New identity management products abound

Despite the slow pace of the standards race, identity management has been a maelstrom of activity in recent months, as vendors push their latest efforts to market and clamor to establish partnerships in an industrywide trend to offer a complete solution to privacy-policy needs.

IBM has undertaken a two-front approach to identity management, tackling standards on the one hand and trumpeting its Tivoli identity management system on the other. RSA Security, Netegrity, and Courion (see our Test Center Review of Courion Identity Management Suite) have souped up their wares with the latest ID management features, such as auditing and reporting, password synchronization, workflow, and integration with third-party tools. Perhaps most intriguing is the increasing number of vendors that have teamed up to incorporate their technologies in one another's solutions as the search for the just the right identity management mix has heated up.

Big Blue is committed to developing technologies that protect both data and privacy, says Harriet Pearson, vice president and chief privacy officer at IBM in Armonk, N.Y. She says that tighter security can be achieved without sacrificing privacy, which means that the technology must include controls for users to shut off functionality or to keep it always on.

Still, far too many people are in the dark about where identity management is headed, how business processes are applied to that model, and how technology has been enabled to protect privacy. "You can't buy a piece of technology and say, 'Is privacy baked in?' " Pearson says. "[You] can ask, 'Will this enable me to implement my information polices and requirements, [or] will this somehow get in the way of me being able to do that?' "

To help fuel the constant redesigns of Tivoli Privacy Manager and Tivoli Policy Manager, the IBM Privacy Institute in Zurich, Switzerland, has developed a privacy road map from the application layer down to the underlying infrastructure, Pearson notes. In addition, Big Blue relies on its 2-year-old Privacy Management Council to identify pain points crucial to designing Tivoli Privacy Manager. Made up of more than 25 IBM customers — including the U.S. Department of Commerce, the state of Michigan, Fidelity Investments, and Marriott International — the Council meets quarterly.

The fluidity of the ID management market is mirrored by the many recent multidirectional partnerships among players in this space, including Thor Technologies, Novell, and Business Layers (see our Test Center Review of eProvision).

Business Layers has baked its provisioning technology into Netegrity's newest iteration of IdentityMinder . The upgraded identity and access management software includes password synchronization and management, provisioning policies defined by a user's role-based attributes, and new auditing and reporting tools. It currently supports BEA Systems WebLogic and will soon support IBM WebSphere and JBoss.