Federation is about trust
A conversation today set me thinking (yet again) about why things are not getting better. Once again, I must ask why is it that the identity management situation does not seem to be improving much? In particular, surprisingly little seems to be happening in federated identity. Not because the standards needed to do it don't exist, or exist but don't work, but because they don't overcome the trust barrier. Why should a company trust another company's credentials? Or, at least, why should a company trust another company's credentials unless the both belong to a "gang"?
On January 24th, Sun threw down the gauntlet by releasing this video. I guess our new Auto-Connect™ feature got their attention. Yea, Auto-Connect IS good marketing, but it's also real, you can download it and see for yourself.
Now, to be honest, we didn't really know we were in an epic battle with Sun (we need to see them in competitive deals for this to be true), but we can't very well be the leader without a challenger, and we won't be challenged without a response.
So, in the spirit of having a bit of fun with Sun and ourselves, we prepared our response.
“…Mr. Kerviel (the fraudster) used the computer log-in and passwords of colleagues both in the trading unit and the technology section” to help cover his tracks.
The next time you talk about ROI to a potential customer also ask them about the cost of doing nothing. Might they be the next Société Générale?
Schema changes can actually be reversed, after all AD is based on LDAP. However, Microsoft prevents schema changes from being reversed.
Yes, how true and how silly. There are some architectural decisions that were made by some (now) Microsoft millionaires that never made sense to me. This is one of the biggies.
I've seen so many customers our there run into schema problems. Worse, you still find many customers out there that are just simply afraid to extend their schema. Either way, test your schema, read Microsoft's guidance on the topic and consider a product like "Recovery Manager for Active Directory Forest Edition" which can protect you from that potential career limiting mistake....one of our clients recently ran into a problem attempting to test the OCS schema update (yes, notice I used the word test). While performing the test, in a lab environment, the update failed with a conflicting LinkID error. After researching the issue, we found that another previous schema update (from a well known software vendor whose name I shall not mention) used a LinkID that was reserved for Microsoft (or maybe it was the other way around, we are still looking into this). In other words, I would even scrutinize schema updates that come from well known sources, this includes Microsoft.
Definitely a best practice - test your schema update even if it is from Microsoft before updating your production forest.
There has certainly been a groundswell at Microsoft to bring in new, fresh, young talent. That's been going on for some time now in the lower-mid level ranks. With BillG going I wonder if this is now starting at the top. I worked a bit with Rob and Charles while I was at MS - both very sharp and talented guys.
Well, sometimes change is good!
Technorati Tags:
Microsoft
Defender 5 deploys strong two-factor authentication controlled within Windows Active Directory to ensure that only authenticated users have access to protected resources. The Defender 5 also boasts administration for multiple token types, including hardware, software and Mobile SMS.
Public key encryption: This one will trickle in on the back of federal government initiatives, PKI-ready applications, and PKI-friendly Windows 2008. To ease PKI complexity, look for service provider offerings as well from firms like Chosen Security, RSA Security, and Verisign.
Federated identity: This, too, rides the Windows 2008 wave but I'm also hearing about service providers and large financial service vendors that have built "ready to federate" Web-based applications for their partners. Like PKI, federated identity has been overpromised in the past so don't expect it to garner major headlines. Nevertheless, federated identity will experience good growth under the radar all year. Aside from Microsoft, expect IBM, Oracle, and Sun to benefit as well.
