The track I spent almost all of my time at this year’s Catalyst conference was:Â “Identity Management: Are we There Yet?”
I came out of that track convinced that we have lost touch with the actual question of why we are doing all this work in the first place.Â Â Â Long before I attended Catalyst, I’ve become more and more worried about the way in which companies are being “assisted” in their work around Identity Management. It seems to be all about ‘getting’ the right product/services, and not about finding a solution that fills a need.
In my opinion, and you’re very welcome to disagree here, nobody “gets” Identity Management.Â It is not a destination that you can arrive at.Â Â It is more like a tour you can take, where you can have a different experience depending on how much time you have, how much money you are willing to spend, and what your particular preferences might be.Â You might take a slightly different tour every year — but you never stop taking tours, because the experience you might have can always change and improve, because there is a never-ending variance in what you can see, and because the sights are not static – the world changes.
What has happened in Identity Management in the last two years is generally a great thing — niche solutions are evolving to respond to demand that is too specialized for the big Identity & Access frameworks to build in (product fields like Privilege Management and Adaptive Access Control are examples of this).Â In addition, there has been a product response to the obvious need to have accurate and complete data on which to base Identity and Access Policy upon – examples of this include Role Management and Mining.Â Â Ideally, the result of all this innovation should be that a patchwork of products are evolving to cover more of any given company’s needs out of the box.
In reality, however, I don’t see a patchwork of complimentary products – I see a whole bunch of products with a whole bunch of overlap and no obvious or well-stated way for an Enterprise to figure out how to knit it all into an actual solution for their original problem.Â Â Perhaps I’ve just not read the right documentation,Â but I couldn’t tell you how or whether Privilege Management solutions integrate with provisioning solutions in order to have good combined audit reports.Â I have no idea how an Entitlement Management solution might co-exist with an Access Management solution.Â Â I see a fairly strong divide between “Corporate” workflow systems like Remedy and “Identity” workflow systems like those in Novell Identity Manager or Sun Identity Manager that I would like to see go away.
At Catalyst,Â I learned a fair bit about each little type of Tinkertoy.Â What I wanted was more of a sense of the different ways that different Enterprises might wish to assemble something useful from all the pieces.Â Perhaps Burton has expanded their reference architecture to include these new niche product genres and they just didn’t present that architecture at Catalyst (or perhaps I missed it) ?Â If not, I hope that such a thing is on their slate in the near future, I think it would help a lot.
So here we are, a little bit lost, I think. Certainly not “There” – but I think the expectation that anyone ever gets “There” is false anyway.Â In the process of deciding that we’re lost, I had to sit and think about what exactly Enterprises expect to accomplish in buying Identity product;Â I’ve come up with my own definition, in as concise a form as I can think to make it;Â I’ll post it shortly and see how it stands up to scrutiny.