After more than two months of intensive research and development, Authing officially released version 2.0 today, which has improved both inside and out. Unknowingly, Authing has provided identity management services for many Fortune 500 companies and thousands of developers. We would like to carefully review the past and look forward to the future.
The starting point for starting a business more than a year ago is actually very simple: from the perspective of cloud computing, solve the annoying login problem for developers . It seems that this matter is very simple. IAM has been in development for many years. IDaaS is nothing more than moving IAM to the cloud. There is not much highlight, but what really excites me is: what we want to build is a real enterprise The cloud computing identity layer of the infrastructure. How do you understand this sentence? I will have a good chat later.
Easy to understand IDaaS
To prevent readers from not understanding IDaaS, let me explain what IDaaS is.
When organizations develop or maintain applications, they choose which functions they implement and which functions they will host to third parties. For example, if you are writing an application for payment, using a platform like Ping++ instead of developing your own payment system from scratch will usually save time and cost.
If your application requires users to log in, the same is true. Given the complexity of logging in and the cost of analysis and compliance involved in identity management, usually the easiest way is to purchase IDaaS and integrate it into your application.
IDaaS providers provide cloud solutions based on IAM.
When purchasing IDaaS services, you are actually buying APIs (application programming interfaces). In the simplest terms, an API is a set of rules about how software or applications interact, such as translators or mediators.
In the case of IDaaS, the API circulates among end users, Authing and service provider servers.
When talking about managing identities, we are referring to the three basic user categories of identities:
Customer Identity and Access Management (CIAM), applicable to end users.
Workforce IAM, which manages your employees and their access to internal applications.
B2B IAM enables companies to integrate their identities with their business partners and corporate customers.
The scenarios of these three categories are very different, and organizations will choose different IDaaS vendors according to different scenarios.
Almost all IDaaS providers have some common core functions, these include:
Multi-factor authentication (MFA)
Biometrics
Single sign-on (SSO)
User management and access control
For more information, please visit: https://authing.cn/blog/ .
Identity should be infrastructure
As an architect who has written code for ten years, he has written no less than dozens of Internet software in his career. The first thing to do for each software is to design the " user system " and " authorization system ". After so many years of experience, Different industries and different systems have taught me a lot of abstract ideas. From a technical perspective, all these architectures can be summed up in one sentence: Identity is supposed to be infrastructure. All the work we do revolves around identity.
When talking about this idea with a senior investor friend, he reminded me: " OpenID has tried but failed. "
OpenID is an identity protocol. It wants to build an open identity alliance across the entire network. Users do not need to remember traditional authentication marks such as user names and passwords. Instead, users only need to register in advance on a website that serves as an OpenID Identity Provider (IdP), and then use this account to log in to all OpenID-enabled websites.
If you don't understand this sentence very well, then you will definitely understand this example. Everyone knows that Tencent and Alibaba are competing and incompatible with each other, and the role of OpenID is similar to logging into Alibaba Cloud with enterprise WeChat.
PS Enterprise WeChat login to Alibaba Cloud does not use the OpenID protocol, but a more enterprise-level SAML protocol. This is just an example to explain the intuitive effects that OpenID can achieve.
Except for one place to register and everywhere, OpenID brings higher value to all websites that support OpenID-sharing user resources. Users can conveniently control what information can be shared and to whom, such as name, address, phone number, etc.
In its heyday, OpenID was supported by 50,000+ websites and generated more than billions of connections. It could have been built into a Facebook-like social network, but it failed. The reason for the failure is simple. The comments on the Internet are :
The main reason no one uses OpenID is because Facebook Connect does the same thing and does it better.
Everyone knows what Facebook is. It is much easier to understand the identity on Facebook than to understand what is OpenID. This also explains why OpenID, even with 50,000+ website support and billions of connections, still fails in the end. When OpenID was in its heyday, "Login with Facebook" was supported by 250,000+ websites, used by millions of Facebook users, and had a strong brand effect.
In China, the counterpart is "log in with WeChat."
It is precisely because we have seen the failure of OpenID in the global Internet and 100% of the failures that will happen repeatedly in the country, we position Authing as " the identity infrastructure of cloud computing. " SaaS is not mature enough in the land of farming civilization in China. It is precisely because SaaS is immature that there is an opportunity to reconstruct the cloud computing identity infrastructure. Just like young people in the 1990s bet that the personal Internet will flourish in the 21st century, Authing bet that SaaS will truly become water and electricity. Like all life services we use, SaaS will be injected into everyone’s work. in.
Authing has the following advantages over OpenID:
1. Not only for incremental applications, but more attention to stock applications
OpenID is oriented towards incremental applications and the creators of Internet applications have drawn up a set of standard protocols for developers to access, allowing users across the network to use one account to access all systems. This is a bit like the decentralized identity of many blockchain systems nowadays, only focusing on the blockchain Internet and abandoning users of the classical Internet .
Based on incremental applications, Authing focuses on the modernization of existing applications for enterprises, and provides comprehensive interfaces, tools and solutions to help customers smoothly migrate and integrate new and old user identities.
2. Not only a protocol, Authing is a complete development kit
OpenID is a set of protocols that aims to become a standard rather than a product.
Authing has more than 500+ open interfaces, SDKs in more than a dozen programming languages, and a mature developer ecosystem, allowing any developer to access Authing within half an hour without the cost of learning any protocol, and achieve the purpose of connecting to any application. Using Authing is as short as 5 lines of code, and many design and implementation costs including user center, permission control, identity source identification, social login, biometrics, cross-platform, SMS verification, email verification, login/registration risk control will be saved go with.
3. Based on the multi-tenant cloud native architecture, Authing is a full-scenario identity cloud with high performance and high security for hundreds of millions of users
OpenID was born in the early days of the Internet and has historical limitations. It does not incorporate the elasticity of identity into the overall design.
Authing adopts cloud native architecture and supports k8s+Docker deployment. It has realized cloud native deployment and elastic scaling capabilities on AWS, Huawei, Alibaba Cloud, Tencent Cloud, Qiniu Cloud and other public clouds. It is the only one among multiple vendors. Products that support cloud native architecture.
Authing implements multi-tenancy based on user pools, and can achieve three ways of multi-tenancy isolation: public cloud logic multi-group, private cloud physical multi-tenancy, and privatized k8s container multi-tenancy . In addition, because it is based on cloud native, theoretically, there is no upper limit on the number of tenants, and smooth expansion.
Authing can interface with a variety of cloud-native KMS services; realize end-to-end encryption and complete data transmission encryption; at the same time, it has complete DevOps capabilities: a complete set of CICD pipelines based on cloud-native development.
API-centric identity in Taiwan
The above picture is the development trend of IAM. Authing was in the fourth stage at the beginning of its birth and will complete the fifth stage in 2020. The most important keyword in the fifth stage is "API".
Easy to understand API
API stands for "application programming interface". It is a piece of code that acts as a transition between software developed by two different teams. The API acts as an intermediary or translator between the two parties, passing requests and responses back and forth.
Take a meal as an example. You say to the waiter: "I want a piece of chicken chop." The waiter will pass this message to the kitchen. You don't have to worry about "how the chicken chop is made". You can eat the chicken chop in ten minutes.
In this example, you are a user of a certain software, the waiter is the API, and the kitchen is the server of the software.
Social login is a common example of API. When the software implements social login, the user only needs to click a button to authenticate with the identity provider, such as "Login with WeChat" and "Login with QQ". In WeChat login, Tencent provides developers with APIs to help users log in to the developer's application using WeChat identity.
We are very happy to see that through our open API, developers have expanded many scenarios of Authing itself in ways beyond our imagination. When I saw the client's developers discussing the functions, design and architecture of Authing in the conference room, we were very excited and excited-our product has helped thousands of developers solve the login and identity of millions of users Integration issues have greatly enhanced our sense of social responsibility.
Comparison between Authing (red line) and other IDaaS vendors
Where is the future?
Many people do not believe in the future, but I always know that the future is created by the present. A poem " Believe in the Future " learned in middle school has always urged us to move forward-believe in the future, believe in the eyes of people:
Flexible scheduling of identities is the beginning of flexible scheduling of other resources
In the past ten years, the biggest change is brought about by the cloud, and this change has always been going on. In addition to the convenience of deployment, the core capability of the cloud is its biggest advantage. The distribution granularity of computing resources ranges from a computer room to a function, from buying a car to Didi, and from buying a house to renting a house. The subscription economy is already devouring the software industry. The advantage of flexibility is that we don't need to pay for " calculations that are not generated ", thereby greatly reducing costs within a certain threshold.
The emergence of cloud has turned elasticity into an infrastructure capability. Any cloud vendor will inevitably talk about “elastic scaling”. This is also a matter of customer concern. You can’t imagine how painful vendors are to equip computer rooms in an era without cloud. of.
As the granularity of computing resources is getting finer and finer, computing resources have begun to move closer to the business layer (for example, TiDB can perceive business characteristics, and it will perform scheduling and scaling based on factors such as geographical features and high-frequency access).
As a computing resource, identity is the layer closest to the user among all resources. In terms of elastic scaling and business scheduling, Authing will do but is not limited to the following things:
Predict that the peak is about to come, automatically purchase agencies, expand capacity in advance, reclaim the server and shrink the capacity after the peak has passed;
Perceive the specific business and allocate computing resources according to business characteristics;
For example, users in China and the United States respectively visit nearby nodes
Predict the query type and access frequency, and automatically determine the storage type;
For example: Redis for hot data, OSS or database for cold data
Predict user behavior and carry out risk control;
For example: a user uses a different mobile phone to log in to an application, and it is required to enable MFA secondary verification
We are very pleased to see that in the market, apart from Authing's emphasis on elastic scaling, companies such as TiDB, LeanCloud, and Soundnet have implemented flexible resource scheduling in their respective fields such as database, computing and RTC. We believe that in the future, more such companies will appear.
Behind the identity is the data
Identity must be inseparable from data. We found that some customers' demands are not in identity, but in data, but they found that if you want to get through data, you must first get through your identity.
We are always envisioning a new software architecture possibility (and have been implemented in Authing's software architecture)-the separation of identity and data. This architecture has the following characteristics:
The ownership of the data belongs to the user, and the user decides where the data exists and which applications and people can read and write the user's data
Each user has a personal online disk (Pod, Personal Online Data for short), which stores user information, social information, and other application data
Each user’s Pod is equivalent to the user’s identity on the Internet. "Log in with WeChat" and "Log in with Weibo" will become "Log in with Pod"
All data is interconnected by a data format called "linked data" to achieve semantic calculation and semantic reasoning, and fundamentally avoid data connection problems and data islands
The next stage is intelligence
Intelligence at this stage emphasizes more on " statistics " and less on " reasoning ".
If the data behind the identity can be semantically interconnected, then the key to generating reasoning intelligence depends on semantic technology.
Semantic labeled data is called "smart data" because they provide a unique description for each data in a unified way. Simply put, semantic data defines a person's avatar can only be called "avatar" instead of "photo". When these vocabularies are defined, these semantic models can automatically determine the contextual connection and form a semantic map. Artificial intelligence will use these relationships to enable it to better learn from experience.
If you want to connect to data, you must connect to the identity. This scene is still far away, but it is still a future worthy of imagination. We don't know what will happen when everyone's data can be connected, just as we don't know that the mobile Internet in the 21st century has made our lives so convenient.
end
When entrepreneurship encounters difficulties, we often look back at our original intention: solve the annoying login problem for developers from the perspective of cloud computing . When the team is impetuous, I often say the word "patient" to the team, and my understanding of patience is: having a goal is the basis of patience.
Building a perfect IDaaS is not an overnight job. A clear goal and vision allows us to have the patience to make the impossible possible.
Authing is the identity cloud.
Attachment: Excerpts from "Believe in the Future"
The reason I firmly believe in the future
I believe the future of people's eyes
She has eyelashes that pierce the dust of history
She has pupils that can see through the years
Regardless of people's rotten flesh and skin
Those lost melancholy, the pain of failure
It’s moving tears and deep sympathy
Still giving a contemptuous smile, acrid mockery
I firmly believe that people treat our spine
Those countless explorations, lost paths, failures and successes
Will give enthusiastic, objective and fair evaluation
Yes, I am anxiously waiting for their assessment
Friends, firmly believe in the future it
Believe in perseverance
Believe in the youth who defeats death
Believe in the future and love life
1968 Index Finger Beijing