I've recently returned from this year's Cloud Identity Summit, the annual confirmation of how much I still have to learn about this topic. The brainchild (and some would say the third child) of Ping Identity's CEO Andre Durand, the growing popularity of CIS reflects the increased popularity of identity topics in our increasingly cloud-focused world. The conference has experienced double digit growth each year since its inception in 2010. From mostly "identerati" focused on shaping identity standards in the first couple of years, the conference now has a broader range of IT professionals with a broader range of skillsets, from novice to expert. The attendees were mostly from large to very large enterprises that have identity specialists, and a number of independent consultants that focus on security and identity topics.This year the kid-friendly event had around 550 registered attendees, with 800 including families.
Cloud identity is about how authentication, authorization, account provisioning, and governance works in the web services world. It's also about how you connect your on-premises identity sources such as Active Directory to this world. Though the same identity management principles apply at the highest levels to both worlds, the details are very different. (If you need a grounding in cloud identity, look no further than my Enterprise Identity column.)
The first two days of this year's conference were taken up by a variety of pre-conference workshops, from "The Hitchhiker's Guide To Identity" to updates from the federal government's NSTIC (National Strategy for Trusted Identities in Cyberspace) initiative. By the time the plenary session Wednesday rolled around on Wednesday morning, I'd already gotten to meet and spend time with some really experienced identity professionals. In a specialized conference such as this, the breadth of topics is quite narrow compared to more general conferences. But this focus isn't a problem if identity is your job, and the resulting depth may be exactly what you need.
This points out one of CIS's strengths: If you're working in identity, it's about the best place you could spend a week networking with your peers. The workshops of the first couple of days are well attended, but it's a relatively small group so it's easy to get warmed up to the conference's atmosphere. Then when you walk out of the Tuesday afternoon workshops, the place is bustling with the arrival of main conference attendees. And unlike your average IT conference, attendees aren't afraid to dive in and talk to each other. I've been privileged to meet or gotten reacquainted with the top identity players for GE, Google, Salesforce, Intel, Microsoft, Citigroup, and the NSTIC program, among many others.
Some of the high points of the conference for me:
- Mark Wahl slipping in the announcement that Microsoft continues to add "table stakes" features to its Azure Active Directory IdaaS offering, the latest being the Access Panel third party web service portal.
- The NSTIC update, where we learned the IRS can save up to $305M annually by adopting an improved, NSTIC-aligned identity management system. (Cue the IRS jokes.)
- Andre's Wednesday keynote, where he pointed out how aspects of identity we've thought about are becoming reality (for example how our online reputation is being shaped by who we know, visualized by the beautiful LinkedIn Maps)
- Nishant Kaushik's talk on IDaaS, the Now Big Thing.
- Several keynote presenters (who'd not seen each other's presentations) stating that we're seeing slow emergence of a standardized identity protocol stack based on OAuth 2.0, OpenID Connect, and SCIM.
- The CIS Thursday morning boot camp, where a couple of former Navy Seals come up with some fun at 6 AM for willing participants. Last year's boot camp featured a dunk in a cold mountain stream; this year's aquatics involved calisthenics in and around a (much warmer) pool.
- And of course, Bob Blakley's silent but compelling closing keynote.
Rajiv Dholakia of Nok Nok Labs taught me about the work the FIDO (Fast IDentity Online) Alliance is doing. The FIDO Alliance is a non-profit formed at last year's CIS to address the lack of interoperability across the range of strong authentication devices (e.g. smart cards, USB dongles, fingerprint scanners, etc.), and to simplify the user experience associated with them. If there's an overarching standard that developers can easily use for strong authentication, more developers will make strong authentication options available – and that's a good thing.
Vendors keep coming up with new ways to enhance traditional structures with web services. For example, take the humble and ubiquitous LDAP server. Radiant Logic announced the beta of HDAP, a cloud directory built with LDAP and Hadoop. Because it's a scalable cloud service, HDAP removes the bottleneck of the traditional on-premises LDAP server to service the very high rate of authentication and authorization requests that can be caused by modern applications.
Finally, there's another insight you get from a conference like this: You're outside of the Microsoft world of enterprise AD forests, into the wide, wide world of web services. It's important to get a sense of perspective of just how small Microsoft's presence - or at least their mind share - is in the web services world.
If you want some idea of what it's like to stand around in conversation at CIS, subscribe to John Fontana's "Identity Conversation" curated list of identerati. And if you're interested in seeing photos of the week (there are some really good ones), check out http://eventifier.co/event/cisnapa13/.