When AD Meets IdP

Posted on by

I have been working with the folks over at NetPro on putting together a 1/2 day tutorial on CardSpace, to be taught during the workshop day of the Directory Experts Conference in Las Vegas, on April 22nd, 2007.

Originally I had envisioned a blow-through of all the bits of the Identity Metasystem, demonstrating cross-platform abilities of multiple identity selectors, relying parties, and IdPs. The problem with this, is that such a tutorial does not necessarily align with the typical job description of the attendees of DEC; DEC attendees are deep subject matter experts in Active Directory & MIIS. They are not necessarily the people who will architect or implement authentication or SSO solutions – yet they are intimately concerned with how their identity data is used throughout the Enterprises they represent, and also how that data is communicated to third parties.

Perhaps the initial approach would be interesting from a pure geek viewpoint to many DEC Attendees – but the thing about a tutorial is that the tutorial day costs extra to attend, and I think that most attendees would not be comfortable spending corporate $$ if they can’t see a direct benefit to their Enterprise.

It literally took me until today to see the light — today I finally realized that these folks primarily need to be concerned with one particular part of the Identity Metasystem, because they are the future Identity Providers of the corporate world!

Luckily, the DEC folks are very flexible and accomodating, and in fact Gil (NetPro’s CTO) has created a wiki for people to review sessions, give feedback, and generally be involved in the DEC 2007 organization process. Gil wasn’t originally sure about my initial plan on CardSpace for the reasons I’ve mentioned above, he’s waiting to see if there is interest on the part of his attendees — I’m hoping that the revised plan I’ve got below will be more applicable and will constitute worthwhile business value that attendees can take back to their employers.

So on that note, if you have attended or will be attending DEC, or if you are interested in any way at all, check out my plan below, and check out the CardSpace Tutorial wiki page to give us feedback, indicate interest (or lack thereof), or offer suggestions as to how we could improve this plan! I really do think that it would be informative and useful to DEC Attendees to understand this technology, and I hope we can inspire the interest of enough people to keep this workshop on the roster!

When AD meets IdP:

What it Means to be a User-Centric Identity Provider in an Active Directory Driven Enterprise

With Microsoft’s release of Windows CardSpace, forward-looking enterprises will begin analyzing how user-centric technologies can be used to solve authentication problems both within and outside the Enterprise. In order to implement these technologies, information stored within AD (and other data repositories) will be accessed and distributed by a service layer referred to as an “Identity Provider”.

This tutorial aims to help Active Directory Administrators understand what user-centric identity is from the Identity Provider perspective, and how this service can be architected to both conform to and complement already existing AD policies and data.

Questions to be answered during the course of the tutorial:

  • What is an IdP and why would an Enterprise want to stand one up?
  • What kind of control will Identity Provider administrators have over the data passed?
  • How will admins know who is asking for what data?
  • What kind of business problems could be solved?
  • What audit capabilities exist?
  • How will this service work with provisioning efforts?
  • How will this service integrate with what may be already implemented?
  • What is the status of IdP efforts in this space, and when will popular adoption come?
  • What are the liability factors to take into account?
  • What are the necessary steps in standing up an IdP Service that rests on AD?
  • What AD-specific data could or should be passed?

Sign up for Pamela Dingle’s CardSpace tutorial at Dec 2007, and find out about how this new industry direction could affect you!

Well? What do you think? We need active conversation to know whether or not this is the right way to go…