Identity Portability as a Key Enabler for Virtualization

I was recently asked for my thoughts on whether identity portability and identity standards were a key enabler for virtualization. I was also then sent a link to an article about how a lack of industry standards may threaten virtualizations growth.

From my perspective choosing to leverage virtualization is currently a system operations driven decision. I seriously doubt that in today’s virtualization world, application functionality such as authentication and authorization is a major consideration when choosing whether to leverage virtualization technology.

Identity becomes important when organizations start to take advantage of outsourced virtualization (e.g. Amazon’s EC2). It is highly unlikely that an application designed for use inside the company will be able to be seamlessly migrated to an outsourced virtual machine running on Internet facing hardware. Achieving this virtualization independence will require that an application can be run on a local or remote virtual machine without change. This means that any authentication related application functionality must be secure, loosely coupled and standards based. The developer should not be baking authentication functionality directly into the application as he won’t know where his application is being deployed. As such standards based, secure SSO becomes paramount.