Tag Archives: fgac

Identity leprosy or identity zombies?

Jackson, in discussing the demise retrenchment of HP’s identity business, had this little gem:

We talk about Identity 2.0 in the context of Web services and the evolution of digital identity but our infrastructure, enterprise identity “stuff” is decrepit and falling apart. I have visions of identity leprosy with this bit and that bit simply falling off because it was never built with Web services in mind.

Bits falling of, eh? I’ve never heard of someone losing their core directory services because someone forgot to add XACML support. I’ve also never heard off someone loosing an ear because their provisioning system didn’t support SPML v2. Enterprise identity “stuff” is more like a zombie. It lurks in the dark corners of your enterprise. It staggers out at you at inopportune moments. Two other aspects of this ridiculous image that are valid:

  1. The identity zombie is incredibly hard to kill.
  2. The identity zombie needs BRAINS!

“They stab with their steely knives…” Once deployed, even in rudimentary forms, enterprise identity systems are amazing difficult to uproot, to kill. Homegrown systems are notoriously tough to maintain as well as replace. Even worse were those early attempts at vendor provided solutions. Before IBM/Tivoli bought Access360, it had Tivoli User Administrator. TUA… one of the banes of my existence. The thing wouldn’t die. The customers who got it running were actually in love the rotting smelly thing. They kept it on a steady diet of scripts (BRAINS!) that served as connector definitions and entitlements all rolled into one. It just ran and ran and ran. From what I heard, early BMC Control/SA customers are much the same.

Think this problem is limit to the “old timers” in the identity market. Nope. Good luck replacing that SiteMinder deployment. Enjoy uprooting your original iPlanet directory implementation.

BRAINS!

We all know zombies feed on brains. Common knowledge. Let’s consider for a sec that the enterprise identity “stuff” that Jackson refers to is a friendly, but slightly misguided, zombie. The rising aspects of the identity market are the brains that is so badly craves: enterprise role management, entitlement management, fine grained access control, etc. Feed our enterprise identity zombie with a healthy does of policy that has business-readable language as to role of the person and their subsequent entitlements and you’ll have an enterprise-class, unkillable (in the good way), identity infrastructure.

Further, you do not have venture into the newer territories of identity land to feed your identity zombie. Enterprise identity implementations have sufficiently progressed to the point that your more mature services providers can feed your zombie all the brains it needs based on their own experience, methodologies, and techniques: no emerging technologies needed.

Do enterprise identity technologies need a bit of a refresh? Sure. But that doesn’t mean they need a complete rip and replace with user-centric or other newer identity “stuff.” Absolutely not. What it does mean is that we are seeing a rise in the value of identity brains, entitlement and access management in business and organizational terms.