Saturday, July 07, 2007
Untold Perspectives on Identity Management
Identity Management is one of the most oversold technologies within large enterprises within recent history. The motivation for pursuing has been to realize a productivity increase in terms of the time spent provisioning and deprovisioning the user. Under the guise of automation and the combination that most enterprises are horrible in terms of deprovisioning users once a user leaves the company which now is a SoX control caused folks to think more about compliance and less about architecture.
It seems as if identity management from the perspective of marketing (implementation is a different answer) because the grand exalted CIO Guru stands on his/her pedestal and pontificates to the masses that identity management is the greatest thing since sliced bread, will ease the burden of compliance and that all applications will expose their inner workings to the big brother tool while their other non-technical process-weenie friends in other enterprises have done the me tooo thing.
These same CIOs who are indoctrinated into falling in love with process have been savage in hiring large consulting firms which backed up the school bus and have created "strategies" which are no more than very expensive PowerPoint cartoons that enable buy-in to folks who haven't thought about why this approach may be hyper-inflated. It seems as if most of the enterprise architects are asleep at the wheel or practicing drunk driving in that they have allowed identity management to become a multiple year effort where pretty much everywhere else they have learned that long-term projects are doomed to mediocrity at best.
Lori Rowland of the Burton Group is one of the few industry analysts that has had enough insight to talk about where identity management tools run out of steam and where other tools pick up. She has been pretty vocal in terms of talking about the need for identity management tools to integrate with entitlements management tools. I wish other industry analysts would figure out the same.
Maybe this is an opportunity for me to give $100 to a worthy charity such as One.ORG who is attempting to end world poverty by asking Jeff Bohren of BMC, Nishant Kaushik of Oracle and Don Bowen of Sun to comment on where they believe identity management tools should stop and where other tools should pick up?
I have previously commented on the observation that Gerry Gebel of The Burton Group seems to be the only one talking about the need for not only entitlements but interoperability between otherwise disparate software vendor offerings. It would seem like a missed opportunity if the identity management vendors didn't do the same thing in their world.
There are a variety of standards at play including WS-Provisioning and SPML. Instead of each and every IDM vendor creating adapters, how come they can't instead advocate that each and every enterprise application instead expose their credential stores via SPML and they simply provision/deprovision via standards? Wouldn't it be interesting to see an IDM vendor interact with Pega or Lombardi in the BPM space, Documentum or Alfresco in the ECM space or even Salesforce.com or Siebel in the CRM space?
I would even think that Mike Jones, Kim Cameron, Johannes Ernst, Dick Hardt and others would also comment on the need for identity management products within the enterprise to create information cards and provide the functionality of a Security Token Service (STS)?
The one frustrating thing that I have noticed when it comes to vendors and standards is when they use them in less than honest ways. I suspect you may have noticed many tools claiming support for LDAP v3? How about asking the vendor whether they support Microsoft Active Directory Application Mode (ADAM) and watch the answer change. You will notice that they will hint that ADAM is not LDAP-compliant but can't articulate why it isn't. Taking this one step further I suspect that if you asked who is the certifying authority for LDAP compliance you will realize the game...
Links to this post: