The Next TCP/IP Moment in Identity

Loved reading the book Ask Your Developer: How to Harness the Power of Software Developers and Win in the 21st Century by Jeff Lawson.

Jeff says in the book that every company is on a journey to becoming a software company and everyone is starting to see the world through the lens of software. He defines the term, software person. A software person is not necessarily a developer, it’s anybody who, when faced with a problem, asks the question, how can software solve this problem?

Build vs. Buy (or vs. Die)

In the book, Jeff takes the popular debate, build vs. buy, to another dimension; build vs die. As every company is becoming a software company, the competitive advantage they build is in the software they build. When software becomes the interface where the services you offer, meet the customers; unless you build it in the way you want; you die!

Building what you want gives you the freedom to experiment (or innovate). More you experiment or the ability to experiment more, gives you the edge to understand your customers more. Hence, you grow your business.

Build, does not necessarily mean building everything from scratch. You don’t build anything that already exists, given that it provides what you need. You only build things that are core to your business, which help building your competitive advantage over all the others. The rest, or the building blocks that help you build what you wish are part of the digital supply chain.

The Digital Supply Chain

Uber, for example, uses 4000+ microservices internally. However, not all of them are developed by Uber itself. Uber uses Google Maps API to pull out location data, the Twilio API to facilitate communication between passengers and drivers and many other APIs. All these APIs are coming from the digital supply chain Uber picks to build its product. Then again, these building blocks in Uber’s digital supply chain are also available to Lyft, and other Uber competitors around the world. What brings Uber the competitive advantage is in what they build!

The software you build, can be your product, at the same time it can be a building block for another product. Google Maps is Google’s product, however the Google Maps API is a building block for Uber. Alexa is a product of Amazon, however Alexa API is a a building block for Nissan.

Picking the right digital supply chain is equally important as what you pick to build. Think, what if Uber had to build something equivalent to Google Maps from the scratch? From 2016 to 2018, Uber paid 58M USD to Google for using Google Maps. But, then again it’s a peanut, when you compare that with their revenue in 2019, which was 14.15 billion USD.

Having the right digital supply chain helps you to optimize your development team to build only what you need and no more. Instagram, for example, was only a 13 people team, when Facebook acquired it for $1B in 2012; and WhatsApp team was only 50, when Facebook acquired it for $19B in 2014.

Build Your Own Identity Stack?

Every service you develop, every API you design, every device you use, every person you interact with, will have a managed identity, and in today’s hyperconnected world, the Identity integrations with these business applications and systems, is going to be critical.

Going back to the build vs. die debate; do you still have to build the Identity stack to gain the competitive advantage in your business? If you are in the Identity business, of course yes, for all the others no. Identity stack you need to build your product is a building block in the digital supply chain.

You never worried about building a TCP/IP stack yourself, so, don’t worry about building an Identity stack yourself. However, over the time we have spoken to over a thousand companies (hundreds of them are WSO2 customers), and in most of the cases they bring in unique identity requirements. The uniqueness comes in those requirements are specific to the industry they are in and also specific to the complexity of the business problem they want to solve.

Identity is core to any business, and how you manage identity will also help you in building competitive advantage. At WSO2, we have worked with 90% of the Identity Server customers to solve complex identity problems. Identity Server is open source, and if the business problem is straightforward, they don’t even talk to us, they simply use the product as it is. However, when we work with complex Identity requirements, we have extended the product to solve specific business problems.

Building these extensions, specific to unique business requirements helped companies to differentiate themselves from others. Then again, they didn’t want to build everything from scratch — rather they started with what’s common (and available to everyone) and started innovating on that. That drastically reduced the time-to-market, and also gave the freedom to innovate.

I don’t intend to contradict with what I mentioned before, that the Identity stack is part of the digital supply chain you pick, however, the Identity stack you pick for the digital supply chain should have the flexibility to extend with minimal effort to build business requirements specific to your business.

The TCP/IP Moment in Identity

In the 70’s, having support for TCP/IP in a product was considered to be a competitive advantage. Today, it’s given, and nobody worries about TCP/IP support; it’s everywhere.

Ian Glazer from Salesforce, mentioned in his keynote at the European Identity Conference 2016 that, it’s the TCP/IP moment in Identity now. He in fact talked about the open standards (SAML, OpenID Connect, OAuth, SCIM, XACML and so on) in the Identity domain, and how they are going to be part of every product, so no Identity vendor is going to gain competitive advantage just by supporting the open standards. RFPs looking for Identity products will not even worry about asking support for these open standards.

The Next TCP/IP Moment in Identity

Developers do not worry about building a TCP/IP stack, or even worrying about TCP/IP while building software. We believe, the Identity integrations with business applications and systems need to be developer-first (or developer-focused) with the right level of abstractions and tools. And, doing that right, would be the next TCP/IP moment in Identity, that will free the developers from worrying about complexities in Identity integrations.

The Developer-first IAM

The single Identity administrator role has started diminishing, and the role of the developer is becoming more prominent in Identity integrations. These developers need a better abstraction over core identity concepts; and the developer-first IAM is the way to realize the next TCP/IP moment in Identity.

In the consumer Identity space, when we talk to enterprises, they bring in their unique requirements. In many cases they look for a product that can be used to build an agile, event-driven consumer Identity (CIAM) platform that can flex to meet frequently changing business requirements.

A developer-first IAM product builds an abstraction over the core Identity concepts in the form of APIs and SDKs, provides tools for troubleshooting, has the ability to integrate with the organization’s build pipeline, carries the right level of developer experience and has the ability to extend product’s core capabilities to fit into organization’s complex IAM requirements.

As every company is becoming a software company, and starting to build their competitive advantage on the software they build, the developer-first IAM will free the developers from inherent complexities in doing Identity integrations. That’s the next TCP/IP moment in Identity!