Tuesday, March 18, 2008
Links for 2008-03-18
Ian asked me to describe the differences between identity management and identity consolidation. Identity management says that I should go create a strategy around provisioning of identity and leverage tools such as Sun's IDM, Thor, etc where I still fundamentally allow enterprise applications to have their own user stores and takes me down the path of building lots of connectors. Identity consolidation says that I figure out how to get user stores out of my enterprise application and instead get these applications to bind at runtime to a directory service such as Active Directory. I am of the belief that identity management (provisioning) propagates and encourages an otherwise bad architecture. The one thing that I would also love insight into is how to get vendors who still insist on having their own user stores (e.g. Documentum, Alfresco, etc) to see the error of their ways and to take quick steps towards remedying them.
I wonder if this is an opportunity for Wipro, TCS, Satyam and other indian outsourcing firms to show an act of charity and contribute to the cause in an open source way?
I wonder if Anton has any thoughts on which enterprise application software vendors do the best job at creating high quality logs and which ones leave something to be desired?
My humble opinion is NO! Let's say that you are a large enterprise who leverages google apps. Do you believe it is a good idea for this large enterprise to outsource the identities of their employees to free sites (albeit of high quality) such as Vidoop and others or is the better answer for them to somehow leverage their own internal user stores such as Active Directory and OpenID enable them? The later is better but it would require Microsoft to step up and turn ADFS into an OpenID provider. Since this is not reality, Google did the right thing.
Marc Wilcox talks about virtual directories but doesn't talk about how Oracle products should be able to bind to Active Directory without additional licensing. I guess Oracle doesn't acknowledge that 499 of the Fortune 500 run Active Directory. Sometimes the best answer is less products, not more!
