• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Cloud Identity: What Happens Next?

Cloud Identity: What Happens Next?



Explore how identity standards form the foundation of an ecosystem of interoperable cloud-focused products. ...

Explore how identity standards form the foundation of an ecosystem of interoperable cloud-focused products.

Presented at Cloud Identity Summit Local Edition, San Francisco, CA, October 22, 2012, and Defrag Conference, Broomfield, CO, November 15 2012.



Total Views
Views on SlideShare
Embed Views



5 Embeds 35

https://twitter.com 24
http://lanyrd.com 8
https://si0.twimg.com 1
http://www.linkedin.com 1
https://www.linkedin.com 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • IT departments hand rolled identity with database tables. It was easy enough – create a table with user id, first name, last name, password, and so on. If you knew what you were doing, of course, you would store a password hash, or if you were REALLY smart, a salted password hash. Users were able to log in to apps, but maintaining a home-grown solution was a lot of work, and poor practices, such as storing plaintext passwords, abounded.
  • Vendors saw the opportunity to create point products –amortizing the cost of producing software across many customers, making it cheaper to buy than build, and, hopefully, making a little money in the process.In 1996, Netscape released their Directory Server, which had its roots in the University of Michigan implementation of the LDAP standard. At around the same time, Netegrity created SiteMinder for single sign-on between intranet apps. A few years later, Waveset created Lighthouse for provisioning identity between enterprise systems.
  • Over time, the larger vendors built/acquired suites – CA boughtNetegrity, acquiring Siteminder; Sun acquired NDS via their iPlanet alliance with Netscape, and later purchased Waveset, but Sun wasin turn swallowed up by Oracle.
  • We can see a parallel with the evolution of business applications
  • IT departments hand rolled payroll, HR, CRM apps
  • Vendors created point products – Peoplesoft in HR, Siebel in CRM, JD Edwards in Enterprise Resource Planning, and so on – again, amortizing the cost of producing software across many customers
  • Over time, the larger vendors built/acquired suites if business applications – Oracle, or course, swallowed up all three of the vendors on the previous slide.SAP started in enterprise resource planning, and built out a suite encompassing customer relationship, supply chain management, and so on. Through a series of acquisitions, Microsoft have built their Dynamics suite to cover much of the same ground.
  • So, we can look at what happened next in business apps and see how it maps onto the identity market.
  • We saw the first SaaS point products – Hotmail – guess? 1996! Salesforce CRM in 2000, their initial beta customers supported by servers located in an apartment just a few blocks from here. Google launched their consumer email service, Gmail in 2004.
  • And, in this SaaS cycle, the vendors expanded their offerings into suites through acquisition and in-house development - Google Apps, Salesforce, Netsuite
  • IT depts havenever stopped writing point solutions, extending off-the-shelf apps, but how could this work in the cloud?
  • PaaS gave them a way to write apps to run on cloud provider infrastructure. IT depts began to extend existing SaaS apps, and build completely new apps, on Force.com, GAE, Azure, and Heroku.
  • But it wasn’t only IT depts that were writing apps. A whole ecosystem of ISVs writingPaaSapps has emerged, with marketplaces such as Salesforce AppExchange, Google Apps Marketplace, Windows Azure Marketplace acting as their distributionchannel. And it’s not just small utilities and addons that are selling through the PaaS marketplaces – BMC RemedyForce and Kenandy Social ERP are fully fledged business apps marketed through this new channel.
  • And now it is becoming a rarity to actually acquire physical media for software
  • So, back to identity – what’s going on?
  • Over the past couple of years, we’ve seen point products described as ‘Identity-as-a-Service’, products like PingOne, Okta, and Symplified, providing identity management in the cloud.
  • Facebook have essentially built an Identity platform in the consumer space, with Facebook LoginAt Salesforce, we’re creating Salesforce Identity as part of our wider platformWe saw the glimmerings of IdPaaS with Windows Azure Active Directory - but it's missing something!Google had an opportunity to become an enterprise identity platform, but it missed it, for the same reason: not fully supporting SAML, the standard for single sign-on between security domains.
  • Early in the industrial revolution, nuts and bolts were hand turned. Factories would employ fitters, whose job was to sort through the nuts and bolts to find ones that fit together. You could hand-build something like a bicycle this way, but, as the industrial revolution progressed, and nuts and bolts were created by machine tools, their thread and head dimensions were standardized, so you can take a bolt from one manufacturer and use it with a nut of the same specification from any other manufacturer, and be confident of a good fit. This standardization enabled us to to build larger and larger projects.
  • For the same reason, any identity platform has to be based on standards!SAML is the enterprise standard for single sign-on across security domains, with almost universal support. It’s interesting that MSFT supported SAML in version 2.0 of Active Directory Federation Services, but seem to have taken a step backward with Azure Active Directory, and are only supporting WS-Federation for SSO. Weird.OAuth 2.0, recently standardized as RFC 6749, enables applications to gain authorized access to web services.SCIM, the System for Cross-Domain Identity Management, defines a schema for representing users and groups and a REST API for manipulating them.OpenID Connect, still under construction, takes a more modern approach to cross-domain authentication.These are the standards that will allow identity platforms to scale. For example, with 100,000 customers, we at Salesforcecan’t get into the details of integrating with one off internal apps, CoTS apps that use proprietary protocols, etc. Standards are essential.
  • Recall business app trajectory
  • I believe we will see an ecosystem of innovative new identity appsBuilt on cloud platformsLeveraging standardsFilling gapsProviding innovative functionality
  • It’s important to remember that SaaS suites, SaaS point products, on premise suites, on premise point products, and custom apps - all still co-exist
  • As do the corresponding categories of identity products.
  • Show how identity products interlink business apps
  • Huge opportunity for a new ecosystem of third party apps, leveraging standards, because they have to!
  • "When we launched Salesforce Identity, I heard an analyst describe it as an 'extinction event' in the industry. I think we will see some dinosaurs die off, but I also think there will be a Cambrian Explosion. I say to the developers in the room: 'What are you going to build tomorrow?'".

Cloud Identity: What Happens Next? Cloud Identity: What Happens Next? Presentation Transcript

  • Cloud Identity: What Happens Next?Extinction Event or Cambrian Explosion?Pat Patterson, salesforce.com, Principal Developer Evangelist@metadaddy
  • Safe harbor Safe harbor statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of intellectual property and other litigation, risks associated with possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-Q for the most recent fiscal quarter ended July 31, 2012. This documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward- looking statements.
  • To better understand the future of identity, lets take a look into the past
  • In the beginning
  • Vendors saw opportunity
  • Suites emerged
  • Business applications followed a similar path a few years earlier
  • In the beginning
  • Vendors saw opportunity
  • Suites emerged
  • What happened next?
  • The dawn of Software-as-a-Service
  • A new set of suites emerged
  • And then something interesting happened…
  • IT departments still needed to write apps
  • Platform-as-a-Service
  • New channels for apps
  • When was the last time you saw one of these?
  • So, whats happening with identity right now?
  • Identity-as-a-Service
  • Identity-Platform-as-a-Service
  • Standards allow scale Image credit: timscottrom / 123RF Stock Photo Skyscraper - Portsmouth by Colin Babb
  • Critical Standards RFC 6749
  • What happens next?
  • Recall business app trajectory
  • Identity trajectory ???
  • Business App Ecosystem
  • Identity ecosystem
  • Today’s opportunity ?
  • What will be the killer cloud identity app?
  • Photo by IvanWalsh.com on Flickr
  • Thank YouJoin the conversation: #forcewebinar
  • GO GIANTS!!!Join the conversation: #forcewebinar