Classic IAM was a monolith: one big identity provider that everything authenticated against. That works until the application itself is a swarm of microservices, each needing fine-grained authorization decisions at high speed. A monolithic gatekeeper becomes the bottleneck and the single point of failure.
Cloudentity, Inc.'s US11057393B2, “Microservice architecture for identity and access management” (issued July 6, 2021; CPC H04L 63/105 — security-level access control, and H04L 63/20 — security policy), describes delivering IAM functions as microservices. Read it at US11057393B2.
Mechanically, decomposing IAM means authorization decisions can run close to each service, scale independently, and evolve without redeploying a monolith. It mirrors the architecture of the applications it protects — the identity layer becomes as distributed and composable as the workloads, which is what makes consistent policy at cloud scale feasible.
Why this is a business story: this is the architecture thesis behind the wave of API-first, developer-centric identity companies — the ones selling authorization-as-a-service into cloud-native shops. The market reorganized around it: incumbents had to re-platform, and acquirers paid up for teams that built identity the cloud-native way. Cloudentity itself was later acquired by SecureAuth in 2022, IP and all.
The grounded read: microservice IAM makes identity as distributed as the apps it guards, removing the monolithic bottleneck. Cloudentity's 2021 grant names that decomposition — the architecture that defined the cloud-native identity market and the deals built on it.