http://patimes.org/bring-identity-big/
For guest and contractor access, this is likely coming to a firm near you.
I'm not yet sold on using it for employee and service account access.
I have been hearing more about this, especially in higher-ed organizations. The case I hear is that "typically" companies like Google and Facebook are better at securing their identity stores than a random college's Active Directory team, so why not? Interesting to think about it as a concept.
coming to a hacker near you.....
BYOID is a method by which users can digitally authenticate to an organization with credentials that are managed by a third party.
... if that third party is internet based. Which it looks like it is. probably need to submit my SSN for identity porpoises. :'( :barf:
Think less Facebook and more Google Authentication and Oauth (Oracle's auth piece). No SSN required for Google Authentication. I have it set up for an application that requires I first log on with username/password, then it has me use Google Auth to generate a 6-digit token. Type that in, and I'm in. Standard 2FA, but with an external identity broker.
In any event, NAC becomes a huge part of the solution because revoking a credential is no longer a local event, so the NAC team has to block access if that account is logged in properly at the time of termination.