King of the wild frontier

You have to love it when someone ties together Davy Crockett and the iPhone as Mark Wilcox does here. And he makes a great point about federation as well:

Thus you should begin adjusting requirements. For example – its time to break the addiction thinking that just to get access to IT resources they need to log into a Windows domain. Instead focus on network-based services such as file shares & network mail (whether Web and/or IMAP based).

Accept that federation (such as SAML) is not just SSO between your company and a remote service but really about SSO between domains that do not control the other. Sometimes that is going to be an external partner but it could also be another business unit.

When I was with BMC/OpenNetwork I often worked on federation projects that did exactly that. Companies where federation (typically SAML) was used to allow users to cross domains with organization. One example was a large communications company that had acquired multiple subsidiaries that still operated fairly independently. They wanted all users to be able to access common services such as HR Portals. In such an environment provision usually plays a key role as well as federation (one could even call it federated provisioning).

There is one IT/Davy Crockett analogy I want to make:

Be careful what cause you take up. It may not end well for you if you choose poorly.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s