On Monday and Tuesday this week, I attended the Digital ID World (DIDW) conference held at the Rio Hotel in Las Vegas.  It has been enjoyable to take the pulse of the industry from yet another vantage point and connect with fellow Identity Management practitioners from diverse locations.  Of course, the first question nearly everyone asked  me had something to do with Oracle, but, of course, I can’t talk about that.  So, here are very brief highlights of each session I attended the first day (Authentication and Virtual Directory “Summit Sessions”):

The State of Authentication and its Impact on IDM – Jim Reno, CTO, Arcot

• “Risk Based Authentication” is a fourth factor of authentication, augmenting traditional factors (what you have, know, and are)
• Authentication should consider context when assessing risk

Authentication Case Study – Naomi Shibata, former GM/COO, MLSListings

• Communications with users is essential prior to authentication system rollout

The Future of Authentication – panel including Jim Reno and Naomi Shibata, moderated by Bill Brenner, Sr. Editor of CSO Magazine

• Business, legal, regulatory and liability issues are more onerous than technical issues when considering an authentication system
• Authentication technology advances usually occur in response to advances in threats
• Enterprises should periodically re-verify appropriateness of installed authentication systems in light of advances in technology and threats
• Identity assurance is increasing in importance

Identity Service Virtualization and Context Management – Michel Prompt, CEO/Founder, Radiant Logic

• It is difficult to define Identity without understanding the context in which it is used
• Understanding relationships between identity objects enables a global model that links identities together to enable contextual views
• Such Identity linking can occur in a virtualization layer between diverse identity repositories and applications which consume those identities

Case Study: Identity Services and Virtualization – Bill Brenner, CSO Magazine and Mohammad Khattak, Booz Allen Hamilton

• Dynamic Access Control requires consolidate identity repository with many sources of identity information
• When aggregating data sources, we need to understand the trust level in each source repository

Impact of Oracle/Sun Acquisition – David Rusting, Unisys and Todd Clayton, CoreBlox

Note: I am restricted from commenting on product roadmaps or anything related to the Oracle acquisition of Sun.  The following comments are views expressed by the panelists.

• The primary discussion focused on how customers should plan for potential changes in either Sun or Oracle directory roadmaps
• A virtualization layer between director and applications may provide a layer of abstraction to shield customers from changes in vendor roadmaps and reduce tie to single vendor
• This may be a time to re-evaluate application needs and determine which direction to go with regards to directory technology

Stay tuned for Day 2!