Grading our identity predictions from 2006

Grading our identity predictions from 2006

Summary: At the beginning of 2006, we posted a list of predictions over on Digital ID World for the upcoming year in identity. In keeping with our historical tradition, I'd like to grade our past performance prior to looking toward the future.

TOPICS: Security

At the beginning of 2006, we posted a list of predictions over on Digital ID World for the upcoming year in identity. In keeping with our historical tradition, I'd like to grade our past performance prior to looking toward the future.

Accordingly, I'll grade our predictions on a scale of 1-5 (where 1 is worst and 5 is best), with a possible perfect score of 50. Below are our original predictions, followed by their grade and reasons for the grade.

The Digital ID World Predictions for 2006

1. The Acquisition Cycle Continues.

Yes, we know that 2005 felt like a big acquisition year for identity -- but, trust us, we're just getting started. 2006 will see acquisitions continue.

Grade: 5.

Reasoning: Companies acquired in the identity space in 2006 include TrustCenter (acquired by GeoTrust), Visage (merged with Identix), GeoTrust (acquired by Verisign), Business Signatures (acquired by Entrust), Passmark (acquired by RSA), Virsa (acquired by SAP), and RSA Security (the big one - acquired by EMC). There's no doubt that 2006 saw the identity acquisitions continue in force.

2. The Funding Continues as well.

VC funding in this sector won't stop. In fact, we believe that VCs will get more and more aggressive, as startups will increasingly "pitch" themselves as identity companies and new products will increasingly be seen as identity products.

Grade: 5.

Reasoning: Companies funded (either initially, or with subsequent rounds) include SignaCert, EpicTide, GuardID, Authernative, Ping Identity, Trusted Network Technologies, and *countless* consumer-facing "solve identity fraud" startups. While the funding in the identity space didn't even come close to rivaling the whole "web 2.0" funding phenomenon, identity funding still progressed at a nice clip.

3. The Identity Universe will be seen to be expanding.

As we've been highlighting on the blog, companies are now beginning to change their positioning so that they're "identity companies" -- and really they are. In fact, the identity universe is (in spite of all of the acquisitions) expanding. In 2006, companies will start rushing to associate themselves with identity.

Grade: 5.

Reasoning: All one need do is read our coverage of how the NAC space is adopting identity, but beyond that companies in areas like mashups, SOA, geo-location and enterprise rights management continue to embrace the identity message.

4. Collaboration applications will get in the identity game.

One of the areas that will suddenly find itself in the middle of the identity conversation will be collaboration applications -- by that we mean blogs, feedreaders, wikis, etc. The new "social networking" applications will start to seriously go after the identity game in 2006.

Grade: 1.

Reasoning: I could argue that this prediction should be graded higher in light of the blogosphere's adoption of identity protocols, but alas, my general sense is that collaboration applications (and those in the "web 2.0" world) are still largely seeing identity as somebody else's problem.

5. URL-based identity will gain some traction.

Yes, we're following the URL-based identity work. Yes, we think its important. Yes, we think it will accomplish some interoperability tests in 2006. Yes, we think it will gain some traction with the alpha geek community -- and stop just short of a critical mass. Watch for URL-based identity to create a deeper understanding of identity for a larger community.

Grade: 5.

Reasoning: OpenID, OSIS, Higgins, Cardspace, Sxip -- the list goes on and on. The work happening in the URL-based identity space is now not only driven by the smaller players, but the larger ones (like Verisign) as well. URL-based identity made an *awful* lot of progress in 2006, but didn't reach critical mass.

6. Identity comes to Search.

Call this one something that happens in an alpha state in 2006. Either Yahoo!, Microsoft or Google will either announce or release an early version of a search product that brings identity profiles to bear. Somebody get me Vint Cerf on the phone! ;-)

Grade: 1.

Reasoning: Another one that I *wished* would've happened, but didn't. While Yahoo!, Microsoft and Google all made some pushes into personalized search (close), no one truly launched identity-based search based on profiles (but no cigar).

7. Strong Auth is the story of the year.

The effects of the FFIEC guidelines haven't even begun to be felt -- 2006 will be the year of strong auth. We won't encounter the problems (yet), just the success. Be prepared to cut through the hype, and watch as the terms "layered authentication" become standard place among industry insiders.

Grade: 4.

Reasoning: While every day seemed to bring new horror stories of unauthorized access to sensitive data and the need for strong authentication, I'm stopping short of calling strong auth the story of the year. Is strong auth succeeding in the market? Yes. Is it the identity story of the year? More on that below.

8. "Risk Management" becomes the identity driver.

In conjunction with strong auth, we'll all come to see that "risk management" is the larger business driver behind the identity deployments in 2006. Watch the analysts as they bear this out - "risk management, risk management, risk management" -- it just sounds daunting ;-).

Grade: 1.

Reasoning: "Risk managment" began to get some play as the driver in identity circles -- especially as it relates to strong authentication. Still, at the end of the day, auditing and accountability, as driven by compliance initiatives landed at the top of the "driver" heap.

9. SAP comes to the party. Microsoft makes a splash with ADFS. The "big guys" concentrate on acquisition integration.

Okay, this is a three-parter (so that I don't go over the magic number of 10). 

1) SAP comes to the party - and I mean through more than simple "partnership" announcements. Shall we start a pool on who they buy? 

Grade: 3.

Reasoning: SAP bought Virsa -- a clear play in the identity-compliance space, but they didn't make the brand name acquisition I was expecting. Hence, the 3.

2) ADFS *accelerates* federation. Yes, we think SAML 2.0 will as well - but Microsoft can really flip the switch on federation by pushing ADFS out to their customers. WS-Federation is the fast-mover in 2006.

Grade: 3.

Reasoning: Federation *definitely* accelerated in 2006 -- maybe more so than any emerging category. But my sense of that acceleration is that while WS-Federation saw a large uptake, SAML still ruled the roost.

3) Translation: "Big Guys" - CA, Oracle, BMC, etc. "Integration" - "Our suite is better, more complete, faster, more efficient, cheaper, insert competitive differentiator, than theirs." On the side - watch Sun, RSA Security, and Novell - they won't really play this game, and may score some big wins because of it.

Grade: 5.

Reasoning: Have you spoken with a large identity suite vendor lately?

Average grade for #9: 3.6.

10. The Divide between User-centric and Enterprise Identity management is the number one conversation in 2006.

Its something we've identified and focused on for some time -- the two different conversations that are "user-centric" identity and "enterprise identity." The historical gap between these two areas is now being addressed by serious folks in the identity game -- and 2006 will see this be the most powerful conversation in the land.

Grade: 5.

Reasoning: I'd give us a "10" on this one if I could. User-centric identity dominated the discussion in nearly all identity circles in 2006. 

Total of Grades for 2006: 35.6 out of a possible 50.

Good enough to win money in Vegas.

Next up: Predictions for 2007.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • The Year of Strong Authentication

    I would would say that strong authentication was more story (or spin) than substance in 2006. Only a small percentage of financial institutions in the US have opted for any real changes to their user authentication sytems. Mostly, their response to the FFIEC recomendations has been to deploy risk-analytics systems at the back-end (so as not to mess with the user experience) coupled with a question and answer session when a risk threshold is breached (thereby messing with the user experience - but hopefully not too often). Outside of the financial area, strong authentication is hardly even a story - let alone a reality. Passwords still out-number all other forms of authentication together by several orders of magnitude.

    Perhaps 2007 will be the year when some easy-to-use, reliable, low-cost, user-acceptable, strong authentication scheme emerges into the mainstream ? (e.g. see
  • Contention?

    Phil, Great recap. I just had a contention with giving yourself a 5 regarding the prediction of Sun, RSA and Novell winning big because they didn't play the "our suite is better" game. As of late, it doesn't seem that RSA or Novell won big this year. Your reasing was
    "Have you spoken with a large identity suite vendor lately?"
    Yes, and it seems to me that they are doing alot better than Novell and RSA. (Sun, to me, seems to be a large identity suite vendor.) Novell is facing some real problems, and their identity sales have only increased 3% since last year. RSA was facing serious problems with their dwindling sales - and in my opinion, were lucky to get acquired.
    Just me $ .02.

  • Conversation

    Enjoyed the predictions and looking forward to 2007's.

    A continuing question even in the best of organizations is "who did what and when" and "can we detect the fraudulent events that were permitted" - there is inherent weakness in access controls - they simply can't get granular engough - and can't keep up with the role changes.

    Keep the conversation going Phil, our industry needs new ideas.
    Kurt Long