Title: The Intersection of SaaS, Enterprise Software, and Open Source
1The Intersection of SaaS, Enterprise Software,
and Open Source
- The delivery of wam software has fundamentally
changed over the last decade. SaaS applications
have enjoyed broad adoption across SMBs and
large enterprises. But lets not get carried
away not all enterprise IT services will move to
SaaS. -
- The Gluu Server leverages standards such as
OAuth2, OpenID Connect, UMA, SAML 2.0, and SCIM
to enable federated single sign-on (SSO) and
trust elevation. The Gluu Server is used by
universities, government agencies, and companies
to secure employee facing and consumer network
services. -
- The most compelling reasons NOT to outsource your
IAM operations to a SaaS multi-tenant cloud
provider include -
- Security For many companies, a trust model
where a third party holds the private keys used
for signing security messages is not acceptable.
For other organizations, they are bothered that
if a breach occurs, they may not be notified. As
a customer of a SaaS, you may not have root
access on the compromised servers, handicapping
your ability to figure out what happened.
Net-net, SaaS authentication providers offer a
trust model that is just not quite right for some
paranoid organizations. -
2Compliance When personal data resides on third
partys server, ensuring that you comply with the
relevant government data-protection regulations
can be a challenge. At a minimum, it raises
questions that need to be addressed that would
not be a consideration if the authentication
server is located on the organizations private
network. Flexibility SaaS systems are not as
flexible in implementing unique business logic
for authentication. There are many new
authentication offerings mobile, biometric,
cognitive, tokens. Organizations dont want to be
limited to the measly number of officially
supported (and probably over-priced)
authentication options. Also, the workflow for
authentication includes more than just the part
about how to identify the person. APIs that
perform fraud detection, central logging,
intrusion detection, threat sharing and other
services may need to be integrated as part of the
authentication flow. For example, a company may
want to present a message You have never logged
in from country before we will send you an email
to confirm. Enabling companies to implement
flexible business rules for authentication has
not been a strong point for SaaS authentication
offerings. Price for customer facing
applications, the per user pricing model just
doesnt work. It would mean a commission to the
SaaS IDP on every customer sold. Even per
connection metering can add up. Although the
typical number of SAML relationships has been low
for organizations, OpenID Connect would likely
increase the number of partners.
3 Theres no silver bullet when it comes to
implementing a comprehensive authentication and
authorization (AA) service. Building and
operating a stack of open source identity and
access management software can be a challenge for
organizations. A subscription to the Gluu Server
offers a support model for open source and an
alternative to SaaS a hybrid cloud solution.
Gluu customers provide the IAAS service (compute,
persist, network, backup). The Gluu Server is
deployed on a server instance, and Gluu can
provide support, deployment, configuration
management, monitoring, and SLA reporting
services. Unlike SaaS services, Gluu does not
persist personally identifiable information on
our central systems. Our primary mission is
operational support for the people who are at the
front line of security for their
organizations. So if your domain authenticates
a lot of people (employees, customers or
partners), if your domain has complicated
authentication requirements, if you need to trust
some of your partners to authenticate their own
people (i.e. inbound SAML), if you have a lot of
connections to applications that want to use your
IDP, if you are a paranoid organization that
wants more control of the PII (or you even want
to actually see the code!), in general if you
have anything but plain vanilla SaaS applications
and a small number of users, you may want to
consider alternatives to SaaS. Article
Resource- http//thegluuserver.wordpress.com/2014/
05/16/how-to-benchmark-ox-for-a-large-scale-deploy
ment/