Tuesday, I laid out our vision of the digital identity industry map. To expand on that, I'm going to place some vendors on that map -- in effect, mapping their companies (or in the case of big technology companies, their products) to the different categories. The identity universe is composed of much more than single sign on and some enterprise vendors. Obviously, this is an inexact science. Some products clearly cross some of our "map boundaries." Largely, though, this should give you a good idea of the expanse of technology vendors involved in identity.
To recap quickly, we divide the identity industry into the sections of Authenticate, Manage, Store, Integrate, Control and Analyze. Accordingly, you can begin to place vendors (and their products) as follows (please remember this is *not* an inclusive list):
Authenticate: knowing an entity (person or thing) is who they say they are.
Vendors include: RSA Security (SecureID), Authentica, Authentify, BioPassword, WikID, Verichip, CoreStreet, Axalto, Oberthur Card Systems, Schlumberger technology, Verisign, Alien technology, Texas Instruments (RFID), Wave Systems, Microsoft's upcoming BitLocker product, Viisage, and Motorola.
Manage: handling the lifecycle of identities.
Vendors include: CA, Oracle, Novell, IBM (Tivoli), SunMicrosystems, Microsoft (MIIS and the suite of products around Active Directory), SAP (through a partnership with Siemens), Siemens, RSA Security (ClearTrust), Courion, BMC, A10 networks, Passlogix, Citrix, Imprivata, NetPro, Sentillion, and Quest Software.
Store: the foundational stores of identity information
Vendors in this space include your typical suspects that sell Meta-directories and directories, so folks like Novell, Microsoft, Sun, etc.
Integrate: tools that help to link, move or synchronzie identity information across domain boundaries.
Vendors in this space include: Radiant Logic (virtual directory), Oracle (through its purhcase of OctetString), Maxware, Ping Identity, Symlabs, Sxip Identity, Microsoft (Active Directory Federation Services and InfoCard), a host of identity management vendors through their federation offerings (IBM, Novell, Sun, CA, RSA), the Eclipse project Higgins, as well as a bunch of "grassroots" identity work around the concept of "user-centric identity" (LID, OpenID, SXIP, DIX, YADIS, Passel, Pass.net, etc.).
Control: granting authorization and access to resources, as well as presenting the resources in a personalize or localized way.
Vendors include: Liquid Machines, Microsoft's Enterprise Rights Management server (RMS), Trusted Network Technologies, Quova, Layer 7, IBM (through Reactivity), Cisco, Juniper Networks, a host of web access control technologies (Oracle, CA, Novell, IBM, Sun), Applied Identity, AEP networks, and Caymas solutions.
Analyze: the analytics, auditing and business intelligence that provides compliance and real-time policy enforcement.
Vendors include: Prodigen, ID Analytics, IBM (through SRD research), Sun and EpicTide.
Layering vendors on to the industry map begins to lay out a universe that is both broad and deep -- one that is expanding (via venture capital and company conversions to the identity industry) and growing rapidly. Just this week, Dan Farber highlighted how Symantec is moving into the identity space. Bottom line: the identity universe is composed of much more than single sign on and some enterprise vendors. Understanding how the categories of the map and the associated vendors apply to solving a given business use case gives a concrete example of the application of the layers of the identity industry map. But that is for another day...