Securing the modern web: Open sourcing the future of IAM
by Lasse Andresen - CTO of ForgeRock - Friday, 16 August 2013.
Open source IAM can rescue the modern web

Open source IAM is able to adapt to the modern Web where legacy IAM vendors cannot, for several key reasons.

Open source IAM products are designed to be unified, lightweight, modular, and scalable. This allows them to quickly and easily adapt to the ever-changing, ever-growing requirements of the modern Web. Legacy products were built by acquisition over time, making their solutions inherently piecemeal, bulky, and complex—and thus ultimately time-consuming to implement and inefficient in practice.

The open source build process itself facilitates organized, lightweight, and efficient design that can adapt to the shifting security needs of the modern Web. With access to the source code, a wider community of developers works together to develop fixes, innovations, and stable new releases, checking each other’s work for fewer bugs and quicker fixes. Unlike the traditional development process, the users have the opportunity to evaluate and critique the actual code, not just how it works but how it was written to work. This doesn’t just make open source IAM the fastest, most adaptable solution on the market, but also the safest, most secure IAM solution available.

Developers are also notoriously hesitant to release code with their name on it without thoroughly vetting it first, lest they lose credibility with the entire community. Because the world can see their work, developers strive for a great product that earns them the respect of their fellow developers, maximizing quality.

The collaborative nature of open source IAM also speeds development, making open source IAM highly responsive to consumer needs and quick to release product updates, fixes, patches, and stable new versions, thus providing great value for money.

Open source IAM provides a development model where organizations can commit code tailored to their needs back to the project, where it must pass a rigorous quality assurance process, providing a level of participation and influence that is not possible with proprietary IAM offerings. For vendors who use an open source development process this means that a broader, more timely set of requirements and use cases can be considered when defining the product.

The benefit of open source is that modifications of general interest can be vetted and accepted into the code base much faster, diminishing the need for additional development work on the part of the customer, or expensive requests for custom code from legacy IAM vendors.

Over time, open source has the power to bring identity and access management code development for the majority of companies—big and small—into alignment, thereby establishing a safe, useful, efficient, and elegantly architected IAM standard for the modern Web.

And at the end of the day, open source IAM is investment protection. When a proprietary vendor decides to stop supporting one of its products and announces “end-of- life,”the installed base of customers have few options other than to replace it, a far too common scenario that comes with high cost and risk to the business. Open source products, on the other hand, do not suffer this risk. With access to the source code, the larger technology marketplace will continue to support and innovate products and solutions where there is customer need.

The open source model presents a highly attractive alternative as enterprises seek out lightweight, flexible IAM solutions that can accommodate both the standard needs of the traditional, on-premises enterprise, and dynamic requirements of the modern Web, whether mobile, social, or in the cloud.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th