Jonathan Sander of Quest has this to say about the coming identity apocalypse. Interesting stuff.
This got me thinking to a fascinating aspect of identity management in the ASP (and SaaS) space, and that it the delegated nature of identity. For example my current employer CareMedic (now part of Ingenix) offers hosted services where authorization decisions are made based on the identity of the user. Since these are medical revenue cycle applications, the authorization decisions are covered by various regulations such as HIPPA.
But here is the interesting part. We don’t really need verify that the identity we know is actually a specific person. We trust our customers (the health care service providers) to validate that the identities they provide us are properly vetted and they determine the roles that those identities fulfill.
And this is the fundamental trust issue pertaining to the identity providers that Jonathan Sander discusses. The entity with the financial stake must validate the real person behind the identity.