So the worst kept secret in IAM history is officially out. Oracle yesterday issued a long-awaited press release announcing the acquisition of Bridgestream in the Role Management space. Of course, if you have been anywhere near an internet-connected computer, you’d have seen everybody and their mother blog about this. And some of the buzz has been quite interesting, which I will touch on in a later post.
To many, an acquisition in the ERM (Enterprise Role Management) space was inevitable. ERM has gone from cutting-edge darling of the analyst crowd to a must-have IAM solution fairly rapidly. I have myself blogged about the importance of roles in any IAM architecture a number of times. By acquiring Bridgestream, Oracle is adding their SmartRoles and SmartRoles Discoverer products to our industry-leading IdM portfolio.
Relationship-based (aka Contextual) Roles
When it first came out, Bridgestream SmartRoles introduced the interesting notion of relationship-based roles to the market. Providing a solution for the top-down approach to role engineering, the product allows customers to model a myriad of entity relationships (between such diverse entities as people, organizations, processes, projects and business resources) in it, and then express roles as a traversal of the generated relationship graph. Of course, this is not to imply that it doesn’t handle the more mundane roles we are all accustomed to, which are simply containers of people and privileges. But their ability to model roles on real-world relationships that help solve real world use cases is really what sets them apart from the field. SmartRoles also supports a number of other interesting features, including temporal views of the relationship graph that provides a time sensitive answer to the role membership question.
SmartRoles also supports the much needed separation between Enterprise Roles and Local Roles (or Business Roles and IT Roles, as Bridgestream calls it). This provides a necessary abstraction between the business side of the enterprise and the security focused application side of the enterprise.
These features allow them to support some really interesting RBAC scenarios that relied on complex cross functional project relationships, as well as role-based provisioning that took the location of both people and resources into account and complex approval scenarios. The BSI relationship with Oracle started with the relationship that was initially established between Thor’s Identity Manager product and SmartRoles, providing a powerful role-based provisioning solution to customers.
Bridgestream has also made a move into the role mining area with the introduction of its SmartRoles Discoverer product. SmartRoles Discoverer
complements SmartRoles top-down approach by offering companies a bottom-up methodology to kick-start their role management implementation. It provides capabilities to mine data sets from diverse sources and discover useful and meaningful roles. But role mining and verification aren’t enough, so SmartRoles Discoverer also uncovers rules and policies to govern these roles. These candidate roles, along with the discovered rules and policies to govern them, can then be exported into SmartRoles for deployment.
Adding this capability to its suite allows Bridgestream to provide a complete end-to-end process-based solution for role lifecycle management to the market.
Over time, the capabilities of Bridgestream’s advanced role discovery and modeling capabilities will be combined with Oracle Identity Management’s access provisioning and enforcement tools. So while it will still be possible to buy a pure role management product, the real value will come from the SmartRoles product (which will no doubt be renamed following the standard Oracle formula at some point) providing a richer role environment for the OIM and OAM product lines to base their capabilities on, providing customers a comprehensive solution that covers all the bases.
You can get a lot of information about the acquisition and its value (including FAQs and white papers here).