Many modern businesses have internet-facing properties, such as web sites and applications, e-commerce applications, mobile applications, and other network based systems. Most of these businesses are interested in expanding the user base associated with these internet-facing properties because greater adoption rates often translate into greater revenue.
It is common for these properties, such as web applications to require user-identifying information. For example, an application may require the name, address, and date of birth for a user. This user-identifying information is usually gathered by the application, which stores the information in a database or other storage system for later retrieval. By keeping user-identifying information within the system, the application may allow users to authenticate with the system using only minimal information, such as a username and password, after which the user may have full access to the system without re-entering the user-identifying information.
Although the storage of information by each application has become more convenient for the user than it would be if the user were required to re-enter identifying information every time the user used the application, such applications and internet-facing properties have become ubiquitous. Furthermore, new applications and internet-facing properties are released with such frequency that users have become accustomed to “trying out” new applications only to discard them later. Often, users will abandon an application if they are presented with a requirement to fill out another form with user-identifying information, because users are growing tired of providing the same information to many different web applications. At the same time, users are becoming more aware and cautious about which businesses they will provide user-identifying information to, and just how much information they will provide.
There are some public websites that are so popular that, when taken as a group, they have user-identifying information for a large percentage of Internet users. This information is stored in the form of user accounts that represent “Internet Identities” for the users described by the accounts. These accounts are in public sites like Facebook, Google, and Yahoo!, and represent a treasure trove of tens of millions of users—users that enterprises would like to attract to expand their user bases. However, enterprises have existing investments in identity and access management systems that are not equipped to handle these identities. In other words, these systems are unable to integrate with these varied technologies, and have difficulty managing the scale and security aspects of internet facing deployments that use these technologies.
Some prior attempts at leveraging Internet identities have been made, but most of these solutions are custom built “band aids” that are hard-coded to the products meant to benefit from the integration. These products provide some integration solutions but the solutions are too tied to the product, and cannot be re-used or leveraged for use with other products. Overall, prior solutions lack the extensibility, scalability and security to tackle the both the problems of coping with the changing internet environment as well as preserving investments in existing identity and access management solutions.