End-to-end identity management suites still coming together

The identity management market is one that we watch closely. And while it has yet to fully explode into the mainstream, 2005 saw it steadily gaining momentum. Identity is so compelling because it's far more than just a security technology. Authentication, fine-grained access control, and SSO (single sign-on) are all advantageous, but they only represent the tip of the iceberg of what an identity suite can accomplish.

Ultimately identity will serve as the foundation for managing distributed webs of application services, paving the way for smoother, SOA-based business integration. But, of course, that's a long way off. In the meantime, most enterprises will embrace it for its ability to automate provisioning and deprovisioning of user accounts, as well as for its centralized authentication logging and auditing capabilities, both of which can play a crucial role in regulatory compliance measures.

For many companies, however, setting up an identity infrastructure remains a daunting task. Not only is the technology complex, but it also inevitably touches countless areas of an enterprise and its business processes. Reducing the perceived barriers to entry will be Job No. 1 for identity vendors as we move into the new year.

For starters, that means shrinking the playing field. For 2006, expect to see the identity market continue to consolidate around a handful of top-tier vendors with established track records in enterprise IT.

IBM grabbed Access360 in 2002 and Sun Microsystems nabbed Waveset in 2003. Last year, HP's acquisition of TruLogica and CA's acquisition of Netegrity showed that identity shopping continued to be the rage. And this year, Oracle snapped up identity pure-plays Oblix, OctetString, and Thor Technologies, giving the database and applications vendor a formidable product line. Moreover, Hewlett-Packard rounded out its identity portfolio by adding federation vendor Trustgenix last month.

Unlikely as it may sound, CA, HP, and Oracle can still be seen as the underdogs in the identity management space. With heavy-hitting competitors such as IBM Tivoli, Microsoft, Novell, and Sun to contend with, emerging as the market leader will be an uphill battle for any vendor. As a result, expect more pure-plays to fall under the umbrellas of these big names as the heavyweights continue to strengthen their identity portfolios in the coming year.

Usability will be the next big battleground. So far, Novell has taken the lead in this area, offering sophisticated management tools atop its mature directory server foundation. The recently released Identity Manager 3 builds on an already solid product offering with automated provisioning capabilities and a visual policy designer based on the Eclipse framework. Expect the other vendors to follow suit with their own more accessible user interfaces as the competition for new customers heats up.

The key long-term play for the industry, however, is federated identity. The lure of centrally managed authentication and centralized access to resources across multiple network domains, including those of business partners and customers, is obvious. Unfortunately, this technology is still immature and federation remains somewhere on the horizon for most customers, although successful implementations have already begun appearing in the telecom industry and other verticals.

 The arrival of SAML 2.0 from the Liberty Alliance should make it easier for vendors to implement standardized federation capabilities, but logistics remain the big challenge. The vendors will have to invest heavily in developing best practices and procedures for key industries before customers will be convinced that federation is worth the effort, or indeed is even feasible.

Over the long term, SOA may prove to be the ultimate driver of identity technologies, as identity management and service orchestration dovetail into a single infrastructure management discipline. For now, however, sustained growth will be the theme throughout 2006. Identity management is still in its early phases, but it's never too soon to get on board, because big things are ahead.