To complement the summaries of Catalyst Conference sessions I posted last night, I offer you my “Top Ten List” of major themes addressed in the conference, presented in David Lettman-esque reverse order, from the more mundane to the more futuristic or controversial:

10. The provisioning market is quite mature, with success predominating in most projects and real business value being captured. The focus is now on using best practices to ensure successful vendor selection and project implementation.

9. Federation technology is ready for prime time, particularly with recent improvements which ease implementation and use. Focus must be given to the business and relationship issues that enable use of federation.

8. Role management is becoming mainstream, with particular focus on enhancing provisioning and compliance auditing. Additional use of business roles to give visibility to business performance may emerge in the future. There is emerging demand for standards to enable exchange of roles between different Identity Systems.

7. Passwords are still the most widely used method of Authentication. Stronger authentication methods using biometrics and smart cards, have seen slow adoption. Strong Identity Assurance, including strong registration methods, is increasingly needed.

6. Effective management of privileged accounts, which represent a major risk area for enterprises is not effectively covered by existing Identity management systems. Additional work is needed to really address this gap.

5. Identity Services are emerging both as for “Identity as a Service” business model and as ways to access functionality in existing Identity products. Identity customers, particularly members of the Identity Services Working Group, are asking for standards to enable interoperability of Identity Services.

4. On some fronts, Attribute Based Access Control is favored over Role Based Access Control, such as in the federal government where uniform role definition cannot be reached across multiple agencies. Work will be need to more clearly define where each method, or a combination of methods should be used.

3. The chasm between user-driven Identity and enterprise Identity management may ultimately be bridged by leveraging elements of both disciplines.

2. “GRC” is a “four letter word.” Because GRC is neither a market or distinct solution, using the GRC term tends to confuse the discussion of Governance, Risk Management and Compliance disciplines, which are distinct and valuable enterprise activities, all performed by different people.

And finally … drum roll please …

1. The hot new buzzword is Relationships, which give context to Identities. A Relationship Object Model was proposed to be used as a basis for leveraging formally-defined relationships in Identity systems.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Catalyst Conference,
BurtonGroupCatalyst08