In the past few years, Identity Access Management (IAM) has emerged as a critical issue for most organizations. It is a combination of two important technologies: Identity federation and identity management.
Identity federation is quite simple: it’s about linking together various user names and passwords (or other credentials) to create a single identity. For example, even though Steve Jackson Games owns the rights to Ogre and uses the open source Ogre library to develop it, we still need to link a user name such as “Steve Jackson Games” with their account information such as their email address and password. There is no need for IAM in this scenario since both Ogre and Steve Jackson Games are controlled by the same organization; but once an organization wants to link some more functionality like online multiplayer
Games or hosting services with those same users, there’s no reason why they should not do so using IAM.
Identity management on the other hand encompasses all of the services that we might want to use for authentication, authorization, encryption, etc., including things like questionnaires, security control mechanisms (such as firewalls), dynamic or static authorization/access rules based on things like location or device type, external tools such as MDM solutions (which enable you to manage devices from multiple vendors), etc.
One of the interesting things about IAM is that it really does not have a single term for what it does: different organizations talk about it differently depending on how they want to deploy it. A good example of this is Microsoft’s concept of “domain-based identity management” which they introduced in 2010 with their implementation of Azure AD (which was first announced at Build in 2010). They also talk about federated identity when talking about Windows Live ID (which is part of what gives Microsoft Live ID its unique look).
In short, Microsoft offers one solution that can be used across many different applications/services; while others talk more specifically about what they mean by identity federation.
All these terms are very useful but need some clarity. We should be clear that we mean federated identity — i.e., when you sign up for an account at an organization such as Facebook or Twitter with your credentials from one website you get them automatically linked with your Facebook or Twitter account at another website — just like when you sign up for an account at Amazon using your credentials from Amazon Web Services your logs get automatically linked with your Amazon account at another website; and so forth
