has its benefits and pitfalls. The main difference between the Sun stack and the Oracle stack is open is open source (Sun) and one is not (Oracle). For customers this means not paying Sun for the software, but to implement something so significantly complex, you really must have a smart consulting company on your side, like Sun. The same arguements about being heavyweight apply here too. Only certain large organisations need this highly complex solution.

Next there’s the middleweight solution, Triplesec. Triplesec provides a lot of the functionality of the heavyweight solutions, but underpinned on relatively less complex architecture. The pitfall I’m finding with Triplesec is a lack of documentation. One advantage (or disadvantage) of the heavyweight solutions is documentation, lots and relatively thorough. Triplesec technologically is sound, but without documentation or support, you’d have to have a lot of trust in your vendor to be implementing this at the moment. Also to my knowledge, this solution is relatively untested – I haven’t heard of any large scale implementations. Not that this should stop you, but just be warned that you’re on your own here.

Finally, there’s SimpleSAMLphp. This isn’t a whole identity management solution as provided by Oracle or Sun, but more a way to take information from an Identity Source like an LDAP directory, and then authenticate against that. Provisioning new users and managing multiple disparate identity sources into one meta-identity provider this is not, but for a simple identity solution that is relatively easy to understand, support, and is widely in use (throughout all of Norway and Denmark), pretty bespoke, and using open standards. A good solution for the majority of small New Zealand companies.

And for some fun, I’ve been working on a logo for this project:

Identity Systems

JD Edwards vs. Siebel vs. Sun Access Manager vs. Oracle Identity Manager

What to specialise in. Young IT professionals are spoiled for choice. There are a hundred and one different IT applications out there from Identity Management, to Enterprise Resource Planning, to Customer Relationship Management, and a thousand and one other categories in between.

However, I doubt there’s enough time in the day to specialise in *all* these applications, let alone get experience to implement them successfully. And so, what to pick?

I think over-specialising in a particular application makes you like a peak athlete – great at what you do, not so great at anything else. If you’ve spent five years becoming the master in JD Edwards ERP, you’re probably not going to know too much about Siebel CRM, let alone Sun’s Identity Management Suite.

Perhaps it’s better to focus on specialising in a particular area of interest, whether that’s horizontally by knowing all about all the different Customer Relationship Management products, whether from Oracle, or Microsoft, or SugarCRM – or specialising vertically by knowing the chain of software used in a particular industry say a Telecommunications-specific version of Siebel, and Telecommunications-specific versions of Integration software, of Radio Frequency software etc.

One great thing is, most of this software is freely available for you to download and learn from. Sun’s Identity Management Suite is free (as in beer), Oracle’s Identity Management Suite is free (as in development license), and this is an increasing trend which is positive for students. So now there’s no excuse (apart from hardware) to go out, learn these products, and become paid one of these highly paid consultants!