Culture

Identity technology finally makes its mark

Jon Oltsik

Jon Oltsik is a senior analyst at the Enterprise Strategy Group. He is not an employee of CNET.

See full bio

Jon Oltsik

Sept. 15, 2006 10:03 a.m. PT

2 min read

Identity and Access Management is a real market. . . Finally!

I was out in the valley this week to participate in the Digital ID World conference. Here are a few of my takeaways:

1. Large customers really care about what's going on. The Identity and Access Management market has been a continuous industry joke. Why? Industry pundits have been predicting the year of IAM forever and it never materialized. I'm here to tell you that IAM has finally made it. Yes, there is still a lot of confusion and product immaturity, but there were loads of users at DIDW and many of them are beyond simple research and thinking in terms of large scale deployment.

2. Projects are getting bigger. When identity and access management tools were deployed in the past it was generally on a tactical basis to address IT operations challenges. Suddenly, projects have a more business and enterprise focus. I attribute the change to compliance on the one hand and the externalization of IT on the other. This means that customers are looking at large identity deployments, big investments, and professional services. There's gold in them thar identity hills.

3. Identity goes hand-in-hand with SOA. Opening internal applications via web services in SOA MUST be supported by a robust identity infrastructure. Users are starting to understand this relationship.

4. Standards have helped accelerate this market. This point is closely related with the SOA/identity relationship. Federated identity standards are immature but certainly real. There aren't a lot of federated identity management deployments yet but standards are helping to bridge technology and implementation gaps while promising to ease the burden associated with time-consuming identity projects and arduous custom coding.

5. Identity lives in applications AND the network. Here's a point that many users still don't get. There are identity initiatives going on in networking (802.1x, WPA, NAC/NAP/TNC) and in applications (single sign-on, user provisioning, federated identity management, etc.). Few users are considering how these disparate efforts come together but they should. Pretty soon, the network will know who you are when you log in and it will work with an identity management service to provide you with access to oodles of in-house and partner applications.

To be honest, I expected a Vendorthon featuring business card exchanges, partnering discussions, and cocktail parties. Instead I heard real business discussions, user requirements, and bright technologists discussing solutions. This was not only refreshing but it also reflects the improving state of identity technology.