Catalyst Conf. Notes: Burton takes “Control”
After a day and a half, I can safely say that Catalyst is living up to its reputation of being on the cutting edge of identity trends and issues. After a typically boisterous start to the conference on Wednesday, where Mike Neuenschwander set the tone by introducing a superhero called “Captain Controls“, the conference settled into its usual mix of tactical evaluation and prognostication on possible futures and architectures. Meetings forced me to miss a few more sessions than I would have liked, but I still managed to get enough of a taste for the discussions taking place.
Application-Centric IdM Goes Mainstream
One of the cool things for Oracle is that Burton has actually identified “Application-Centric Identity Management” as a legitimate methodology in the identity management space (in contrast to System Management methodologies). I have been blogging about this for a while now, as this is the main philosophy at Oracle. Of course, the reason for the elevation from buzzword to legitimate methodology is the wave of application vendors like Oracle, Microsoft and SAP that are entrenched in IAM now, and are working towards the creation of identity as a well-defined aspect of application development in their own applications and in the development environments they provide. This was reflected today when they took the stage in succession to explain their vision and strategy in the IAM space.
One of the interesting themes of the first day sessions was an exploration of the relationship between federation and user-centric technologies (like OpenID), and their impact on both consumer and enterprise environments. After starting with a hard look at how traditionally understood federation is doing, the discussion transitioned to the state of progress in user-centric identity technologies (through a characteristically entertaining presentation by Dick Hardt). Burton made the point that loosely coupled identity provider and relying party networks, connected via user-centric technologies like CardSpace and OpenID could change the way enterprises handle the problems that today rely on legally and procedurally heavy federation mechanisms.
The Theme For This Year: Identity Controls
Mike Neuenschwander did not disappoint the crowds yesterday with a hugely entertaining sketch involving Captain Controls, a superhero that I hope will become a recurring character (Go here to see a video of the sketch posted by IdentityWoman Kaliya Hamlin).
Captain Controls challenges Mike
And while it was entertaining, it beautifully illustrated the emergence of the latest buzzword in identity management – Identity Controls. Briefly introduced on Wednesday, the topic was thoroughly explored on Thursday through sessions that took on the emerging technologies in Enterprise Role Management, Entitlement Management (aka Authorization Services) and Identity Audit, a group that Burton has acronymed PPM (Policy and Privilege Management). It represents the next step in the continuous evolution of IAM from an IT concern to a Business concern, and reflects the growing importance of IAM in the area of corporate risk management and governance.
Microsoft and Oracle Get It; SAP Not So Much
The message of Identity Controls was further consolidated in the following presentations by Microsoft, SAP and Oracle. These sessions were revealing in that they showed the maturity of Microsoft and Oracle in the IAM space, while SAP is still trying to catch up. I’m sure this will be dismissed as a biased opinion, but my (some would say surprising) admiration of Microsoft’s new IAM philosopy will hopefully negate that. From the tone and content of the sessions, you could see that there is a huge gap between the deep understanding of IAM that Oracle and Microsoft have, and the early stages SAP finds itself in. SAP did get the GRC market going through the Virsa acquisition and integration, but they only recently seem to have realized the importance of identity in the controls business. It was illuminating that while the Microsoft and Oracle presentations both went into great detail about their vision for identity as an integral component of application architecture, the SAP talk concentrated on what they have learnt from their customers and on touting their recent MaxWare acquisition.
Oracle SVP Thomas Kurian explains Oracle's Application-Centric IdM
The second half of the day concentrates on Identity Services, something all of you know I am passionate about and am helping drive within Oracle. Phil Hunt of Oracle will be on a panel discussing the notion of identity as a service. Should be interesting.
Would you be willing to comment on when Siebel will support CardSpace and SPML or will you be forced to exercise your right to remain silent by others higher on the foodchain?
Safe Harbor laws, not management, prevents me from speaking to any specific timelines. However, I will say that the new Fusion architecture that the applications are moving towards externalizes a great deal of these capabilities into a common IAM layer. This IAM component will be based on Oracle’s suite of IdM products and the extended JAAS layer in the application server they run on. The support of these technologies by that security and IAM layer means that the Fusion applications would get standards-based capabilities (like SAML and SPML support) for free.
CardSpace as an authentication mechanism is a little easier to incorporate in a Single Sign-On enabled environment. However, CardSpace as a lightweight federation tool is a little harder to analyze. We (in Oracle’s IAM team) are currently working on the self-registration and authentication mechanisms for Fusion applications, which is where I believe CardSpace would play a role.
I would be interested in learning in greater detail how you envision CardSpace being used in a Siebel environment. Would you mind providing your perspective on this?