Catalyst 2005 – Prevailing Themes
My blog entries for the three days of the recent Catalyst 2005 conference simply
recorded individual items that impressed me from each speaker in the sessions
I attended. Today, I will briefly describe five themes that seemed to be emphasized
consistently throughout the conference. For each theme, a few observations from
conference speakers have been listed. Comments attributed to speakers in the
conference are mostly my paraphrasing of their actual comments.
Identity Management Involves Relationships
We in the Identity Management world spend much time focusing on the management
of individual Identities. We store Identities in directories, we manage "Virtual
Identities," we provision systems with Identity attributes. However,
it is the relationship between Identities and other things that really matters.
The tools to manage relationships are not as mature as the tools to manage
Identities, but should become more complete in the future.Mike Neuenschwander, Burton Group: "Relation"
is a core ingredient to distributed systems. Identity isn’t about
the end points—it’s about the relationship … Enduring systems
account for multiple views by focusing on relationships.Jamie Lewis, Burton Group: "Its the relationships,
stupid!" ID services facilitate and coordinate relationships and interaction."Jarrod Jasper, GM: Identity Managements helps answer the
question, "How long does it take to enable a desired relationship so
someone can get to work?"John Loiacono, Sun: Identity Management will drive Participation
by enabling relationshipsRandall Gamby, Burton Group: Workflow deals with relationships
between peopleDave Temoshok, GSA: IDM Federation Core Infrastructure
addresses Trust, Interoperable Technology and Business Relationships/Governance
Business Issues are More Important than Technology Issues
Being from a technology company, it is easy to get caught up in the role
technology plays in the resolution of Identity Management issues. However,
we must not forget that technology is a tool to solve business problems. As
Identity Management software matures, it becomes clearer that business issues
are paramount.Jamie Lewis, Burton Group: Architects must understand
larger context where business, technology combine. Identity Management is
80% politics and business, 20% technology.Mike Neuenschwander, Burton Group: Architecting identity
systems requires an understanding of more than its constituent technologiesPhil Blank, ADP: We should talk business process and business
value of Identity Management to business owners.
Compliance is the Most Critical Identity Management Driver
In the current business environment, compliance with government regulations
is the most important business driver. In most major enterprises, compliance
is now recognized as a stand-alone budget line item. This simplifies justification
of Identity Management systems, which are crucial to meeting compliance demands.
Government regulations are forcing enterprises to focus on business improvement
processes which should be healthy for business in the long run, even though
compliance is requiring heavy new investment.Sara Gates, Sun Microsystems: Audit and compliance can
become an enabler for new business opportunitiesFrank Auger, Novell: Compliance forces a sense of urgency,
which can force a healthy long term systemic approach.Prakash Ramamurthy, Oracle: Compliance is now a budget
line itemDoug Simmons, Burton Group: Deployment strategy will be
influenced as much by regulatory issues as return-on-investment priorities
Identity Management as a Risk Management Tool
Enterprises must effectively deal with the ever-increasing threat of automated
intrusion from the outside and ethical compromise from the inside. Identity
Management must be an integral part of information security strategy, which
is largely an exercise in Risk Management.Jamie Lewis, Burton Group: Risk Management is one of the
top five Identity Management DriversScott Blackmer: The old worry was Big Brother. The
new worry is lots of Little Brothers – sharing data, losing data.Dan Blum, Burton Group: We must raise the bar of software security so as
to reduce risk
Identity Services should be an Integral Part of Service Oriented Architectures
Service Oriented Architectures (SOA) are emerging to support business agility
and enable rapid change. Identity Management must be an integral part of such
architectures. All applications and systems must be Identity-enabled to ensure
security and regulatory compliance. Therefore, Identity functionality should
be delivered as Identity services within the SOA context.Mike Neuenschwander, Burton Group: Service-oriented architecture
for Identity is a better approach than suitesNick Nikols, Burton Group: Identity services are the set
of services that enable applications and other services to fully leverage
identity information … Identity services will facilitate the consumption
of identity by applications and servicesKen Weiss, Charles Schwab: Every resource, every application,
must be identity-enabledAnn Thomas Manes, Burton Group: Use Identity-based security
throughout service oriented architectures
Tag: Identity