Oracle IdM CAB: Identity is Everywhere
I’m back from a trip to Oracle HQ, where I was attending our 2nd annual Identity Management Customer Advisory Board conference. The 3-day event is the zenith of a continuous process that combines quarterly meetings with 1-on-1 discussions to provide all involved a valuable platform to gather, discuss and align our vision of all things identity.
Apart from the actual act of trying to get to San Francisco (flight snafus), the week was really good and productive. Unlike last year, when customers were anxious about the acquisitions of Oblix and Thor, this year’s board was a relaxed group that is (finally) comfortable with the idea of being Oracle customers. That is not to say that they were about to let up on us. They came ready to drive the future of Oracle’s IdM products and the future of their own deployments.
There were a lot of questions about our progress in making the suite come together in a more cohesive manner. The sessions presenting our roadmap were fairly interactive. We had a number of customer’s present case studies of their own deployments, and it provided great insight into the differences in philosophies and approaches to solving some fairly complex problems. Compliance topics, especially SoD, were discussed quite a bit, with the stress being on making IdM work with the SoD capabilities customers already have or are putting together. There was also good interest in the work that Oracle is doing on the IGF.
Some of the key messages that came through loud and clear were:
- Everyone knows that identity management is still a very difficult solution to deploy (at least at enterprise-scale). The message to us was to continue our efforts in making the overall process of deploying IdM manageable and scalable.
- There was a big demand for additional flexibility in configuration and customization capabilities.
- Role-based identity management continues to be of interest, but at the same time continues to suffer from the divergent implementation philosophies and interpretations.
- Identity Services (in various shapes and forms) are a big part of enterprise roadmaps. In fact, a significant number of enterprises are moving beyond the ad-hoc model they had so far and looking at creating structured identity services projects to serve the needs of an increasingly large and vocal (internal for now) consumer base.
- There was a lot of interest in understanding our strategy for Fusion, especially with respect to our impact on the Oracle Applications suite. And there was a smaller group that was interested in the possible convergence of ERP and IdM.
We also heard an interesting anecdote about just how firmly entrenched identity (and identity services) is becoming within the enterprise. One of our customers told us about being approached about an “identity-enabled” elevator system. The idea is that swiping a smart card upon getting into an elevator would take you directly to the floor you are allowed to access. Don’t know more details than that, but the resulting discussions about the identity services needed to enable such a concept were quite interesting. As was the discussion about de-provisioning a user while they are still in the elevator 🙂
First thanks for putting out such interesting things. 🙂
Some thinking aloud on the ‘about an “identity-enabled” elevator system.’. How can this implementation be actually worked out in practice? Option 1 can be to have all the required info (which floor) in the card itself. However, the issue is: if the privilege changes, the card also has to change. Another option can be the information is stored in some other server. This is an improvement, but if the server is down for some reason, then will the elevator not work? Again, the user can have access to more than one floor – some option should be given to select his/her choice of floor at that time.
Probably, a dual-mode combination of manual (as of today) and id-automated will be optimal?
This probably will work best in hotels, where a guest has access to _only one_ floor. The use case is: the card key is tied to the access, not the person. (That is, key implies the floor, whoever uses the key)
I am not raising questions, just thinking aloud. As a restatement, thanks for the interesting web-log.
Nice and interesting blog. Hope to hear more from you.
Though we are talking big about solving complex problem but we are still hitting with some basic resource protection from Oracle-Oblix IdM where I heard WebDAV is still not supported by Access Manager/ COREid 🙁
Thanks once again for putting such interesting post