Most IAM tools utilize browser extensions or applications installed on the end-user’s machine, or on an Active Directory, for access to identity. But why?! A user can be identified even without an agent – so having an so-called ‘lightweight agent’ sitting in your Active Directory itself is not the most secure way to manage user identity.
Whenever you create a dependency to achieve a particular solution, it is important to ensure the solution is 100% secure and that applies for the dependencies (Agents) too. This could make the architecture slightly complicated, depending on how it works.
Another important factor against the use of an Agent-based architecture is that you have to trust the Agent not to exceed its scope. This is very important because even many of the applications and services that we trust these days are not actually secure, and many act beyond their scope. For example, as per Digital Content Next, even the big boy of the tech industry, Google, still collects user location information even after turning off location settings.
So the big question is, when the things can be done without an agent, then why use an agent at all? People say it is for efficiency, and may be they are right. But is this worth the compromise on transparency and security?