What Other Software Is Like CIAM?

Heya,

Customer identity and access management is a good application component to outsource because of some of its attributes. In general, CIAM is:

• mostly undifferentiated functionality: one login screen is very similar to another, in terms of layout, authentication choices, and functionality.

• complex: while login screens are similar, they aren't simple. There are a number of features that are table stakes that can have subtle implications, whether it is a timing attack or a mis-implementation of one clause of an RFC.

• core to an application: authentication and authorization are the front door and room doors, respectively, for your application. You need them to be highly performant and available.

• risky: not only because of its prominence, as mentioned above, but also becasue of the data it holds, including credentials and personally identifiable information

• versionable: developers need to be able to build on a firm foundation. Upgrades shouldn’t be forced, but rather available after a team tests to make sure their application doesn't suffer from any unexpected changes.

• standardized: while not all aspects of CIAM are standardized, the most important one, the sign-in process, is, via the OIDC and SAML specifications.

• implemented by developers: expensive software engineering teams can obtain leverage and become more efficient by choosing the right outsourced solution.

I was wondering what other common software system components met most or all of these criteria. I think the answer is most of them. A good place to start is the list of AWS services. AWS services such as:

• SNS, the simple notification service

• RDS, the relational database service

• S3, the simple storage service

• SQS, the simple queuing service

• ElastiCache, a caching service

• CloudFront, a CDN

all meet most of these criteria.

Of course, there are other examples beyond AWS. Some are run by other hyperscalers. There are also unbundled substitutes for what AWS's services offer, such as Fastly or Cloudflare for CloudFront.

There are also many undifferentiated problems which have software solutions such as payments (Stripe and a bajillion other options) and subscriptions (Recurly and a bajillion other options).

I wrote a blog post about using managed services a few years ago. After being revised, it ended up being a chapter in 97 Things Every Cloud Engineer Should Know, but the blog post still does a good job of outlining what managed services bring to the table.

CIAM solutions, like other managed services, offers developers the ability to trade control for functionality. By doing so, the devs can build better software solutions more quickly.

Dan