Outsourcing Identity and Access Management
I've been working for a decade with companies struggling to implement complex custom solutions for IAM. The reason is probably because standards arrived just in recent years; before, it was too easy to implement a custom solution to look ahead to the complexity and the total cost of ownership that a custom IAM may hide.
Let's recap the basic features of a (custom or out-of-the-box) IAM solution:
- Identify an individual
- Assign roles or, generally, attributes to those individuals
- Grant a valid pass to enter the application
In addition to these features, an IAM solution must provide users with a generic framework to build the company's applications by segregating the responsibilities of who develops an application and who owns the IAM process.
Tons of custom applications may handle a login in this way:
public static AuthUser CheckIdentity(string username, string password)
{
using (var ctx=new UserContext())
{
var user = ctx.Users.Find(username...
