The primary "big move" that I'm coming away with is the idea that identity is really in the midst of the current enterprise IT environment undergoing a shift in metaphor -- from the semi-closed metaphor of the controllable "domain" to the fully-networked (and open) metaphor of the Network (internet, web - call it what you will). I don't think this is unknown. In fact, I think people have been talking around this idea for a long time. I don't, however, think its well understood.
Think of it this way: The "domain" demands location, exclusion, protection and defense. The networked web demands visibility, openness and accountability. That shift -- from lease lines to the internet, from token ring to ethernet, from controllable, closed IT environments to a fully network internet-metaphor enterprise, is a shift that cannot be underestimated in importance. That shift is driving not only identity, but things like SaaS, the web as platform, outsourcing, etc. And the reason that identity is so integral is simple: you cannot have an open, visible *and* accountable environment without identity as a foundational concept.
Enterprises are only now beginning to move toward this -- and I think its about to really drive the identity industry hard in several ways:
1. "User-centric" identity only grows in importance: Following the internet metaphor, enterprises will increasingly relinquish centralized control (adminstration) to the end user.
2. The enterprise will mimic the "world of ends": David Weinberger and Doc Searls once described the Internet as a "world of ends" -- or a big dumb empty network with all of the intelligence living at the edge. That metaphor is where identity in the enterprise environment is headed. Some of the big guys (Sun and Oracle) see that and are starting to capitalize on it. Its the reason that the identity conversation is now going to start to focus on middleware abstraction, SOA and increasingly modularized environments.
3. The "network-layer" and "application-layer" theme grows as well: Opening the networked environment will force the "NAC" vendors to abandon older defensive/protective approaches. As such, NAC will increasingly be seen as a vehicle for compliance -- and the idea that you have network-layer identity management and application-layer identity managment will take hold. David Berlind is reporting that folks at the Gartner symposium are saying that more and more of IT budgets are going to compliance -- and that's all identity.
Three themes: user-centricity, SOA/middleware abstraction, and converging work around network-layer IdM and application-layer IdM because of compliance. Three themes driven by one metaphor change: making the enterprise IT environment mimc the metaphor of the fully networked model (open, visible and accountable).