Paul Murphy has been writing about identity management over on his Managing Linux blog. His basic thesis is that while most CIOs now are putting "identity management" as a top priority, most also can't tell you what "identity management" is. The reason, says Paul, is that most CIOs are informed about the possibility of identity offerings via their prominent vendor relationships, and those vendor offerings are overlapping, confusing and (in some cases) redundant.How *should* one come to understand what identity management is?
First off, I think Paul represents the great majority of CIOs out there. Having been in the "identity business" since 2002, it becomes pretty easy to feel that since the community has grown so much so fast, the identity community's baseline of understandings *must* be the baseline for the population of IT professionals at large. That is clearly not true. In fact, "identity management" is still widely misunderstood and not widely implemented. While most enterprises now understand that they must accomplish some tasks associated with identity, that doesn't mean that they've gotten a larger perspective about identity. The result is that many identity projects are happening in isolation.
The "phased approach" to IT implementation is accepted as the safe route to not experiencing the debacle of a 7-figure, 36 month deployment failure. This is a good thing. But "phasing" doesn't mean operating in a state of isolation. Phasing should still take place within the larger context of understanding.
All of which brings us back to "identity management." Gaining an understanding of identity management should not simply occur by reading vendor product marketing literature (though I know it often does). The "learning curve" on identity seems to almost always include: A) a small-ish project initiated to achieve a business process goal (i.e., eliminate X costs associated with Y redundant sign-ins); B) a realization by the implementing team that there's a wider identity problem that they must fully grasp if they are to scale any success; and C) a gradual reworking of the architectural principles of the IT organization that makes identity the foundational and organizing paradigm.
So, how should one come to *understand* what identity management is? Begin by understanding the breadth and depth to which identity as a concept must be used as an architectural principle.
More on that to come...