Search



AuthenticationWorld.Com

About

This page contains a single entry from the blog posted on June 30, 2007 9:12 AM.

The previous post in this blog was Microsoft releases MOICE.

The next post in this blog is Burton Group Catalyst - Role of the CIO.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]

« Microsoft releases MOICE | Main | Burton Group Catalyst - Role of the CIO »

Burton Group Catalyst - Federation

This is the first in a series of blogs about topics I found very interesting at this year's 2007 Burton Catalyst conference in San Francisco which has just completed. This blog will cover federation.

Mike Neuenschwander of Burton gave an interesting presentation about federation discussing potential glass ceilings. I agree with most of his comments but I had some trouble with the lack of discussion about the many legal issues surrounding federation as well as ways to increase the speed of getting potential federation partners on line.

In a conversation I had with Andre Durand, CEO of Ping Identity, he said that his focus was on figuring out how to scale federation deployments.

In my opinion, Legal needs to be brought in at the very beginning of any federation project. I have seen and heard of many projects significantly slowing down because Legal was brought in too late, they didn't understand the many issues involved in federation and they also weren't involved in creating streamlined federation legal processes.

Secondly, many federation projects also slow down due to testing issues. Frequently, the partners aren't ready to test the federation interface. I believe that this too can be sped up by technology and business process.

A small company called Fugen Solutions was at the conference. They have some software that allows both Federation parties to test independently and then to bring them together. This will likely prove very valuable in speeding up the process.

I believe that the federation business process can be streamlined similar to the SSO factory model that I have constructed several times in the past. A Federation factory would involve the business partner being provided with business, legal and technical documents in advance. These would answer most questions about what responsibilities the business partner has.

The business partner would complete an online form. The form would step them through all aspects of the federation requirements. When the form is submitted, the Federation Team would contact the partner.

The Federation factory would have different processes depending on the initial discovery work with the partner. Those who don't require customized contracts would proceed on a more automated path than those who do. Customized contract partners would immediately be put together with Legal on a separate track.

Further separate business processes would be set in place for those partners with their own identity management systems. These partners would almost immediately be granted access to the test environment.

Those partners who don't have any identity management systems would go down a separate business process. They would be contacted by the team and directed to simple, identity management tools involving manual identity entry systems, a virtual directory, etc.

The Federation Team must include staff from legal, business partner management and IT technical experts. Wherever possible, common legal contracts must be used trying to avoid doing unique contracts for every business partner.

A separate Federation test environment must be available. As part of the process, business partners must be told what is allowable in the test environment and what is not. Performance testing should be kept to an absolute minimum. Performance test results should be made available to the business partner documenting that the federation interface meets the requirements.

Many business partners should be in the front end of the "hopper" at any point in time. They should be completing their documentation and getting their legal, identity and infrastructure requirements in order. Enterprises should consider providing virtual directories and manual identity entry systems for smaller business partners that don't have an identity infrastructure. This can be outsourced to large telco's who offer outsourcing of servers and infrastructure services.

Many partners should be in the test environment at any point in time after completing the documentation and been given approval to proceed to the test environment. Use of software from Fugen may increase the pace of testing.

Then many business partners should be moving towards Production.

Boeing gave a presentation where they referred to some of the components listed above. They have a Federation team with legal. They also provide the customer with a Federation Handbook.

It is by applying a industrial model to federation that a better scalable federation system can be achieved. Is all this easy? No. However, I personally believe that thousands of business partners a year or more can be integrated successfully into Federation by applying these principles.

Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com

Posted by Guy Huntington on June 30, 2007 9:12 AM |

TrackBack

TrackBack URL for this entry:
http://www.authenticationworld.com/cgi-bin/blog/mt-tb.cgi/238

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)