The global challenge

As complicated as identity federation can be for U.S. companies, globalization adds still further complexity. Privacy laws, in particular — although easy enough to manage when doing business locally — can become a thorny issue when exchanging user identity information across international borders.

“If you’re a manager who has an employee in Germany and you’re based in the United States, it raises some interesting questions about what information you’re allowed to look at and what information you’re not allowed to look at,” says Simon Nicholson, chair of the business and marketing expert group of the Liberty Alliance.

Even for U.S. companies with no overseas operations, it’s shortsighted to plan for identity federation without considering the international implications. Some of the companies pursuing identity-based systems most aggressively can be found in Europe and Asia, and many of them are attractive partners for American businesses.

“Thirty percent of our members are headquartered outside North America,” Nicholson says. “If you want to do business with anybody outside of North America, you need to understand what their terms and conditions are going to look like and what their operating environment is like.”

According to Dan Blum, senior vice president and research director at Burton Group, those environments and conditions vary widely.

“Imagine taking a trip around the world where you start in the United States, then fly to New Zealand, then Singapore, then Japan, then over to Germany — the European Union — and then back again,” Blum says. “And think of all the differences in attitudes toward privacy that you’d encounter on that trip.”

A government such as Singapore’s, Blum explains, assumes broad powers to monitor, collect, and correlate data on individuals. On the other hand, the German government regulates and upholds personal privacy to a degree Blum  describes as “paranoid.”

Federation didn’t create these problems. It merely brings them to the fore. In fact, the need to address the differing needs of world governments and industries may prove to be the new driver for federated identity solutions, after security and cost control. Given such a diverse number of players, there may simply be no viable alternative.