There is little doubt that identity management is undertaking its biggest transition since its inception 35 years ago. The main drivers of this phenomenon are: cloud technology and the proliferation of smartphones.
The old regime was characterised by a "prohibition" focus with access control based on restricting access unless it was specifically permitted. The guiding policy was the "principle of least privileges" whereby newly hired staff were given accounts the that were basically useless, with access to the the mail system and little else.
Many spent their first few days at work getting access to the applications required for them to perform their jobs; a great waste of time and money.
The new order is characterised by developing trust relationships, and it is supported by compelling arguments. Most organisations have gone as far as they can with their existing the identity validation facilities. As access requirements extend to contractors, business partners and customers, a new paradigm is required: trust placed in external identity provider services for the authentication of users accessing protected resources.
Already most of us have Google Ids or LinkedIn profiles that serve to identify us sufficiently for most online requirements. It makes no sense for a business wanting to sell me something, or a government wanting to provide a service, not to trust my GoogleId for this purpose. They don't need to go to the expense of deploying a website to collect my details, vetting them for accuracy, and managing my details in accordance with legislation. This is expensive and not necessary.
While the Gov-online initiative in the US has struck a rough patch with funding restrictions the UK Verify program in the UK is overcoming its detractors an is a good example of how trust in IDPs is becoming mainstream. Australia has softly announced GovPass as the vehicle for government access management at the Federal level and CIDN in Queensland, Service NSW and ServiceVictoria are gaining traction.
Watch this space.
Graham