Centralisation of IAM (Identity and Access Management)
This is part 2 of the series where we briefly discuss modern trends in IT that affect IT professionals and application developers.
Developed by Ibrahim Muhammadi - founder of AppWorx.cc
Unblocking The Main Thread Solving ANRs and Frozen Frames
Centralisation of IAM (Identity and Access Management) 7 modern trends every it professional must know about (part 2/7)
1. 7 modern trends every IT professional
must know about (Part 2/7)
cc: slworking2 - https://www.flickr.com/photos/18548283@N00
2. Centralisation of IAM (Identity and Access Management)
cc: Thomas Hawk - https://www.flickr.com/photos/51035555243@N01
3. Most applications need some authentication system to
identify users and manage access to different parts of
the app
cc: perspec_photo88 - https://www.flickr.com/photos/111692634@N04
4. This is called IAM (Identity and
Access Management)
cc: Sarah M Stewart - https://www.flickr.com/photos/92632631@N00
5. If the user is an enterprise employee it is done via
Employee IAM and for public facing resources used by
customers it is done via the Customer IAM
cc: aaronvandorn - https://www.flickr.com/photos/94197248@N02
6. Most applications need IAM and hence
changes in IAM will affect most
application developers.cc: rmlowe - https://www.flickr.com/photos/8143486@N04
7. IAM is handled traditionally by application developers
themselves - mostly by sticking a password form at the
gateway of the application - Challenging users to prove their
identity.
cc: Bruno Santos - https://www.flickr.com/photos/65062705@N00
8. That has resulted in fragmented IAM with every
application storing user passwords and implementing
their own security policies.
cc: the justified sinner - https://www.flickr.com/photos/54799099@N00
9. From the developer perspective IAM was a
necessary evil - the application was their focus of
course and not the IAM.
cc: kirainet - https://www.flickr.com/photos/69078600@N00
10. Most developers just stored passwords in a database and checked
against that database at login time issuing tokens, cookies or
session ids to the client for further identification and access
management.
cc: jeff_golden - https://www.flickr.com/photos/46868900@N00
11. This had an adverse impact on security esp. since users used
the same passwords on multiple sites and security breaches
and stolen passwords on one system affected many others.
cc: Visual Content - https://www.flickr.com/photos/143601516@N03
12. This fragmentation of IAM, lack of focus on security
and lack of focus on user experience in the
authentication process was problematic. But that is
changing now.
cc: basykes - https://www.flickr.com/photos/11399912@N00
13. IAM is getting centralised - with standards like
"OpenID Connect" on top of “Oauth 2.0" protocol that
provide the flow needed for "OpenID Connect"
cc: Jim Nix / Nomadic Pursuits - https://www.flickr.com/photos/34825346@N02
14. For application developers this means that they no
longer have to worry about authenticating users or
handling IAM. It can now be delegated to Identity
providers.cc: sk8geek - https://www.flickr.com/photos/26170836@N05
15. This centralisation of the IAM means that application
developers do not have to do policy making for
security and no more login forms of course.
cc: AJ Batac - https://www.flickr.com/photos/89309115@N00
16. The best part is perhaps - No more need to
store passwords by developers of individual
applications.
cc: The Daring Librarian - https://www.flickr.com/photos/43666171@N07
17. This also means that users are more in control of their
identity and can grant or revoke permissions given to
any application - all from one place.
cc: sp3ccylad - https://www.flickr.com/photos/46978810@N00
18. The user experience is now centralised into the hands of ID
providers whose focus is on security, UX and the IAM
process. Centralisation will lead to better UX and better
security.
cc: Daniel Kulinski - https://www.flickr.com/photos/7729940@N06
19. Application developers can use the flows provided by
Oauth 2.0 to obtain ID tokens and use these signed ID
Tokens to identify the user throughout the app.
cc: vintagedept - https://www.flickr.com/photos/42826854@N00
20. Since ID providers specialise in IAM, they can evolve
over a period and can integrate with biometric systems
and other password-less systems to make the auth
process better.cc: hawaii - https://www.flickr.com/photos/35034363370@N01
21. These improvements will automatically be
shared by all applications that use that IDp
because of centralisation.
cc: ryancr - https://www.flickr.com/photos/33128961@N00
22. Also all security and other policies can now be controlled
from one place. Which apps should be used by which users
can be controlled at one single point by "Single Sign on
(SSO)”
cc: andrechinn - https://www.flickr.com/photos/16167252@N00
23. The proliferation of cloud apps and also mobile apps
has led to this major paradigm shift in IAM and has
been facilitated by OAuth 2.0 protocol and OpenID
Connect.cc: Matthew Burpee - https://www.flickr.com/photos/76323119@N00
24. Next part of 7 modern trends every IT
professional must know about
cc: yourbartender - https://www.flickr.com/photos/10164012@N00