Thursday, June 21, 2007

Federation Woes

Techtarget has an insightful article on the difficulties surrounding Federation and its abilities to penetrate the market. Alot of the content arises from Burton Group's Neuenschwander, and his work on the topic. Neuenschwander eloquently sums it up: "Businesses have inescapable constraints and markets are brutally pragmatic."

Very true. In my experience, companies who may have a business need for managing authentication and authorization for externally facing apps more effectively with specific partners - BUT don't view it as absolutely critical for their business will opt not to deploy federation for two reasons:

1. The invasiveness of the technology vis-a-vis the partner's environment. i.e. the requirement of deploying a federation server in the client environment.
2. The legal ramifications involved as to liability and data ownership ("who owns the data associated with various identities and who has the final say when the data doesn’t agree") ... Phil Windley has written some interesting points regarding this.

I've dealt with a number of companies that were very interested in the technology, but decided to go with other, less elegant solutions because of the complications involved with these two concerns. On the other hand, when the business case is strong enough - federation is a wonderful solution.

A few years back when I got interested in federation, I was very impressed and was looking forward to aid federating the world. Unfortunately, it didn't turn out that way. As Neuenschwander stated... "the world isn't as it is in developers' dreams...businesses have inescapable constraints and markets are brutally pragmatic."


Anonymous said...

I think if you look at the rhetoric in the past about federation and look at the world now, it's hard to argue with any of this. The KISS principle has a lot to do with this, and liability consumes the remainder. Business wants control, but not when it comes with potentially expensive responsibilities.

Dustin Puryear
Author, "Best Practices for Managing Linux and UNIX Servers"

sexy said...