James recently picked up on my Identity leprosy or identity zombies post and writes:

Ian believes that identity needs brains but falls into the trap of thinking about identity solely from the perspective of provisioning and while avoiding runtime aspects. I wonder if he would blog on why enterprises should consider identity consolidation over identity management?

Before I respond I’d like to get some clarity. James, give me a more to work with and I’ll happily write more. Help me understand that which you are contrasting between “identity consolidation” and “identity management.” Help me understand how provisioning doesn’t have runtime implications.

Jackson, in discussing the demise retrenchment of HP’s identity business, had this little gem:

We talk about Identity 2.0 in the context of Web services and the evolution of digital identity but our infrastructure, enterprise identity “stuff” is decrepit and falling apart. I have visions of identity leprosy with this bit and that bit simply falling off because it was never built with Web services in mind.

Bits falling of, eh? I’ve never heard of someone losing their core directory services because someone forgot to add XACML support. I’ve also never heard off someone loosing an ear because their provisioning system didn’t support SPML v2. Enterprise identity “stuff” is more like a zombie. It lurks in the dark corners of your enterprise. It staggers out at you at inopportune moments. Two other aspects of this ridiculous image that are valid:

Bob, Lori, and Gerry at Burton Group have confirmed what I had heard only in rumor: HP is effectively pulling Identity Center from the market. It will continue to focus R&D on its existing Identity Center customer but will not be actively seeking new ones.I’d love to have seen what the business case was for HP’s original acquisitions into the space and then the analysis to make this decision. Tough choices.

So RSA’s parent company, EMC has entered into agreement with Courion to offer Courion’s suite of products including:

• PasswordCourier - password management
• AccountCourier - user provisioning
• RoleCourier - role engineering and management
• ComplianceCourier - policy verification and self-assessment

This, as Ian Yip points out, does fill the gapping hole in the EMC/RSA identity management story left by Oracle purchasing Thor, RSA’s old user provisioning partner. The other side of this equation is that Courion has lacked a web access management tool. That is not to say that I think they truly needed one and I applaud Courion for sticking to their knitting and making a really great business/end-user focused suite. But that being said, they are in Gartner’s leadership quadrant for user provisioning with the big boys, all of whom have WAC/WAM capabilities. In a toe-to-toe fight against those guys I am sure there are cases where no having a WAM product has hurt them. (Although people proclaim the identity management suite dead or at least a non-issue, I have to imagine that there are still RFPs out there looking for the whole enchilada no matter how poorly integrated it might be.) This is the long way around to say that RSA Access Manager (Securant not to be confused with Securent - anyone else confused by this?) helps fill a hole in the Courion family of products. All in all if EMC were to actually buy Courion, it would be too surprising. At the very least, it wouldn’t increase employees’ commute to work too much…

A while back I had commented on consolidation in the role management world. As I have said before, from product management and marketing perspectives, integrating a role management tool into an existing identity management suite is a no-brainer. This is not to say that the implementation and deployment are no-brainers as well - so don’t get too excited Greg ;) What is more interesting is where major vendors like Oracle and Sun will take enterprise roles management.

A hearty congrats to my friends and old co-workers at Tivoli on a job well done. ITIM 5.0 has been officially released! Having been part of the beta program, I can say that this is an amazing release. A great deal of thought and research has gone into ITIM 5.0 and in the bits I have seen, customers are really going to enjoy using it. Yes, I said enjoy. The new user interfaces are enjoyable to use. Amazing and true. Good work everyone.

Nishant, in a light hearted manner, took my post on Sun acquiring Vaau as a bit of a dare. This is how I responded to his comment:

Since I don’t believe that ERM is an end in and of itself, I am more curious where the market and technology will go now that two “suite” vendors have made acquisitions. If, by orchestrating some sort of challenge between Oracle and Sun to integrate and innovate, I can help move things along, then yes, by all means, consider it a challenge. Maybe the gang at Burton Group can referee this?

A second enterprise roles management company has been acquired. Sun has announced intent to buy Vaau. Congrats to Sachin, Steve Tiches, and the rest of the gang at Vaau. You are definitely joining a great team. It will interesting to see how fast Sun can tie Vaau’s various components to their existing suite. I have to imagine that what was Identity Auditor, now part of Identity Manager, will be replaced entirely by Vaau’s identity audit capability. Comparing Sun’s time to integrate Vaau to Oracle’s time to integrate Bridgestream ought to be interesting as well.

I think that Phil’s take on this sits somewhere in between Dave’s cynicism and Eric’s unabashed joy. I do agree with Dave in that I doubt that this acquisition signals a market consolidation - the entitlement market is too new. Look at the role management market as an example: it’s been around for a few years, lived longer than most expected, and just now are we seeing consolidation.

I love shooting without a flash. So does Bob and he just published a good public service announcement for shooting without using a flash. (I do like that second shot of Mike a lot.) There are a bunch of people in the greater identity management world who would consider themselves amateur photographers. I wonder if there is commonality of photography and IdM that practitioners of both find compelling. From a content perspective, the aspects of a picture I take that I really like are, in some sense, a reflection of me. Maybe this photo/IdM thing comes back to relationships. We are looking for ourselves in our subjects.