Zen Mind, Newb Mind

Being the new-ish addition to the IdPS team is, well, an interesting place to be.  Besides the requisite induction activities (ask me at Catalyst how you pick up the dry cleaning for a team who lives all across the country), I’ve been working with my peers on vastly different pieces of research.  And being curious by nature, I’m loving the chance to not only dig into different topics, but also observe how different people go about the actual process of analyzing a topic or a market.  One technique that Burton Group uses is Contextual Research (CR).  Essentially, the CR process is meant to challenge an analyst’s knowledge of a subject and their associated preconceived notions as to what problems enterprises face and how they are facing them.  It turns seasoned veterans, experts in the field, into beginners again.  This is what practitioners of Zen Buddhism call “beginner’s mind.”

Here’s how it works in a nutshell.  Kevin (seasoned vet) and Ian (newbie) identify a bunch of organizations to talk to.  So far nothing out of the ordinary as compared to our other approaches to research.  That being said, the conversations we have with these organizations is very different from typical research techniques.  Instead of coming to the conversation with a fixed hypothesis that we want to prove out, we come to the conversation with nothing.  No leading questions.  No surveys.  No preconceptions.

In these conversations, we, the analysts, are newbs. We let the people that we are talking to teach us what is important to them about a subject, how they have approached a problem, what wisdom they’d like to share with others.  The analysts furiously take notes, listen, and try not to talk.  Having listened to as many people as we can, we bring the whole team together to find affinities among the statements, identify trends and common techniques, and evaluate the state of a market through the eyes of a customer.

Right now, Kevin and I are in the midst of a role management CR.  Although, we are far too early in the process to comment on what we’ve found, some of the anecdotes we have learned along the way are really fascinating.  Discussions about the needs of the business, efficiencies gained, and methodologies for conducting role analysis – all of these conversations have been grounded firmly in the realities of today’s economy as well as current state of identity management in the enterprise.  You’ll see some of the results of this beginner’s mind approach to analysis at Catalyst this summer.  In fact, the Catalyst workshop on Advanced Role Management is going to be a master-class of a sort, shaped by what Kevin and I learn during this CR process.

Stay tuned for more on our roles CR.  Towards the end of April, I’ll be updating you on how the process has faired.

(Cross-posted from Burton Group’s Identity Blog)

Identity leprosy or identity zombies?

Jackson, in discussing the demise retrenchment of HP’s identity business, had this little gem:

We talk about Identity 2.0 in the context of Web services and the evolution of digital identity but our infrastructure, enterprise identity “stuff” is decrepit and falling apart. I have visions of identity leprosy with this bit and that bit simply falling off because it was never built with Web services in mind.

Bits falling of, eh? I’ve never heard of someone losing their core directory services because someone forgot to add XACML support. I’ve also never heard off someone loosing an ear because their provisioning system didn’t support SPML v2. Enterprise identity “stuff” is more like a zombie. It lurks in the dark corners of your enterprise. It staggers out at you at inopportune moments. Two other aspects of this ridiculous image that are valid:

  1. The identity zombie is incredibly hard to kill.
  2. The identity zombie needs BRAINS!

“They stab with their steely knives…” Once deployed, even in rudimentary forms, enterprise identity systems are amazing difficult to uproot, to kill. Homegrown systems are notoriously tough to maintain as well as replace. Even worse were those early attempts at vendor provided solutions. Before IBM/Tivoli bought Access360, it had Tivoli User Administrator. TUA… one of the banes of my existence. The thing wouldn’t die. The customers who got it running were actually in love the rotting smelly thing. They kept it on a steady diet of scripts (BRAINS!) that served as connector definitions and entitlements all rolled into one. It just ran and ran and ran. From what I heard, early BMC Control/SA customers are much the same.

Think this problem is limit to the “old timers” in the identity market. Nope. Good luck replacing that SiteMinder deployment. Enjoy uprooting your original iPlanet directory implementation.


We all know zombies feed on brains. Common knowledge. Let’s consider for a sec that the enterprise identity “stuff” that Jackson refers to is a friendly, but slightly misguided, zombie. The rising aspects of the identity market are the brains that is so badly craves: enterprise role management, entitlement management, fine grained access control, etc. Feed our enterprise identity zombie with a healthy does of policy that has business-readable language as to role of the person and their subsequent entitlements and you’ll have an enterprise-class, unkillable (in the good way), identity infrastructure.

Further, you do not have venture into the newer territories of identity land to feed your identity zombie. Enterprise identity implementations have sufficiently progressed to the point that your more mature services providers can feed your zombie all the brains it needs based on their own experience, methodologies, and techniques: no emerging technologies needed.

Do enterprise identity technologies need a bit of a refresh? Sure. But that doesn’t mean they need a complete rip and replace with user-centric or other newer identity “stuff.” Absolutely not. What it does mean is that we are seeing a rise in the value of identity brains, entitlement and access management in business and organizational terms.

ERM and the organization: Kevin’s response

A while back I had commented on consolidation in the role management world.  As I have said before, from product management and marketing perspectives, integrating a role management tool into an existing identity management suite is a no-brainer.  This is not to say that the implementation and deployment are no-brainers as well – so don’t get too excited Greg 😉  What is more interesting is where major vendors like Oracle and Sun will take enterprise roles management.

I had also mentioned that it would be great for Kevin Kampman of Burton to weigh in on the subject, and sure enough, he did.  I am intrigued by his concept of “return on organization.” But to see this return it first requires identity management vendors to share this value proposition with the parts of the enterprise that really care; it forces IdM vendors to sell to “the business.”  Making identity management truly relevant to the entire business has always been one of IdM’s challenges.  Role management does present a new way of taking older topics to a new audience but I wonder if potential customers are ready to hear it.

The Enterprise Role Management Integration Challenge

Nishant, in a light hearted manner, took my post on Sun acquiring Vaau as a bit of a dare. This is how I responded to his comment:

Since I don’t believe that ERM is an end in and of itself, I am more curious where the market and technology will go now that two “suite” vendors have made acquisitions. If, by orchestrating some sort of challenge between Oracle and Sun to integrate and innovate, I can help move things along, then yes, by all means, consider it a challenge. Maybe the gang at Burton Group can referee this?

How vendors like Sun and Oracle integrate their ERM acquisitions will have a very tangible impact on the future direction of identity management. Both are in a position to unlock the true value of enterprise role management.

The step of integrating ERM in user provisioning is a no brainer, though it will be interesting to see how fast each vendor can do it. What is more interesting is the step beyond that. I started to ruminate on that before… guess we’ll have to wait and see what comes.

In the meantime, it would be great if someone like Kevin Kampman would weigh in on this.