Friday, December 08, 2006
Identity Management: So what aren't vendors telling you?
Rajiv Gupta, CEO of Securent left a thoughtful comment in a previous blog entry that I felt was worthy of amplification:
- We have lost perspective on why we started down the path of Identity Management in the first place. We needed to find out who you are so that we could control what you could do. We are now so deep in the forest that all we see are the trees of managing user information and have forgotten that we need to cover the second part of so what are you entitled to do.
I am sure that while my peer enterprise architects have forgotten, that the identity management bloggers haven't forgotten. The problem space is simple, don't talk about any problem space in which your current product offering doesn't provide a solution to.
- It is a semantic issue -- we are clubbing the whole ball of wax into "Identity Management". I think this is dangerous because it lulls us into believing we have addressed what we haven't.
Actually, I like oversimplified taxonomies. Let my peers in other verticals think that they are doing "Identity Management". I hope they will spend lots of time on the phone with their favorite large industry analyst firm while the select few who get it are spending time focusing not only on the harder problem but the one that could potentially provide the most business value above and beyond simply being compliant.
- However I am optimistic for many reasons: for one it is people like you and Shekhar who are informing others. As you point out you are the visible tip of an ice-berg. The hidden part of the iceberg is the cadre of other practitioners in many Fortune 1000 companies across vertical industries. I am also optimistic because of the general level of awareness and buzz I heard at the Gartner IAM conference earlier this week and Burton's Catalyst conference in June.
Problems have to be in your face for most enterprise architecture teams to see it. Looking below the surface demands avoidance of the herd mentality and lots of courage and even more homework, something of which is difficult to find in most IT shops today. Rajiv, buzz is an interesting phrase that could either be positive or nothing at all. Its not difficult to find pigeon heads at industry analyst conferences wandering around bobbing their heads. I am hopeful that Gartner will not only start to provide deep coverage in this space but will actually start producing magic quadrants. I know that Gerry Gebels of the Burton Group though understands this space better than any other analyst on the planet. Hopefully, he will poke fun at the other analyst firms inspiring them to get off their butt and start telling more meaningful stories on why enterprises should be noodling the entitlements space.
Maybe Rajiv would be willing to help me push several of the vendors in the ECM and ESB space into implementing XACML PEP within their products. I will be gathering fellow enterprise architects from other industry verticals to have conversations with the likes of Filenet, Documentum, Lombardi, Intalio, Sonic, CapeClear and Siebel.
I wonder if I should let Rajiv get away with simply leaving comments in my blog while not having a blog of his own? Maybe his first posting could be a discussion between himeself and the identity management vendors such as Sun and Oracle on how identity can play nicely together with entitlements. I am sure that folks such as Pat Patterson and Mark Dixon would definetely engage in such a worthy discussion.
It would be wonderful if I could get Dave Chappell of Sonic, Josh Bregman of BEA and Prateek Mishra of Oracle to also jump in and blog on this topic. It would be intriguing if either Jon Udell or Phil Windley setup a panel at the next Infoworld conference to cover this important emerging domain as the current conversation on identity has ran its course...