The track I spent almost all of my time at this year’s Catalyst conference was:Â “Identity Management: Are we There Yet?”
I came out of that track convinced that we have lost touch with the actual question of why we are doing all this work in the first place.Â Â Â Long before I attended Catalyst, I’ve become more and more worried about the way in which companies are being “assisted” in their work around Identity Management. It seems to be all about ‘getting’ the right product/services, and not about finding a solution that fills a need.
In my opinion, and you’re very welcome to disagree here, nobody “gets” Identity Management.Â It is not a destination that you can arrive at.Â Â It is more like a tour you can take, where you can have a different experience depending on how much time you have, how much money you are willing to spend, and what your particular preferences might be.Â You might take a slightly different tour every year — but you never stop taking tours, because the experience you might have can always change and improve, because there is a never-ending variance in what you can see, and because the sights are not static – the world changes.
What has happened in Identity Management in the last two years is generally a great thing — niche solutions are evolving to respond to demand that is too specialized for the big Identity & Access frameworks to build in (product fields like Privilege Management and Adaptive Access Control are examples of this).Â In addition, there has been a product response to the obvious need to have accurate and complete data on which to base Identity and Access Policy upon – examples of this include Role Management and Mining.Â Â Ideally, the result of all this innovation should be that a patchwork of products are evolving to cover more of any given company’s needs out of the box.
In reality, however, I don’t see a patchwork of complimentary products – I see a whole bunch of products with a whole bunch of overlap and no obvious or well-stated way for an Enterprise to figure out how to knit it all into an actual solution for their original problem.Â Â Perhaps I’ve just not read the right documentation,Â but I couldn’t tell you how or whether Privilege Management solutions integrate with provisioning solutions in order to have good combined audit reports.Â I have no idea how an Entitlement Management solution might co-exist with an Access Management solution.Â Â I see a fairly strong divide between “Corporate” workflow systems like Remedy and “Identity” workflow systems like those in Novell Identity Manager or Sun Identity Manager that I would like to see go away.
At Catalyst,Â I learned a fair bit about each little type of Tinkertoy.Â What I wanted was more of a sense of the different ways that different Enterprises might wish to assemble something useful from all the pieces.Â Perhaps Burton has expanded their reference architecture to include these new niche product genres and they just didn’t present that architecture at Catalyst (or perhaps I missed it) ?Â If not, I hope that such a thing is on their slate in the near future, I think it would help a lot.
So here we are, a little bit lost, I think. Certainly not “There” – but I think the expectation that anyone ever gets “There” is false anyway.Â In the process of deciding that we’re lost, I had to sit and think about what exactly Enterprises expect to accomplish in buying Identity product;Â I’ve come up with my own definition, in as concise a form as I can think to make it;Â I’ll post it shortly and see how it stands up to scrutiny.
Welcome to the world of a Solution Architect. If it is any consolotation there are very few solution spaces that offer a coherent set of applications to deliver what the users need. Instead vendors are told by a customer that ‘just one more feature is all we need to buy your product’ even though it already exists elsewhere.
What we need to do is offer a platform to the client, not a product (or set of products). And in my world a platform is the functionality (application or set of applications), the data, processes and all necessary configuration to deliver what the users really want, not necessarily what the vendor is trying to sell. But of course if all this happens then I will be out of a job :(
Very well written Pam and refreshing. Seekers of identity solutions need to step back as you suggest and recognize that they are on an identity journey. A journey not too unlike that of each individual who is constantly addressing the question of “who am I?”. As soon as architects, engineers, implementers and business analysts working in this area recognize that it is the journey with many stops along the way then the sooner we won’t have identity initiatives with vague or undefined objectives and little or no thought as to how to explore the pathways or roads or superhighways that are presented to us for “getting there”.
Thanks for the pause along the way.
Pingback: There is no there there « Identity Blogger
Pingback: Plausible Deniability » The theory of (identity) relativity