SAP buys MaXware: Column Fodder in the Fight against Oracle

On one hand I can’t say I am that surprised. SAP has been itching to get into the IdM market. There was speculation that they were going to build their own. It is interesting to see that they have chosen, as many others have, to buy instead. I am, however, a little surprised in who SAP purchased.

MaXware was known, primarily, as one of the three major meta/virtual directory companies out there. Maybe SAP saw wisdom in Oracle buying OctetString? (I’d be feeling pretty lonely right now if I was Radiant Logic.) Maybe SAP really just needed the connectivity that MaXware could provide?

I wonder what this means for corporate SAP partners who are already in the identity management space? If I am a provisioning vendor who has spent resources developing integration to SAP and the Virsa bits, I am going to be pretty annoyed that SAP just bought a provisioning technology. Integration partner one day, direct competitor another.

The real reason SAP made this move is the continuing SAP – Oracle War. SAP needs to be able to check the boxes off in an RFP that they have provisioning and identity management services. If SAP is looking to even the playing field, there’s at least one more acquisitions they have to do. They need to buy a large services company likes of Accenture or Booz Allen Hamilton. Granted, doing that will agitate their service partners, but that being said, it would round off SAP and enable them to go toe-to-toe with Oracle.

In closing, I wanted to include a few insightful thoughts from Jackson Shaw. I just discovered his blog… good stuff. Jackson writes:

SAP AG is acquiring MaxWare because they believe that if they can control identities, security and roles from within SAP NetWeaver then they can “own” an organization. They can be the tail that wags the dog.The few systems that SAP GRC can connect today stands out like a sore thumb. Who could take them seriously? Now, with MaxWare they’ll be able to connect to many more systems but will they be taken seriously?

If IBM can’t do it with WebSphere and Tivoli, I don’t see how SAP can do it with NetWeaver.

You mean people actually use this stuff?

Matt Kelly at Compliance Week threw out a line recently:

Compliance Week is researching a story about compliance with identity management and user access policies. We’d like to hear about what policies you have in place for those needs, and what problems you’ve encountered (and solved) along the way. Send us your thoughts, and expect an article on the topic in upcoming weeks.

Needless to say, I am very curious what people will share on this subject. I’m always fascinated to hear how people apply user provisioning tools.

Back in the day there were two major selling points for user provisioning: compliance and reduced help desk call volume. Customers were quick(er) to recognize the reduced help desk call volume but the compliance aspect lagged, mostly dueto the fact that no one knew what compliance meant. (These were the pre-SOX days mind you.)

Times have certainly changed as has the messaging. Recently provisioning for compliance has morphed into compliant provisioning. User provisioning systems have matured to a point that organizations can use them as service platforms. Organizations are realizing that their provisioning infrastructures are great vehicles for other services: password management, role lifecycle management, and so on. Compliant provisioning is one of the best examples of this.

If our recent webinar with KPMG and IBM was any indication, then the market is desperate for compliant provisioning solutions. We had hundreds of attendees asking some very tough questions about implementation, architecture, and resources needed. I can’t wait to see if Matt’s research reaffirms what we are seeing in the ever maturing provisioning market.

SPML Decision Followup… followup

Conor has graciously explained the “strangeness” I felt in the Advanced Client scenarios. He explains that this part of advanced client work:

addresses the problems involved in provisioning functionality to a secure container that is associated with a user somewhere nearby

That snippet was enough for me to grasp it. Read the rest of what he has to say for more.

I wanted to clarify on two points he made. First:

Ian seemed to connect this work to Cardspace, Higgins, and OpenID. I am not aware of this connection.

Agreed. This was a case of my braining running ahead of my hands. I started with the ICP stuff and somewhere along the line my brain hopped on to a different topic… sorry, lack of conversational turn signals. This (barely) provides a little bridging between my thoughts.


Ian seemed to think that this provisioning was just about provisioning a credential. That isn’t the case.

That would be my user provisioning baggage. Account/credential = functionality. Dogmatic on my part. The reality is that a collection of attributes can (and do) define different sets of functionality and/or access. We used to call them virtual accounts in my IBM days.