Sunday, December 31, 2006
After XMas iPod mania continues!
Saturday, December 30, 2006
Presenting to Win: The Art of Telling Your Story
I had the opportunity to take Jerry's 3-day intensive course on PowerPoint, public speaking and handling the press while I was at Microsoft. What an amazing course! At Microsoft it was common to hear someone say "you need to build a Jerry slide". All of us who took the course knew what that meant and it was easy for us (and still is) to see presentations that have been built by those that have taken his course and those that haven't.
I still regularly refer to Jerry's book "Presenting to Win". Jump on any opportunity you get to hear Jerry speak, present or attend his course.
Technorati Tags:
Jerry Weissman, PowerPoint, Power Presentations
Seattle storm damage...
We dropped by a friend's place this morning to see the storm damage to her home. My guess is that the tree that fell down was at least a hundred feet high and had about a 3.5 foot diameter trunk. She's out of the house for six months while they fix it up. Terrible. She's just one of many in the same boat.
Technorati Tags:
seattle
Dr. Forbin would be proud! Or would he?
Do you remember the movie Colossus - The Forbin Project? It probably dates me a bit but I thought of it when an energy customer that I was talking to started telling me how they are TCP/IP enabling their power meters. In one of my previous posts I discussed how I set up a wired LAN connection in my home by using "ethernet over powerline" technology. That same technology will enable the electric (and water and gas) utilities to retrofit their meters so they can talk to them.
Now, on the surface of things my immediate reaction was "cool!". I assumed that would mean that the utility could do things like:
- in real-time know when someone or an area actually lost power
- turn on or off someone's service without needing to send a truck out
- get a better view of consumption across their network
- run diagnostics and the like
Then I started to use Goggle to read up about this area and that's when I started to get worried. Some of the other benefits I have seen espoused on various websites include:
- enabling devices within the home to communicate with the utility meter
- enabling the utility to communicate with the meter to limit usage in certain situations like peak times or an emergency
- enabling the meter to communicate with the devices in the home to turn them off or lower usage
Apparently I am not the only one concerned about this because Homeland Security has a working group that studies our country's infrastructure and the concept of utility disruption by terrorists concerns them. I'm much more concerned about the teenage hacker around the corner or on the other side of the country figuring out how to turn off my home's power at a whim.
I couldn't find a single article or technical document out there that talked about the security of this technology. It's TCP/IP-based. Will it implement IPSec? How will the utility prevent the hacker from spoofing them or preventing man-in-the-middle attacks? Southern California Edison is in the process of implementing advanced metering infrastructure (AMI) for 4.6 million customers. I guess it's a good thing Enron isn't running the show down there anymore - I'd be really worried.
I also have a pile of just geek-boy type questions like:
- Does AMI use IPv6?
- Does AMI support multi-casting?
- What security does AMI implement? Who has tested and certified it?
- How will meters be "provisioned"?
- Can I "tap" my electrical outlet to watch my household devices talking to each other?
- Will other utilities be able to ride the wires?
Anyway, lots of questions and few answers that I could find. Let me know if you stumble across anything. This is an awesome project but I'm worried about the security of it and I have a bit of the Colossus syndrome: What happens when these devices start talking with each other??
I'm sorry Dave, but I had to reduce the power consumed by the refrigerator which is why your cold beer isn't really a cold beer...Please enjoy the football game on the radio tonight as the TV is not functioning because of current power demands across the state...
There will be no hot water today due to the cold weather in Ohio as we have diverted your home's (town's/city's/state's) gas supply. Please enjoy a hot shower tomorrow!
Technorati Tags:identity management, IPSec, advanced metering infrastructure
Friday, December 29, 2006
Las Vegas Customer Roundtable
We had a nice cross-section of customers include some from the healthcare, financial and energy industries. I’ve tried to capture some of my key takeaways below:
Don’t forget the mainframe identities
Each one of the customers reported that mainframe and midrange systems were still alive and well within their organizations. On the basis of the industries represented I was not surprised to hear this. However, each and every one of the customers talked about how these systems were still “islands unto themselves” when it came to identity management. There still was not enough integration of those systems within their existing identity management projects. It appears there’s a need to better integrate all of those RACF, ACF2 and TopSecret identities. Not just plain synchronization of those identities with other systems like Active Directory but alignment of password policies and integration of LDAP and Kerberos for single sign-on.
Federation underway or being looked at
Each of the customers stated they were looking at federation except for one who has already rolled out a federation project. No one mentioned using Active Directory Federation Services (ADFS) – everyone in the group has pretty much decided to go with a non-Microsoft implementation based on SAML. The customer that has already rolled out a federation project is using PingFederate to provide federation services to some of their key customers. So far, in the first nine months of their project they have had over 2.5 million “federated” transactions. Impressive!
Group Policy catching on
Each of the companies is starting to leverage group policy for more than the basic password strength policy. I probed around this a lot because I have always considered group policy to be the real value behind implementing Active Directory. Most of the customers attributed their new interest in group policy to the fact that they are either want to do more with AD or they don’t want to deploy SMS.
More questions than answers
Many of the attendees are confused about things like SOA (“it sure sounds great, but…?”), entitlement management and role mining. What are the benefits? Is role mining a soluable problem? When will software deliver these capabilities? Etc.
Clearly, there’s still a lot of work to be done in these areas.
The reality tour kicks off 2007 with customer roundtables in Paris (January) and San Francisco (February) along with the annual Quest Software sales kickoff event.
Technorati Tags:
Active Directory, Active Directory Federation Services, ADFS, Gartner, group policy, identity management, PING, Quest Software, SAML
SDM Software's new group policy product
Darren has not only included support for Vista in this product but he has also added some of the nice touches that I know AD administrators will really appreciate like: Group Policy processing time, slow link and loopback status, RSOP and group policy reports and exporting reports to PDF or Excel files.
Keep an eye on Darren’s site. He’s a smart guy and I know will be releasing more great products in 2007!
Technorati Tags:
Active Directory, group policy, SDM Software
Thursday, December 28, 2006
Interesting password research - Hyperpassworditis still rampant!
Quest Software recently commissioned a study on the use of passwords in London’s financial district. The study consisted of interviews of 200 city workers. The findings were pretty interesting…
City firms are contravening SANS Institute best practice guidelines for passwords.
- Half of respondents’ passwords are below recommended eight characters
- 84% of respondents make up their own passwords (not recommended)
- About a quarter of respondents use the same password for business/personal systems
- Nearly 50% of the respondents had passwords that were under 8 characters in length.
- 31% of respondents have told a co-worker their password
- 15% of respondents either never change their passwords or change their passwords only once a year or less often.
Some other interesting tidbits...
- 75% of respondents use multiple passwords for different applications during a typical work week
- 12% of respondents use 5 or more passwords in a typical work week
- Only 22% of the workers surveyed had to use more than a password to logon (i.e., smartcard or other such two-factor device).
Conclusion: End-users are still suffering from hyperpassworditis (i.e., too many passwords to remember); companies still have a long ways to go to improving their security and compliance posture; and, more education about this topic is still needed!
Technorati Tags:
identity management, Quest Software
Sunday, December 24, 2006
Zunes are on the shelf and I’m worried!
When Halo2 for the Xbox hit the company store I was in a line - before the store opened - that stretched fully around the building and people kept pouring onto the end of the line. Halo2 was hot. The store is usually the very last place to get newly released software. When Vista finally hits the shelves it might make it to the company store after a few months in the retail/consumer channel and when it does hit the store it will probably sell out immediately.
While I was in the store picking up XP for a friend I happened to see a display of Microsoft’s new Zune priced at $220 which is a small discount from retail. There were a few “Oh, there’s a Zune” type comments from the folks in the very long line but no one picked one up to buy.
So, that’s my worry?? Why are their Zunes on the shelf at the Microsoft company store?? If consumer demand for the Zune is heavy the last place it should be found is the company store. I’m still a Microsoft shareholder so with that hat on I’m worried. Remember the SPOT watch? Well, there’s a very dusty display of them over in a corner of the Microsoft company store. Will the Zune suffer the same fate? I sure hope not.
Technorati Tags:
Zune, Microsoft
Friday, December 22, 2006
Monitor ADAM using MOM 2005
The management pack provides proactive performance monitoring and real-time diagnostics for detecting, troubleshooting and rapid resolution of replication, performance, and availability problems in ADAM environments. There's also a graphical topology view of ADAM, and numerous rules to monitor the health of ADAM instances and the systems that host them.
The management pack enables administrators to quickly identify the root-cause of problems in ADAM, and promptly resolve them so if you have ADAM and MOM then get downloading!
Technorati Tags:
Active Directory, ADAM, Microsoft Operations Manager, MOM, Quest Software
Provisioning Oracle Access Using Quest’s ActiveRoles Server
Alex specifically uses ActiveRoles Server to add a number of benefits to his original solution:
1. Create virtual attributes and therefore avoid Active Directory schema extensions
2. Define dynamic groups in Active Directory, therefore avoiding the need to use another tool for group management
3. Defining dynamic groups based on multi-value attributes
4. Specification of input rules for custom attributes therefore avoiding potential human input errors
5. Rapidly create custom user interfaces to incorporate new functionality available through Active Directory
Two of Quest’s technical experts who contributed to this effort were Stuart Harrison and Noel Sidebotham – good job fellas – and thanks to Alex for putting the webcast together.
The webcast is nearly 40 minutes long so grab a coffee or a cocktail and enjoy!
Technorati Tags:
ActiveRoles Server, Microsoft, MIIS, Quest Software, identity management
Briefing Industry Analysts
The article is published in productmarketing.com which is "The Marketing Journal for Technology Product Managers" and is published by Pragmatic Marketing. The journal is free so if you want a subscription visit their web site and sign up.
Technorati Tags:
Gartner, Pragmatic Marketing, productmarketing.com
Thursday, December 21, 2006
You pooh-pooh? I pooh-pooh your pooh-pooh!
I recently attended Gartner’s first Identity Management show which was held in Las Vegas from Nov 29-Dec 1. I’m certainly no stranger to identity management and related shows like Burton Group’s excellent Catalyst conference, Digital ID World, RSA, etc. They each offer different perspectives and, I believe, cater to different audiences.
Quest Software was a sponsor of the Gartner show. In addition, we exhibited and had a hospitality suite. I also had the opportunity to speak. Now, I will be the first to admit that I only flew in for that day and left not long after my speaking session but I have two perspectives on the show that I wish to share in addition to the fact that it was very well attended for a first time event.
1. I spoke to and surveyed the staff who attended (sales, marketing and technical) and the Quest customers that we know who attended. The feedback was resoundingly positive. Customer feedback was very positive that the show was beneficial and meaningful to them. The Quest staff was totally over the top with the “quality” of the customers who came by to ask questions or see demos. I was specifically told that the customers were all decision makers (i.e., weren’t network administrators or junior staff). This is important to me because I need to justify to both myself and my management that our investment was appropriate. Finally, I use this type of feedback to stack rank my expenditure on this show versus my expenditure on shows like Catalyst, Digital ID World, etc.
2. My session was titled “Tenets of Identity Management” and was a non-Quest pitch that related my learning’s around identity management over the past 10+ years. It was well attended despite the fact that Microsoft was pitching their IDM strategy next door. Since my session was not a technical session I did not expect it to be well attended but I was surprised to see about 75 people in the room. Feedback from those that attended was very positive. In fact, as I got into my cab to take me to the airport my phone rang. A Quest sales person had just received a call from someone in my session who wanted to talk to us regarding our products and how they could help. Our staff on the show floor stated that numerous people who attended my session came by looking for me or commenting on how much they enjoyed it.
My conclusions from these observations are the following:
o For a first time show, attendance was ~850 people which is similar to what I’ve seen at Burton Group’s Catalyst show for their IDS track (identity management). This is impressive and means, in my mind, that they clearly have the power to draw attendees.
o The quality of the attendees (decision makers, senior IT staff) means that my marketing dollar is being spent wisely.
o The fact that Gartner drew this many attendees and corporate sponsors (Microsoft, Oracle, Novell, Quest, Sun, etc.) is good for all of us. More people will be educated about IDM and that, in turn, raises the water level in the pool for everyone.
o Based on the feedback from my session there was clearly a cross-section of the audience that was new to identity management. The Gartner show is the perfect show for those new to IDM to get their grounding and get some real feedback from Gartner analysts, other attendees and the exhibitors.
Let me state the great respect I have for Dave Kearns and Phil Becker (Digital ID World founder). I know both of them and have worked very closely with Dave since my Microsoft days. Dave also quotes blog comments by Nishant Kaushik, Oracle’s architect for identity management products. My commentary on Dave’s article, based on my experience above would be:
o Dave didn’t attend the Gartner show in Las Vegas so I’d invite him to attend the next Gartner identity management conference in London or Los Angeles and judge for himself.
o I agree that the technical identity management staff can get a lot from a combination of Burton’s Catalyst conference and Phil’s DIDW conference. However, thanks to compliance and other market influences, IDM is getting more airplay and more head time with other executives and senior staff in organizations (HR directors were at Gartner’s show!!). These people would be in very deep water if their first show they attended was Catalyst or DIDW.
o DIDW is a great conference but it just isn’t attended enough. That means that either the agenda or speakers don’t appeal or that DIDW isn’t effectively marketing their show. We don’t spend marketing dollars (i.e., exhibit) at DIDW for this simple reason. I will commit to attending the next DIDW conference though and re-visiting my previous conclusions.
o Nishant disagreed with some of the conclusions and statements made by Gartner’s Roberta Witty regarding user provisioning (UP). Nishant has every right to disagree with Roberta. I guess we’ll have to review Roberta’s prediction in 2010 – watch for the blog entry!
Nishant followed up his first blog post with another that directly states “the Gartner summit was a good primer on IAM”. That’s exactly my point! More specifically, the Gartner show is filling a big gap that existed: An industry recognized group (Gartner) providing education, information, sessions and user case studies on identity and access management. A show that is not super technical, a show that is not too bleeding edge and, most importantly has broad appeal and is well attended.
My hat is off to Gartner. The more people that attend Gartner’s show the better it is for me, Dave, Phil and Nishant. Let’s not forget that we are all educators in this space and there’s a place for teachers at all levels.
Technorati Tags:
Dave Kearns, Gartner, identity management, Quest Software
Wednesday, December 20, 2006
Putting the kabosh on the war drivers...
Anyway, a few months ago I was reconfiguring my network and in checking the DHCP leases I noticed a host name that I didn't recognize. And I noticed it again the next day. And the day after that. I just reconfigured my network so all the wireless and wired clients could "see" the new 1TB TeraStation NAS device I just installed to store all my digital pictures and my backups - horror of horrors, my new friend could do some real damage now if he wanted to.
So, off I went into Google-land to figure out how to solve the problem. I didn't want to run a cable downstairs since that would be too messy so I was faced with purchasing a new wireless bridge that supported WEP or WPA. While checking out Netgear's product page I came across the solution to my problem: a "Powerline Ethernet Adapter".
I plug one of these puppies in to the outlet by my router, run a cable from the router to it then plug the other one in to the power outlet by the device downstairs and run a cable into it and I have an instant "wired" ethernet connection. It's worked flawless since I installed it last month! The only hiccup came when I plugged the device into a surge protector - it doesn't work as apparently the surge protector filters out the ethernet goo.
About 15 minutes after successfully installing the Netgear stuff I had WPA2 turned on and all my wireless devices reconfigured. Awesome!
On Partners and Russian Samovar
I flew in to NYC to attend our partner holiday reception last night. It was quite the event. First, it was held in a private room at the trendy Blue Fin restaurant in the “W” Hotel on Broadway. Second, the food was an awesome combination of sushi, lobster rolls, Kobe beef and to-die-for sweets. Lastly, and most importantly, there was an open bar!
Quest has a pretty big push on to get more engaged with partners since the only way we are going to grow from a $0.5B to a $1B+ company is with the help of partners to which I couldn’t agree more. The room was packed the whole night. In addition to catching up various Quest muckity-mucks I managed to spend some time with folks from Avanade, CGS, Conchango, Double-Take, INS, Intrinsic, Evidian, PassLogix, SMA, Mycroft, Microsoft and many others.
It was interesting to hear from Intrinsic how much their migration to Active Directory business is taking off. It seems there are a lot of people who have decided to abandon the Novell ship in the north-east and are using Quest's NDS migration product. In addition, they're working more and more Microsoft SMS and MOM deals and, of course, that means most of those customers will eventually need Quest’s Management Extensions products – the products formerly known as Vintela (VMX and VSM).
We seem super engaged with Microsoft’s NYC office. I spoke to three people from their office including our partner account manager (Hi Susan!) and some of their pre-sales identity management folks.
It was awesome to see Liz Mann and many of her colleagues from Mycroft in attendance. I know we are going to do great things with Liz and Jonathan. Mycroft is so well connected – as we are – and have such a sterling reputation and a great practice in the identity management, infrastructure and migration space. We know the same people.
After the event shut down around 10:30PM we needed nightcaps and ended up at Russian Samovar. Their food specials were listed on the tables and consisted of an amazing choice of about two dozen different, home made flavored vodkas. I guess I wasn’t too surprised that at the RS vodka is considered food. There are big gallon containers along the back of the bar filled with vodka and whatever is flavoring it. There were three of us so we ordered by the carafe with no thought of the next morning. Anyway, in pretty short order we went through four carafes. If you are ever there I highly recommend the pineapple flavored vodka – it was truly awesome. Pineapple was followed by raspberry which was pretty good, lemon which was okay and finally apple-cinnamon which was indistinguishable from Jet-A fuel. There are others I’d like to try like cherry and some I’d really never like to try like horseradish. So if you ever have a hankering for flavored vodka head over to RS, and don't forget to order a chicken Kiev to share!
Technorati Tags:
Active Directory, identity management, Mycroft, Quest Software, Vintela, vodka
Nick Nichols returns to Novell
Nick, along with a number of other great Novell folks – like Brad Anderson, Greg Macris and Ed Anderson – left Novell during the rein of Jack Messman. Nick joined The Burton Group where he served as an analyst in their identity management practice for a number of years. Over that time I worked with Nick both when I was at Microsoft and at Quest. We talked a number of times about the possibility of returning to Novell but it always seemed to be a non-starter with Nick (and everyone else!) that he’d want to go back while Jack was at the helm. Well, Jack left, Nick got a call and the rest is history. Nick is now VP, Product Management at Novell and I wish him the best of luck.
I’ve always been a big believer in Novell’s strategy, vision and products. If there is a company that really and truly “gets” directory it is Novell. Novell’s identity management products currently generate about $100M in revenue annually. The other players in this business do not break out their IDM revenue but I am willing to bet everyone trails this number by a lot. A couple of reasons for their success are the fact that they do have a good product, an integrated product stack and they have been successful penetrating the SMB (small & medium business) market.
I’m looking forward to seeing Nick’s influence at Novell!
Technorati Tags:
identity management, Microsoft, Novell, Quest Software, Zoomit
Thursday, October 19, 2006
Got a sec for IPSec?
Has anyone out there been thinking about using IPSec? Or, maybe you are using IPSec? If so, I'd like to understand what for. Is it for server isolation? Is it for domain isolation? Is it for Active Directory domain controller isolation? If you are using it are you also using it for data integrity? In other words, are you using it to encrypt your network traffic?
Microsoft has a lot of good documents and information about IPSec that can be found here and here. Microsoft characterizes the benefits of IPSec as follows:
- Additional security. A logical isolation defense layer provides additional security for all managed computers on the network.
- Tighter control of who can access specific information. By using this solution, computers do not automatically gain access to all network resources simply by connecting to the network.
- Lower cost. This solution is typically far less expensive to implement than a physical isolation solution.
- An increase in the number of managed computers. If an organization's information is available only to managed computers, all devices will have to become managed systems to provide access to their users.
- Improved levels of protection against malware attacks. The isolation solution significantly restricts the ability of an untrusted computer to access trusted resources. For this reason, a malware attack from an untrusted computer will fail because the connection will not be allowed, even if the attacker obtains a valid user name and password.
- A mechanism to encrypt network data. Logical isolation makes it possible to require encryption of all network traffic among selected computers.
- Rapid emergency isolation. This solution provides a mechanism to quickly and efficiently isolate specific resources inside your network in the event of an attack.
- Improved auditing. This solution provides a way to log and audit network access by managed resources.
Sounds great, right? If so, how come more people aren't using it? Let me know what you think.
Technorati Tags:
Active Directory, identity management, IPSec, Quest Software
Wednesday, October 18, 2006
Halifax - Old, New, Hip!
The Quest office here in Halifax overlooks the harbor and has a truly incredible view. I'd love to spend a couple of weeks here in the summer! We cut out of the office a bit early to head out to Peggy's Cove which is a very famous tourist hot spot here. It's also where the memorial to Swissair Flight 111 is located. Click the picture below if you want to check out the pictures I took while we were there.
Halifax is an old town by North American standards. It was founded in 1749 by Edward Cornwallis and is been an important port city in Canada, North America and the World. So, I was wondering why - as I was walking around on the waterfront - that the buildings weren't old. If you've ever been to an old port city like Quebec City, Boston or Lower Manhattan you can see old buildings that are 200-300 years old. Well, a quick Google and I found out why: On December 6, 1917 two ships collided in Halifax harbour, one carrying about 2,600 tons of various explosives. After the collision the ship caught on fire, drifted into town and eventually exploded. More than 1,900 people were killed and much of downtown Halifax was destroyed. An evaluation of the explosion's force puts it at 2.9 kt. Hence, most of the buildings located on the harbour front and downtown aren't even 100 years old yet!
An interesting side note for Beantown friends: Boston responded with so much aid and compassion that to this day the City of Halifax sends the City of Boston a Christmas tree that is put up at Prudential Center. Maybe you've seen it?
I went to dinner on Tuesday night at Salty's which - of course - overlooks the harbour (no, I'm not spelling "harbor" incorrectly, that's how it's spelt up here in the Great White North!). Then, wondered over to the Halifax Casino and played Texas Hold'em to the wee hours.
The reason for my visit was to meet up with the R&D folks here in our office to get a preview of some of the new products that are coming out and make some decisions on packaging and pricing. I was pretty amazed at what we are working on in the areas of group policy, compliance and security. Next year we are going to release some awesome new products. Watch out for them! I'll probably blog more about them as we get closer to RTM - no need to give our competitors any advance notice, eh?! Oh, and kudos to the team here - they're doing a great job and definitely passionate about their work.
I'm off to Ottawa tomorrow morning to meet with folks in our offices there. Same story: review progress on product development, R&D and talk to the sales and marketing folks that are located there...
More soon.
Technorati Tags:
Active Directory, group policy, Halifax, Quest Software
Monday, October 16, 2006
Those lucky trout!
Off on another whirlwind part of the reality tour: Halifax, Ottawa, New York City and closing out this leg in San Jose. I'm going to do my best to try to meet up with McGraw-Hill while I am in NYC - they were quoted in my earlier post titled "The Truth about Federated Identity Management".
Enjoy the pics...
From Montana |
From Montana |
Friday, October 13, 2006
At least Ping is taking off
DENVER, CO – Oct. 11, 2006—Ping Identity Corporation, a provider of Internet-scale identity technology for enabling secure business collaboration, having just completed a record quarter in sales and new customer wins, today announced the completion of a $13 million Series C financing. Appian Ventures of Denver, Colorado led the round, with full participation from existing investors Draper Fisher Jurvetson, General Catalyst Partners, Fidelity Ventures, SAP Ventures and I-Vent.
Thursday, October 12, 2006
Ray, I never knew you but thanks...
#1 - I started a new job in 1989 at IDRC and my first task was to evaluate LAN technology from Novell, 3COM and Banyan and make a recommendation on what we should buy - we went with Banyan VINES - but that's when I first really started to get into what Novell was about. To this day Novell still gets directories and how a directory can be an enabling force. More so than any other vendor out there.
#2 - When I was with Zoomit in the mid-'90s we ported our Banyan VINES products over to Novell's UnixWare, sold three copies of our fledgling pre-cursor to our metadirectory product and promptly had the rug pulled out from under us when Novell sold off UnixWare. It was Craig Burton - a Ray Noorda disciple - who told us in 1997 that we had to build our metadirectory product (Zoomit VIA) on Microsoft. Of course, that ended up leading Microsoft to acquire us in 1999. Kim Cameron, my old friend and our VP, Technology at Zoomit is still an architect at Microsoft running the identity show and working hard on InfoCard/CardSpace.
#3 - When I left Microsoft in Feb, 2005 I joined a small company based in Utah called Vintela. They were backed by Canopy Ventures which Mr. Noorda founded. Vintela was acquired by Quest Software in July, 2005.
Even though I never met Mr. Noorda my life has been influenced by him.
Thanks, Ray.
Technorati Tags:
Banyan, Kim Cameron, Noorda, Novell, Quest Software, Vintela, Zoomit
The Truth About Federated Identity Management
Sarah Scalet wrote a great article in CSO Online about federated identity management that you can find here. She talks about why Aramark implemented federation and why it hasn't really gone anywhere past their initial internal implementation. She makes some great points - I especially like her comment about "history being littered with supposedly revolutionary communications methods that sputtered and failed from too few adopters".
There are still lots of problems and issues that folks need to think about before they kick one of these projects off. Sarah's article goes into a lot of these issues including the competitive standards that are out there (SAML and WS-Federation), security paranoia and the hunt for the Holy Grail of computing: single sign-on.
The story's not all doom and gloom since she also has written in some great overviews of what Aramark, Boeing, Fifth Third Bank, McGraw-Hill and others are doing. But, the moral of the story is to make sure you understand what you are getting into and the business benefits (and risks) of federated identity management.
The question I have is where are the early adopter programs for federation from IBM, Microsoft and the other players? Where are the compelling scenarios and their solutions that would get us excited to jump on the band wagon? Who is helping to get the pump primed? Where's the eco-system?!
I get the distinct feeling that B-2-B federation is going to be limited to very specific scenarios (i.e., manufacturers and their suppliers) where the big buyer calls the shots...
Technorati Tags:
federation, identity management, Microsoft, SAML
Speaking of reality...
Spent Tuesday in Denver where the weather was worse than Seattle and snow was threatened in the forecast. Have you ever been anywhere in the world on the first day that it snows after spring, summer and fall have finally slipped away? Well fortunately that didn't happen on Tuesday because if it did pandemonium would have ensued with all the folks who forget that 4-wheel drive doesn't make you invincible. Anyway, I digress. Tuesday was great. Started the day off meeting my old friend John Fontana at a great coffee shop called "The Garage". He and I go back to my days at Microsoft and is one of the few reporters out there who is technical enough to get it. John wrote a nice article about what we're up to. If you're interested you can find it here. From there, we drove up to visit with Penton Media in Loveland, CO. Penton publishes Windows IT Pro Magazine, SQL Server Magazine and a host of other great mags. I met with Karen Forster and her fine team of folks. Great crew, great visit, great lunch and a bunch of great story ideas I need to follow up with Karen on. Then it was off to the airport to fly to San Francisco.
Wednesday in San Francisco was beautiful. No snow showers in the forecast fortunately. First meeting was with Neil McAllister from InfoWorld. I'd never met Neil before but he's clearly a sharp guy and covering cool stuff around Open Source, Linux and infrastructure. We were then whisked over - by limo, of course - to Coupa Cafe in Palo Alto to meet another old friend, Dave Kearns who writes the Identity Management newsletter for Network World. Great coffee, free wireless and more Macs than I have ever seen in one spot at Coupa Cafe. Said bye to Dave and we were off to the airport homeward bound for Seattle...
Come on in, the water's fine!
I expect I'll make the usual spelling, HTML, legal, moral and whatever other mistakes everyone makes in the blogosphere so mea maxima culpa in advance. Oh ya, I promise I'll try to post fairly frequently in case anyone is actually reading my drivel. Speaking of drivel, what am I going to be blogging about anyway? Well, as the title states this will be pretty much about identity management, Active Directory and my travels around the world meeting with customers, partners and companies who are actually doing it.
I'm hoping to bring to you a bit of the reality of what's going on out there in these two important areas. I work for Quest Software and get the opportunity to travel the globe on their nickel to do this so why not expand my trip reports to include you too?
If you actually stumble across this please say "hi" so I know I'm not alone out here...