Mark Diodati of Gartner (that was a bit hard to type right the first time) has published the results of the SPML SIG held at #cat10. I think it captures the feeling of those present very well. At about the same time the minutes of the first meeting of the SPML PSTC for a long while were published. It seems there’s a much different split there than there was at the SIG. The split is basically between folks who want to see a “clean start” with a version 3 and those who want to see version 2 revved so it’s more realistic. I’m on the latter side, and so are the folks at Quest that I’ve spoken to. In fact, both and Quest and at customers, everyone I’ve spoken to about this outside a tight circle of “identity gurus” have all agreed that SPML would best serve the larger community as means to have systems communicate. Anything beyond that is overkill. At least for now. If all the different solutions had a standard way to do CRUD operations between one another, that would go a long way to solving many practical issues in heterogeneous IT environments.
I’d like to get more involved and I’m working with Quest to see if that can happen. This is something I’d like to see done from start to end.
BF8XDEVU8PDS This is here for Technorati. If you’re seeing it it’s because you’re reading this content somewhere besides my blog site and I couldn’t hide it from you. Sorry =]
I’ve just returned from Gartner/Burton’s Catalyst 2010 in San Diego (“just” returned when I wrote the first draft, not so much now that I’m finally getting to edit and post…). One of the sessions (Wednesday morning in the identity track) featured GM presenting about their fairly advanced and very well thought out identity management processes and platforms. They had a very mature outlook on what the real sources are for identity and how to empower the business to leverage the value of those identities over time and through the lifecycle.
Perhaps the best example of that was how they manage identities that are not really fully baked, management of avatars. The presenter from GM made a great analogy to explain this. He talked about the Mii parade from the Wii. If your not a Wii person, this needs a bit of context. On the Wii you have an avatar called a Mii. In many games that Mii is what you see on the screen to represent you. Since the Wii is designed to be multi player, you can of course have many Mii’s on a system. Apparently his daughters are just like mine. They make a Mii for every kid that shows up at their home; mine even make them for characters in books and people they meet away from home. What use is the Mii if there is no one to play as them? In some parts of some games, there are parades and other places where crowds appear. And these Mii’s, played with or not, show up on those crowds.
GM will make an identity for anyone that comes to their facilities, even going as far to assign them a unique identifier. If that person eventually ends up as a contractor, then they will retain that identity. If they become an employee, they keep the same identity. And if they leave, the identity is still maintained. They also do similar things for what they termed “people of interest”. These are people like an employee’s spouse, who would be in some systems to receive benefits and there for have one of these avatars or half-baked identities. So, with all these avatars in their systems, when they go through to do large reports and such, they end up with a Mii parade with all these avatars that are not users as such showing up in the crowds.
This struck me as being deeply right. Most organizations want to reduce the identities they have at all costs. But identities are data, and data has value. Of course, Quest and I are fans of reducing accounts and points of access, but that’s quite different. This is about having many singular identities that can be used to fill out your Mii parade so that it acts and feels as real as possible. The rich context can only lead to better and fuller business decisions over time.
For those of you who made it down this far, here’s a sample of what a Mii parade can be like when you just tell the Wii to have all the Mii’s go marching:
I’m always in catch up mode with my reading. I finally got to Ian Glazer’s “Access Certification and Entitlement Management” on a plane to California. If you are in the market for access certification, trying to understand how to construct and approach to managing entitlements or just want to understand the moving parts of access in any reasonably complex organization, then this is a must read. What got me thinking most was the tone of the paper. Essentially it boils down to the good advice to make sure you define boundaries for tasks well and get the people from the business who should own the information to become the owners by the end of the process. Ian also encourages you to use whatever resources you can, even if they make strange bedfellows. It reminded me very much (and I’m going to mix analyst firms here so forgive me) of Earl Perkin’s thoughts about making the auditor your friend and making sure you “care, but not too much”, which he communicated at the Gartner IAM Summit last week (and blogged about previously as well).
All this got me thinking about the actual content of such IT to business communication regarding access certification. And, since I was trapped on a 6+ hour flight with a power outlet but no internet, I came up with this small, tongue in cheek video. I know the terms will feel like nails on a chalkboard to some since they are not exact. But I really tried to exercise that “it’s more important that they get the right ideas and not the exact right terminology” notion as best I could.
day two at catalyst09 was very on target for me. the identity track was all about leveraging existing resources for bigger ROI and that’s all we ever talk about in PM meetings around here. Burton’s Mark Diodati presented about the AD Bridge space, a name he may have invented, and then there was also a customer case about the practice of doing AD Bridging for Unix, Mac and Linux systems. the best part was when a person in the audience took the mic during Q&A and thanked Mark and Burton for taking the AD Bridge products seriously and the whole audience erupted in applause.
i’ve got lots of notes and thoughts about everything that went on. i’ll likely be posting reactions to catalyst09 over the next week.