Chapter 19. Identity Management Reference Architectures

When I was CTO at http://iMall.com, we were frequently pushing technology envelopes. A lot of the web technology that people take for granted now—such as application servers, templating frameworks, and even relational databases—were either not available or not widely used in building web sites. At the same time, new technologies were being developed at breakneck speed as people tried to create the scaffolding on which the World Wide Web would ultimately be erected.

As CTO, part of my job was to develop an overall technical strategy for the company and decide not only what products we'd build, but how we'd build them. I found that just picking a technology wasn't enough. Even if I understood the technology well and could see how it would fit into our overall system, communicating that vision to the system architects and developers was difficult. What I found myself doing, over and over again, was building a small pilot project that showed how a particular technology worked, how it fit into the suite of other technology choices we'd made, and why it was beneficial. There's something about a real design and working code that grounds a technology choice and makes it real.

The last six chapters have shown you how to create an IMA for your organization that guides design and implementation so as to encourage interoperability. In Chapter 17, we saw how an identity interoperability framework, using a formal process, can make technology choices. Beyond merely making technology choices, however, an IMA should also put those technologies in perspective in the same way that my experiments did for iMall. Doing so will help system architects and software developers understand how their designs fit within the overall identity management strategy.

I didn't realize it at the time, but what I was doing at iMall was creating informal reference architectures (RA). A reference architecture is a diagram or set of diagrams that shows the distribution of system functions among components in the identity infrastructure and provides a topographical map for how those functions relate to each other. Reference architectures do not give the design for an actual system or even a detailed diagram of how those systems interact, but rather provide architectural guidance and best practice information for practitioners. The reference architecture provides technical practitioners and business planners a goal state and gives a clear picture of the infrastructure that the enterprise is building.

This chapter will present the outline of a very general reference architecture for a digital identity infrastructure. As part of building your IMA, you should adapt this reference architecture to your own needs and circumstances. This chapter will also show you how to do that.