Can’t stop myself..

I’m on a one post per day ratio on a blog these days.. I’m quite surprised myself to be honest I’ve found out that writing (on a blog) actually is a good way of organising your thoughts; new ideas keep on coming now. So let’s go on..

I’ve blogged a couple of times on two-factor authentication and managing identities locally (on a device). I will call this client side Identity Management (c-IdM). The obvious counterpart of this would be server side IdM (s-IdM?). Now, s-IdM is an area where a lot discussion takes place, especially via the blogosphere. Server side IdM is about managing and simplifying communication of your identity in the network, via a set of protocols (SAML2.0, OpenID, WS-Federation etc.) and entities called Identity Providers.

For me it’s interesting how these two ’sides’ of IdM interact with each other:

As we strive to reduce sign on/authentication events by aggregating them via IdPs, strong authentication becomes much more important; impersonating the user at the IdP can grant access to multiple services! So, the more you federate your identity, the more you require strong authentication.

The multi-factor approach of the Identity OS (c-IdM!) is therefore fundamental for the success of federation and reduced sign on (s-IdM).