Dear Enterprise Application Vendors:

I believe we’ve hit a crossroads, my friends. Here’s what’s happening. We have a groundswell of support and interest in technologies that reduce the need for passwords in the Enterprise. Some of these technologies have been around awhile. Some of them are new. All of them want to integrate with YOU, the Enterprise Application. Action is necessary in the immediate future.

In talking to your fellow vendors, I can almost feel the panic – you can’t possibly support all of the new technologies coming out, you aren’t even supporting technologies that are years old — how do you choose?

My advice is not to put money into one-off integrations — but instead to work to abstract the authentication/identification details from your core application code altogether. Now is the time to make those architectural changes, and to do so as a result of strategic vision rather than a frenzied response to a line item in a critical customer RFP.

No matter what technology rises or falls, flexibility in authentication methods will become a key differentiator in the next 5-10 years for Enterprise applications. Prior to this, the applications have pre-existed and SSO projects have attempted at great expense to integrate what is already there. I believe that in the next few years, the tables will turn. Cost of Enterprise Identity & Access Management integration will be factored into Enterprise Application business cases.

My preference? Set up your application so that the customers can write their own identity front-end integrations. Allow your client base to directly underwrite & collaborate on support for the technologies that they need.

I think the trend is clear here — whether it is user-centric identity, 2-factor authentication, federation, or classic SSO– something (and maybe many things) will supplant the login forms and isolated proprietary communication of identity data that happens today. You can surf that wave, or you can let it pound you into the sand… which will it be?

For those of you in the IT industry — if you agree, be VOCAL. We all know that the squeaky wheel gets the grease. If you want flexibility in identity integration for your Enterprise, you have to ask for it, ask early, ask often, and ask LOUDLY…

6 Responses to “Dear Enterprise Application Vendors:”

  1. Brian says:

    here here!

    (bet you didn’t see that one coming did you?)

    I couldn’t agree with you more Pam. I keep talking with more and more vendors, whether hosted services or enterprise applications, and the recurring theme seems to be, “We support x and z, but can’t do y”. Stop locking yourself into x, y, or z – Let me bolt on whichever authn/authz scheme I have decided to use. But when I say “bolt on”, I do not mean “perform surgery on your application”.

  2. Nick Owen says:

    Hopefully, this will be the start of a trend…

  3. [...] 5, 2008 · No Comments Pamela Dingle has some great suggestions about identity enabling applications that she directs at the application vendors. The problem is [...]

  4. [...] her open letter to application vendors and roles versus rules, Pamela Dingle is kicking up a lot of dirt. I tend to agree with most of [...]

  5. [...] ever thought-provoking Pamela Dingle has issued a challenge to Enterprise Application vendors. In it, she puts forth the idea that technology and market demand has reached the point where those [...]

  6. For me, the key to this whole thing is the brick wall you have alluded to – how do I, as an application architect/designer/developer, go about doing this? There is a lot of work we as an industry have to do to enable them. We have to do for identity management what JMS did for messaging in the J2EE space. My answer has always been to try and get a comprehensive set of Identity Services defined, along with an API interface (coding to standards is really hard, and the standards change too much, better to use them as API-to-Provider bindings).

    Like I said in my post, we’re listening :)