This week, Oracle took a long awaited first step towards the realization of the Identity Services Framework that I have been talking about. At the Gartner IAM Summit this week, Oracle announced an open initiative, the Identity Governance Framework (IGF), to address governance of identity related information across enterprise IT systems. The IGF will enable
Those interested may have noticed that last week I rebranded my blog to its new name – Talking Identity. Thanks to all those that gave me suggestions (even the ones given sarcastically). Hopefully this resolves any conflicts that arose with the previous name I had chosen. The name reflects what I hope to do through
Those who know me from the good old Thor days may remember the presentation I did at our last Advisory Council meeting before the acquisition. It was a slightly tongue-in-cheek piece on the future of IdM, in which one of the things I talked about was the growing desire to see physical and IT security
It has been quite a while since my last post. The period coming out of Catalyst is always busy, as it tends to generate a lot of good discussion that starts influencing the work we are doing. I have been neck deep in discussions over the future of our product offerings, so this has been
Burton Group’s Catalyst Conference is one of the biggest technology events in North America, and is being held in San Francisco this week. If you care about Identity, it is one of the premier conferences to attend, because the conference usually fosters some really in-depth discussions into topics that are at the forefront of the
Phil Becker has written an interesting series of articles about the top 5 fallacies which appear and reappear in identity discussions, technologies and deployments. It makes for pretty interesting reading, so check it out at the Digital ID World Blogs. I wanted to comment on fallacy #3: Centralized Management Means Centralized Data. In his article,
In part 1 of this multi-post blog, I laid out what I believe are the various disciplines that make up a complete role management solution. In this post, I will tackle the more contentious discipline – that of role definition. Fundamentally, two camps have evolved around different approaches to the problem of defining roles. There
PwC recently published the “Information Security Breaches Survey 2006” report, sponsored by the Department of Trade and Industry (DTI) in the UK. The 8th such survey is aimed at raising awareness among UK businesses of the risks they face in the internet age. Below are some highlights from my quick read through it, and some
The topic of role management is always an interesting one to debate. Everyone’s take seems to be slightly different; so much so that if you listen to enough people, you end up trying to rationalize a rather broad spectrum. I recently spent some time having a rather animated discussion on the topic with someone who
Gartner’s MQ report on provisioning calls out the different approach that Microsoft has taken to the provisioning space. Termed the “enterprise access management” approach, it essentially advocates the externalized authn and authzn model that requires less pushing of data into target system repositories, and more pulling of data by the target systems from MIIS at