Make Way for ID Management as Web Service

The snail-like pace of integrating identity management software into one
complete suite will be a major topic of discussion at the Burton Group’s
annual Catalyst Conference next week, according to an analyst with the
research firm.

But when companies do get around to shoring up their ID management
portfolios, identity services may be delivered as Web services, highly
popular distributed computing software.

Burton’s Jamie Lewis said the ID management niche is entering a new
“iteration,” in the wake of massive industry consolidation that saw Computer
Associates buy Netegrity and Oracle scoop up Oblix, among other

This next stage is being challenged by the difficulty of integrating
components such as authorization, authentication and single sign-on.

While vendors such as CA, Oracle, BMC, IBM, HP, and Sun Microsystems talk a
great deal about offering one full suite to meet customers needs for and the
like, the fruit borne from these endeavors is on the light side.

Integrated ID management generally means services that share components
tethered by one workflow engine and one set of administrative interfaces and
event systems. After digging under the hoods of these companies, Lewis said
most of the products have different workflow engines and don’t share a
common set of administrative interfaces.

“I don’t think anybody has what I consider anywhere the level of integration
that the word ‘suite’ would connote. The big question facing the vendors is
how long will it really take to deliver and integrated set of products that
truly shares a common set of components rather than overlapping.

Lewis said he expects vendors to redouble their efforts going forward to
yield more than just an exercise in branding. This is driven by customer

“The customer doesn’t want to bear the integration burden,” Lewis said.
“They want one throat to choke.”

Going forward, Lewis said he expects ID management tools to evolve to become
a set of services accessible by multiple applications.

This includes and so-called identity services, which began as directory
services and are evolving to become a larger superset of discreet services
that live on the network. To be fully useful, these services must become
encapsulated, exposed and used as Web services .

“You’ll hear more about the collapse of directory, virtual directory,
metadirectory and federation into the larger superset of identity services
and then we’ll be looking at how those get exposed as Web services and used
in a Web services framework,” Lewis said.

The analyst said work to deliver ID management as Web services is being seen
in tooling efforts. This includes Microsoft’s Indigo integration software
project and an identity abstraction layer proposed within the Eclipse
Foundation open source group.

Microsoft is also doing some solid work in identity federation with its
InfoCard plan to make portable and interoperable identity a reality.
InfoCards help
trading partners and Web services providers know just who it is they’re
dealing with on the Web, no matter what platform the services are using.

“I’d expect more detail to emerge at Catalyst about InfoCards and I expect
there to be some debate about whether what they’re proposing is going to
work or not and some debate about specifications, particularly WS-Trust, the
backbone protocol that InfoCards would plug into.

Lewis continued: “There is going to be a lot of debate about whether or not
WS-Trust is a standard or not because it is not in a standards organization
and Microsoft and IBM have been working on it. Some people see it as a well
controlled process that Microsoft and IBM pretty much govern. That’s where
some of the controversy lies at this point.”

Why is ID management such a hot topic?

Organizations and public sector agencies are looking to ID management
software to prevent security breaches and meet stringent regulatory
requirements specifying tighter controls over user access to information,
applications and systems.

One thing that all the vendors and their customers seem to agree on is that
government regulations are fueling the need for comprehensive identity
management suites in a number of key vertical industries such as finance and

Sarbanes-Oxley and HIPAA pretty much control the financial services and
healthcare services industries, respectively, ordering organizations to
corral their data and retrieve it at a moment’s notice.

As far as the major ID management vendors go, Oracle, Sun Microsystems are
all expected to make some news announcements. Thor Technologies is already
talking about its new Xellerate Identity Manager 8.5, which the New
York-based startup is already detailing.

Thor’s new suite makes ID management easier to implement through a Web-based
deployment management tool and boosts exception-handling processes and
compliance through graphical workflows.

News Around the Web