Good intensions are not always realistic. I resolved last week when I attended the Burton Group Catalyst Conference that I would provide a detailed outline of each session I attended so my colleagues who were unable to attend would be able to get an in-depth view of the content I learned. I actually started out in fine fashion (Are We There Yet?, A New Era, Iceberg and Relationships), but quickly realized that it was taking me just as long to post details on each session as it was to attend the session in the first place. Alas, my ambitions had outstripped the time available to accomplish my task.

So, in abbreviated form, I have now provided a synopsis of each session I attended, summarizing the content into a few bullet points I though most relevant:

• Day 1 – Wednesday, June 25th
• Day 2 – Thursday, June 26th
• Day 3 – Friday, June 27th

If you would like to see more, please let me know and I’ll send you a copy of my raw notes, or we can set up a time to discuss it on the phone.

Additionally, you may be interested in visiting my Catalyst Conference photo set on Flickr.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Catalyst Conference,
BurtonGroupCatalyst08

My summary of the salient points addressed in each Burton Group Catalyst Conference session I attended on Friday, June 27, 2008, are
included below:

Anne Thomas Manes – The Business Value of Reusable Infrastructure Services

• The Infrastructure Services Model applies SOA principles to infrastructure (security, resource allocation, etc.). This model will yield consistency across traditional boundaries in an enterprise.
• The service model virtualizes infrastructure functions so developers can focus on writing business code and security functions can be separated externally from business functions within applications
• This model will allow infrastructure to become as pervasive and easy to use as the network, allowing policies to be defined centrally and propagated outward to multiple application environments.
• A lack of standards and conventions is impeding industry progress.
• Implementing an Infrastructure Services Model is currently technically difficult, but standards may emerge and vendors may eventually deliver solutions that ease the process.

Russ Reopell (The MITRE Corporation) – Security and Information Sharing in a SOA Environment: Using Policy Decisioning to Protect your Data

• Attribute-Based Access Control (ABAC) is being used rather than RBAC because the DoD is an enterprise of enterprises and agreement on role definition can’t be reached across organizations.
• ABAC allows access to services based on policy rules which determine whether a subject can access resource.
• ABAC involves choosing attributes that can be used for authorization and defining rules on how to grant access based on those attributes.
• ABAC accommodates “unanticipated” users (e.g. no user accounts)
• Current pilot ABAC projects in the DoD address authorization, directory, credential validation services across multiple military service boundaries.

Barney Sene (Corporate VP & CTO, Ingram Micro) – Case Study: Infrastructure Services in an SOA Environment

• The major driver for this program was to enhance business agility to rapidly adjusts to changing markets.
• The biggest pain point was how application changes had broad effects because of the use of point to point interfaces between applications.
• The most challenging aspect of the program was getting people on board and supportive.
• They began by capturing business requirements and building services around a baseline set of highest priority requirements (e.g. address validation, credit card validation).
• An infrastructure services program is a journey over time. Ingram Micro is in the third year of the program.

Kevin Kampton – Making the Case of Interoperable Identity Services: A Community Perspective

• The Identity Services Working Group (ISWG) includes global organizations which investment in internal and external solutions.
• The objective of the group is to move the industry toward Service Oriented Identity (SOI).
• The Identity Services matrix produced by the working group shows that no one vendor covers all areas.
• Vendors are providing individually focused services, but lack of interoperability puts burden of integration on customers.
• Burton calls for vendors and standards groups to participate in the ISWG dialog.

Identity Services Roundtable: Customer Perspectives from the Identity Services Working Group
Panel participants:

• Gavin Illingworth (Bank of Montreal)
• Susan Staples-Holt (MassMutual Financial Group)
• Andrew Cameron (GM)
• Kevin Kampton (Burton Group)
• Chris Harvison (Scotiabank)

Discussion:

• Identity suites are not the complete answer. Vendors need to get out of a silo mentality. Just having identity services is not sufficient – they need to be the same across multiple vendors. Interoperability standards are needed.
• The real value of Identity Services is process optimization. Optimizing the process through Identity services also gives benefits of compliance.
• Federation is one area where technology has gone ahead of business. Federation is currently less of technology challenge and more of a business issue.
• A federated hub model with a third party broker introduces complexity because trust is no longer point to point and new trust relationships must be established.
• Banks have a chance to be Identity providers in larger network. They already have a good face to face registration process

.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Catalyst Conference,
BurtonGroupCatalyst08

My summary of the salient points addressed in each Burton Group Catalyst Conference session I attended on Thursday, June 26, 2008, are
included below:

Bob Blakley: Governance, Risk and Compliance

• “GRC” is a four letter word. It is not a market or solution.
• Governance, Risk Management and Compliance are distinct activities, performed by different people.
• Governance works best when it acts as round trip management.
• Don’t allow your risk management and compliance software be a substitute for risk management and compliance though
• Measure compliance on loss avoidance, not just liability avoidance.

Nick Leeson: Risk Management in the Real World

• Good risk management and good corporate governance doesn’t automatically transfer from the classroom.
• In rapidly-expanding markets, not all controls are in place. Control mechanisms don’t develop anywhere near as quickly as trading mechanisms.
• The interface between systems and human element is the key – need humans to interpret results shown by systems.
• The need for success creates a chasm between humans and systems. He was driven by a need for success and fear of failure.
• Each company’s internal controls should be beyond reproach.

Jay Leek (Nokia, Inc.): Enterprise Risk Management – Seeing the Forest and the Trees

• Risk management is not just about security. It is a business requirement.
• Without identified owners for risk and assets, nothing is actionable.
• Data from multiple data sources must be collected, correlated and reconciled to better evaluate who owns the risks and what the risk posture is for the organization.
• Enterprises should work toward a unified Risk Management Program by consolidating existing data, turning data into risk information and effectively communicating risk information to multiple stakeholder organizations in their language.
• Risk management is not a destination. It is an ongoing process.

Ken Anderson, Trent Henry: The Tools Landscape for Orchestrating Risk and Compliance

• A unified view of risk and compliance at higher level in organization usually doesn’t happen, because operational groups take care of themselves.
• Enterprise risk management is not so much a tool as a way to look at risk.
• Burton proposes a risk and compliance product pyramid with 1) a foundation of Identity Management, resources, people and process, 2) a middle layer of security compliance policy, orchestration controls and monitoriing and 3) a top layer of audit automation and risk data collection.
• A key issue is providing information executives need, when they need it.
• Dashboards man not provide the answers a CEO wants or needs. A phone call to a responsible subordinate is usually faster.

Randall Gamby: Creating “Security Embassies” in your Information Landscape

• Organization are struggling with a myriad of geographic regulatory and governing rules.
• The number of security policies has exploded to cope with expanded regulatory demands from multiple nations.
• A “Security Embassy” model favors centralized authority (enterprise-defined policy) and distributed execution (locally deployment).

Homan Farahmond: Going Global – Notes from the Field in Controlling Extended Enterprise

• Global enterprises struggle with compliance as they attempt to scale to address global complexity and globally build transparency and consistency.
• Creating a global controls structure must span cultural and language differences, must be implemented across geographical regions and encompass broadly different understanding of risk and policy.
• It is difficult to create a business case for global control program because budgets are regional.

Kevin Kampman, Ken Anderson: “Return on Organization” – Beyond RBAC

• Discussion of roles and RBAC require that IT leaders speak in the language of the executive, focusing on the impact of RBAC on the business.
• Discussion of roles should focus on efficiency, compliance, transparency and effectiveness of outcomes.
• Roles can give an executive view of the organization by giving visibility into what the organization is really doing.
• Addressing roles within a “Return on Organization” framework can show how roles can impact organizational effectiveness.
• Role management is a strategic enabler between business and technology. It isn’t a project. It is a discipline.

Tim Weil (Booz Allen Hamilton): RBAC Implementation and Interoperability Standard (RIIS)

• The INCITIS CS1.1 standard addresses RBAC implementation and interoperability, including the abilty to exchange roles between systems.
• Role exchange and interoperability can be helpful for companies who grow through merger and acquisition and for the integration between components in a Identity Management product suite.
• Role based access control vs. attribute access control is sometimes a religious war. A blended approach may be necessary to meet some requirements.

Craig Cooper (IT Manager, Thrivent Financial): Implementing a Role Based Identity Management System

• Benefits they gained are improve controls and increased efficiencies.
• An unexpected benefit was that business was actively engaged with the IT project.
• Active executive sponsorship is the #1 critical success factor.
• The started role discovery and definition activities first, selecting high risk areas for roles. Then the Identity Management system was implemented in parallel with the Role Management .
• Be aware of dependencies and avoid interdependent IAM and RBAC activities at the same time.

Panel Discussion: Role Management and Provisioning – Co-existence or Convergence.
Panel Participants:

• Jim Duchame (Aveksa)
• Ron Rymon (Eurekify)
• Lori Rowland (Burton Group)
• Kevin Kampton (Burton Group)
• Nick Crown (Sun Microsystems0
• Darran Rolls (Sailpoint Technologies)
• Jeff Shukis (Oracle)

Discussion:

• Roles are a language that allows us to communicate in business terms about information access
• Roles are presently focused on enabling provisioning and access control, but may provide much broader value for the business
• Role management and provisioning can be successfully implemented in parallel. Initial emphasis on either depends on underlying business drivers and what infrastructure is in place.
• Policy management is not as mature as role management. Policy infrastructure needs to take advantage of role infrastructure.
• There is a convergence between role management and entitlement management.

Homand Farahmond, Lori Rowland: Provisioning – A Recipe for Success

• Key needs for a provisioning project include addressing needs of many stakeholders, high level sponsorship, reconciling isolated business policies, overarching governance framework and aligning different perspectives.
• Identity management resources are still scarce, expensive and have a high turnover rate.
• Plan that reengineering identity repositories to handle unique ID’s takes a long time.
• Understand the relative benefits of virtual indentities vs. identity store. There are advantages and disadvantages in either approach.
• Vendors need skin in the game. Don’t allow vendors to abandon you after the sale.

Matthew Costello (Solution Architect, Boeing): Selecting and Implementing a COTS-based IdM Solution at Boeing

• Governance and sponsorship are critical, even at the RFP and vendor selection phase.
• Recognize that the RFP is a project in and of itself, which will require a lot of work for your company and the vendors.
• Leverage the use cases you have defined for your enterprise in a POC.
• Focus on differences, not similarities between products – and implications on the enterprise.
• Vendor selection is only the first step – after procurement, the real work begins.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Catalyst Conference,
BurtonGroupCatalyst08

My summary of the salient points addressed in each Burton Group Catalyst Conference session I attended on Wednesday, June 25, 2008, are included below:

Jamie Lewis: Identity Management – Are We There Yet?

• Business transformation collides with IT transformation. A more unified approach is needed.
• The chasm between enterprise identity management and consumer-oriented ideas of Identity on the Internet will be bridged with elements of both.
• Federation isn’t magic, but it is still valuable. Customers are beginning to really see the need for it.
• More provisioning projects are successes than failures, but failures tend to be spectacular.
• Relationships provide context for Identity.

Lori Rowland: Identity Management Overview: A New Era in Identity Management

• The Identity universe is expanding in scale, control and focus dimensions.
• Service Oriented Identity (SOI) and Identity Services are emerging.
• Compliance is still the main driver for Identity, but there is a shift towards risk management.
• Customers should seek to understand Identity vendor roadmaps.
• Oracle has the most market momentum, with Sun, CA and Novell following with positive momentum.

Gerry Gebel: Federation and Distributed Control

• Sun’s introduction of the Fedlet and Ping’s introduction of Autoconnect are key product advancements – addressing ease of implementation and use.
• OpenSSO is an example of advancements in open source federation technology.
• Federation services and hosted federations models, such as those offered by Fugen are accelerating broader consumption.

Gerry Gebel: Entitlement Management

• Product offerings from IBM, Oracle and Cisco have expanded, but demand hasn’t grown as quickly.
• Existing questions about this space include adequacy of XACML or other standards, performance and interoperability testing.
• Applications developers need tools, open source access and communities in this area.

Mark Diogati – Authentication

• Functions lacking in authentication products include general customization flexibility and provisioning capabilities.
• Personal, portable security devices such as USB devices and wallet cards are gaining popularity.
• Authentication control for privileged account management often falls through the cracks, leaving dangerous security risks.

Kevin Kampton – Roles and Provisioning

• The market is reaching maturity. Success predominates, usually as a result of realistic expectations.
• Companies are receiving benefits from expanding expertise in this area.
• Provisioning and roles may not converge into one product. They address parallel, complementary endeavors.

Kevin Kampton – Identity 2.0

• OpenID and InfoCard have much more activity from providers than consumers.
• What is the business model for Identity? How will the industry pay for it?
• Data sharing models such as OpenSocial and others have no trust sharing or security models.

George Sherman (Managing Director, Morgan Stanley) – Discovering the Iceberg of Identity Management in a Large Integrated Financial Services Firm

• Morgan Stanley’s main drivers for Identity are regulatory compliance and security.
• Key success factors for an Identity program are program sponsorship, governance and program management.
• Cost justification and funding for an Identity program require more than spreadsheets. It depends highly on the trust and confidence of champions for the program.
• The industry need to provide better security for the provisioning engine itself, more expert developers and the integration of certification and provisioning tools.

Bob Blakley – Relationship Layer for the Web

• Accurate Identity models are needed to predict others’ behavior.
• Identity models are built through relationships between people or between people and businesses.
• A well understood object model is needed to clarify relationships and use them in automated systems. Bob proposed such an object model.
• The main types of relationships are Custodial, Contextual and Transactional.
• Companies with billing relationships with their customers will win in the marketplace over those without such relationships.

Gail Reynolds (Aetna, Security Architect) – Who are you, how do I know, and why do I care?

• Impersonating others to gain access to their private information is a large problem in the health care industry.
• Identity Assurance is required to create a high level of confidence that credentials indeed match the person using them.
• Identity Assurance has implications in protecting intellectual property, privacy, corporate reputation and ecommerce profits.
• A strong registration process is essential to Identity Assurance.
• Identity providers that deliver high levels of Identity Assurance are required to meet industry needs.

Eve Maler – The care and feeding of online relationships

• The common area in the venn diagram of intersecting Identity Management, Vendor Relationship Management and Social Networking encompasses personalized, access-controlled application behavior based on data sharing.
• Two major areas of online applications requiring Identity relationships are enterprise/e-government (applications are chosen for you) and free agent applications (you choose).
• The term “user-centric Identity, which comes from human factors design, is giving way to “user-driven Identity.”
• The Vendor Relationship Management movement (projectvrm.org) is focused on empowering user interactions with online vendors.
• While some degree of self-revelation is essential to online relationships, users will come to trust applications that require less Identity information to be revealed.

Mark Diodati – Siusyphus’ Rock: Why is Authentication So Hard?

• Identity Assurance is the strong end goal. If you don’t have Identity Assurance in place, your system is not secure.
• Passwords remain the dominant authentication method because they are easily portable and specialized software is needed.
• Biometric authentication is not broadly deployed.
• Smart cards have seen increased interest, but deployments are few. They rarely replace tokens.
• Privileged account management is a huge problem. Run, don’t walk to address risks with privileged accounts.

Mark Diodati, Doug Simmons – Physical and Logical Convergence, Approaching Singularity?

• Physical and logical convergence (PACS) projects are significantly costly, justified for security, not cost savings.
• The workflow of assigning credentials, etc., is a difficult process for physical and logical convergence
• The FIPS Standards are provided underpinnings for vendors and agencies for response to Homeland Security directives
• These projects are inherently heterogeneous, requiring much integration.
• Executive leadership is required to facilitate bridging between groups having responsibility for physical and logical access.

Knowledge-based Authentication (KBA)

Panel participants:

• Chris Young (VP and GM, RSA)
• John Dancu (President and CEO, Idology)
• Peter Tapling (President and CEO, Authentify)

Discussion:

• Three types of KBA include Static (e.g. specify mother’s maiden name), Dynamic (user doesn’t have to remember specific attribute) and Out of Band (requires strong registration; used for high risk transactions or temporary access)
• Dynamic KBA may be beneficial for consumers who don’t visit a specific application or account frequently.
• Dynamic KBA pulls the evaluation of private information away from the enterprise
• No single authentication method is foolproof. You must layer technology to reach acceptable level of risk.

Mark Diodati – Identity Assurance Framework: The Path to Scalable Trust

Panel participants:

• Frank Villavicencio (Citigroup)
• Robert Temple (British Telecom)
• Andrew Nash (PayPal)

Discussion:

• The Liberty Alliance is developing an Identity Assurance Framework
• Four assurance levels are defined, from a level of little or no confidence in the asserted Identity’s validity to a very high level of confidence.
• What is the business model for an Identity Provider (IDP)? For the consumer?
• An independent IDP with a sustainable business model isn’t really available.
• Questions of liability must be worked out for IDPs.

Gina Montgomery (AVP and Manager of IT Project Management, MFS Investment Management) – The Privileged Account: IT’s Dirty Little Secret

• Privileged accounts have much potential for abuse because they are poorly controlled and often violate the least user privilege principle.
• It is a large challenge to discover and manage hundreds or thousands of existing privileged accounts and to understand the impact if passwords are changed.
• Recommended actions include 1) education of users on risks, 2) identify existing accounts, deploy accountability and control mechanisms.
• Password Access Management (PAM) systems are available to help support this effort.

Bob Blakley: Conference Announcements

• Bill Mann (CA): CA Federation Manager, CA SiteMinder support for CardSpace, expansion of CA IAM and CA to resell Arcot’s WebFort
• Eric Goldman (CEO, Symplified): “On Demand Identity includes Identity as a Service, Identity Cloud and Identity Router.
• Dieter Shuler (Radiant Logic): Release 5.0 of virtual directory
• Paul Trevithick (Information Card Foundation): InformationCard.net

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Catalyst Conference,
BurtonGroupCatalyst08

Wednesday’s fourth Identity Management session in the Burton Group Catalyst Conference featured Bob Blakley, Vice President and Research Director of the Burton Group. Key points include:

• We know our own Identities and expect others to be perfectly reasonable – like we are.
• In order to predict others’ behavior we build identities for others, based on our interactions with them.
• Businesses build Identities in relationships, too.
• In the expanding Identity universe, more distant relationships produce less accurate Identities.
• Long tail commerce means less frequent interaction with people who are not closely associated with the business.
• In order for a business to build accurate Identities of customers, it needs to find a way to make frequent, accurate observations of people.
• If information collection systems are overt, people resist them. Relationships give an atmosphere for better data collection that results in stronger Identity models.
• Two good relationships are much better than one bad one. Intermediaries who have relationships with two parties are frequently helpful.
• Relationship Is the context which protects the security and privacy of Identity information.
• Burton has proposed a relationship object to define relationships in a way that can be used by online systems.
• Types of relationships in that model include
• Custodial – interaction tends to be close. Each party acts in the best interest of each other.
• Contextual – primary interaction is through an intermediary. Both parties agree to abide by a commonly agreed upon set of restrictions
• Transactional – interaction is through an intermediary IDP to facilitate a transaction. A person may not reveal who he is.
• Relationships like the credit card model where the card issuer assigns very little fraud liablity to the card holder tend to build trust.
• Companies that succeed online will have close billing relationship with customers. Telcos are there now. Startups are seeking to build such relationships.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Relationship,
Catalyst Conference,
BurtonGroupCatalyst08

Wednesday’s third Identity Management session in the Burton Group Catalyst Conference featured George Sherman – Managing Director, Morgan Stanley. His presentation was entitled, “Discovering the Iceberg of Identity Management in a Large Integrated Financial Services Firm” Key points include:

• Beware of the hidden cost and complexity of Identity Management.
• Morgan Stanley background:
• In business since 1935.
• 46,000+ employees in 600 offices around the world.
• Conducts business in 33 countries and over 70 regulatory jurisdictions.
• They have a complex technology stack in a highly changing environment.
• In identity management and regulatory compliance, Morgan Stanley must frequently seek a common denominator, which may be the most stringent requirement.
• Historical reference to Identities is essential, even after employees leave the company. A unique identifier is used. Once a person touches the firm, he or she is assigned a unique identifier that is never deleted.
• They have a complex technology stack in a highly changing environment.
• Main drivers for Identity Management were regulatory compliance and security
• A company should not focus on outside challenges until internal challenges are well in hand.
• Identity management needs to be foundational – people must trust it.
• Referential data integrity is needed.
• Two critical success factors include:
• Program Sponsorship Committed sponsors will “Pave the Road” through corporate baloney.
• Program manager needs to be good program manager, but highly technical
• Funding and cost justification takes more than spreadsheets an calculators it requires the trust and confidence of program champions
• Break overall plan into point releases.
• Be realistic about timeframes and the evolutionary nature of the process.
• Areas where the industry needs to imrove include:
• More maturity in security of provisioning engine
• More expert developers
• Integration of certification and provisioning tools
• Rules management
• Better understanding of roles and consequences

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Catalyst Conference,
BurtonGroupCatalyst08

The second Identity Management session in the Burton Group Catalyst Conference was led by Lori Rowland, Senior Analyst, Burton Group Identity and Privacy Strategies. Lori offered leading remarks, followed by remarks by other members of the Identity and Privacy Strategy team:

Lori Rowland: Identity Management Overview

• The Identity universe is expanding in three dimensions:
• Scale – expanding downward from large enterprises to small and medium business and upward to Internet scale
• Control – expanding from central control by enterprise administrators beyond traditional enterprise boundaries
• Focus – expanding from protecting businesses to protect the rights of people (e.g. employees, customers)
• Although compliance is still main driver, there is a shift toward risk management
• We need to move toward Relationship Model
• The industry is moving toward a services based model. “Identity as a Service” is a trademark held by Fischer International. Burton has encouraged Fischer to “give back” the “Identity as a Service” term to the industry.
• Customers should seek to really understand vendor roadmaps.
• The vendor with most momentum in the market is Oracle because of aggressive acquisition. Other vendors with market momentum are Sun, CA and Novell. Others are stagnant or retreating.
• What will happen if Google tries to enter the Identity market offering Identity as a Service (sorry Fischer)?

Gary Goebel: Federation and Distributed Control

• Product advancements in federation include Sun’s Fedlet and Ping’s Autoconnect.
• We should think of federation in business terms. Technology is just a building block.
• OpenSSO is an example of open source federation advancement.
• Federation services and hosted models such as offered by FuGen and others will help accelerate broader consumption.

Gerry Goebel: Entitlement Management

• IBM, Oracle, and Cisco have expanded entitlement management functionality through acquistion, but demand hasn’t grown as much
• A recent meeting hosted by Concordia entitlement management brought up many questions, including
• Is XACML protocol adequate?
• Are other standards needed?
• What performance is required?
• When will a conformance program be offered?
• Who will provide interoperability testing?
• Could Liberty Alliance help with standard way to test?

Mark Diodati: Authentication

• Although the authentication field is very broad, some things missing, including general customization flexibility and strong provisioning capabilities.
• Privileged account management is not owned by anyone and often falls through the crack. We need new products in this area.
• Personal and portable security devices are emerging, including USB devices that couple smart card and flash memory technology, and consumer tokens in the form of wallet cards.

Kevin Kampman: Roles and Provisioning

• The provisioning market is reaching maturity. Many projects have gone through multiple iterations. Success predominates – primarily as a result of realistic expectations.
• Role Management advancements through acquistion include Oracle + Bridgestream and Sun + Vaau
• Role discovery is improving. For example, Oracle is combing data warehouse analytics with Bridgestream discovery capability.
• Provisioning and roles may not converge into a single product. These are parallel, complementary endeavors.
• In the provisioning market, IBM, Sun and Oracle lead. The European market is different than the US market. Microsoft Identity Life Cycle Management may be dark horse.

Kevin Kampman: Identity 2.0

• Although the Identity 2.0 market is maturing very rapidly, technologies like OpenID and InfoCard have more Identity Providers than consumers.
• Trust hierarchies are needed.
• How will industry pay for identity? What is the business model?

Technorati Tags: Identity,
Digital Identity,
Identity Management,
BurtonGroupCatalyst08

The leadoff session in the Burton Group Catalyst Conference featured Jamie Lewis, Chief Executive Officer and Research Chair of the Burton Group. Key points include:

• The need for business transformation often collides with IT transformation. Both sides struggle. We need a more unified approach that address the needs of business and IT.
• Federation isn’t magic, but it’s still valuable. Customers really to see the need for it.
• Recommendations for enterprise Identity Management implementations
• Have an architecture
• Every project is an installment on the overall architecture
• Do what makes sense for your organization
• Relationships provide context for Identity. We must seek to understand relationships and relationship management.
• On the subject of Internet or User-centric Identity, the industry is suspended over a chasm between Enterprise Identity Management and consumer-oriented ideas of Identity. Extreme asymetries will not solve the problem. Solutions will not be pure enterprise IdM, nor pure user centrism.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Catalyst Conference,
BurtonGroupCatalyst08

I arrived in San Diego this afternoon to attend the Burton Group Catalyst Conference, held at the Manchester Grand Hyatt Hotel. At the opening reception, my friend Mark MacAuley was the only guy man enough to wear a dress!

I’ll post to this blog each day to give my perspective of the sessions I attend – primarily in the Identity Management track. I will also post photos I take at on Flickr in my photo set entitled “Catalyst Conference – San Diego 2008.”

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Catalyst Conference

Today, coinciding with the commencement of the Burton Group Catalyst Conference, Sun Microsystems announced the release of Sun Identity Manager 8.0, the latest version of Sun’s flagship provisioning software product. It is great to see the eighth generation of Sun Identity Management technology becoming formally available. It is particularly heartening to see the complementary strengths of Sun Identity Manager and Sun Role Manager products enabling comprehensive Access Control Compliance from both preventative and detective perspectives.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Sun Microsystems