Open Letter to Tim O’Reilly : Publish the Open Source IAM Cookbook

1
Open Letter to Tim OReilly Publish the Open
Source IAM Cookbook

• Tim,
•  
• 10-20 years ago there were no open standards for
  identity and access management. It was not even
  clear that identity would use HTTPS for
  transport.
•  
• I speak with system administrators, security
  architects, and web application developers who
  are describing how day by day it is becoming more
  difficult for them to manage inbound SSO from
  partners, and outbound SSO to an array of
  internal websites, SaaS services and Federated
  Sso.
•  
• Without Internet standards to authenticate a
  person at a domain, bridge identity solutions
  have emerged, for example Face book Connect and
  Google sign in. At the same time, enterprises are
  locked-in to bridge solutions like CA Site
  Minder or Oracle Access Manager high priced,
  proprietary identity provider saml and Access
  Management suites.
•  
• 20 years after the Internet explodes, open
  standards for Identity and Access Management have
  finally evolved. And there are a few open source
  implementations of these standards.

2
Like TCP/IP or the Web, standards for identity
can be the coral reef for an ecosystem of
enhanced services. Just to give one example,
think about document sharing. Google has jumped
out in front but it only works if you a have a
Google ID. Without Internet standards to build
on, document sharing applications will have to
use identity from centralized hubs.   As a
society, Internet standards for identity can
reduce our reliance on big centralized identity
kingdoms like Google, Face book, and Verizon, who
have proven to be easy targets for government
spying.   Internet standards for identity will
also help us battle some of the smaller identity
fiefdoms for example the websites and
applications who do a bad job storing our
passwords. This will make the electronic world
safer for the average person.   In the next 1-2
years, every domain on the Internet will adopt
Internet standards for authentication. Will these
organizations use (a) a cloud providers like
Microsoft or Sales Force? (b) Enterprise software
from a company like Oracle? Or (c) Open Source?
The last option will have to overcome a serious
handicap without a book from OReilly, telling
them that its possible.
3
How the various platforms interact is complex.
Although silod guides exist to document these
platforms, its hard to figure out how to get the
components to work together to deliver a robust
authentication and entitlements management
service for your domain.   This book is late it
should have been written in the 90s, but the
problem of Internet identity was inconveniently
large and complex. It requires both tools and
rules to make it happen, and neither were clear
when the Internet was under-aged.   The book
would have the following sections (1) OAuth2 (2)
SAML (3) LDAP. The sections could contain
sub-chapters on available open source platforms.
For example Shibboleth, SimpleSAMLphp, and Asimba
for SAML. OX, NRI, or MitreID for OpenID Connect,
and OpenDJ and OpenLDAP for LDAP.   Article
resource-http//thegluu.weebly.com/blog1/open-let
ter-to-tim-oreilly-publish-the-open-source-iam-coo
kbook