Wednesday, April 30, 2008

European Identity Conference 2008 Summary

Dave Kearns has a summary of the European Identity Conference that I just came back from. Take a look at it when you get a chance. I have a bunch of things to blog about regarding the conference but the one thing I wanted to get out right now was to echo Dave's comments:

Go to this conference - if you can - next year.

I have to say that this was an awesome conference. What I really liked about it was there was a really good mix of end-user/company, analyst and vendor participation.

Thanks for putting on a great show, Martin (and team). My only feedback is that as an exhibitor, I sure hope we don't go back to that facility as it leaves a lot to be desired.

I did an interview with Anika Kehrer from Linux Magazine while I was over there. The article is in German but the video is all English (Canadian version).

Technorati Tags:
, , ,

Tuesday, April 22, 2008

European Identity Conference 2008

I took a bunch of pictures of the awards ceremony tonight. Just click on any picture in the slideshow above to see the complete album. Kim Cameron from Microsoft won two awards! I'll add to this album as the conference progresses. My apologies to those folks who I didn't get company or personal names to go with their pictures.

Tomorrow is the panel session on "Virtual Directories and Beyond" which I'll be participating along with Martin Kuppinger (Kuppinger Cole + Partner), Dale Olds (Novell), Sampo Kellomäki (Symlabs), Michel Prompt (Radiant Logic) and Dave Kearns (Network World). It should be fun!

Technorati Tags:
, , ,

Spongebob Schwammkopf and Identity Management

I arrived in Munich last night and all that was on was 29 channels of Deutsche TV. The only thing I could follow was Spongebob Schwammkopf (Spongebob Squarepants). Anyway, all that's behind me now that the 2nd European Identity Management conference kicked off this morning. The keynotes are still to come (in about 20 minutes) but I did sit through Martin Kuppinger's pre-conference session "Identity Management - The Next Step".

Good session, Martin! I'm looking forward to the rest of the conference and meeting lots of customers over the next few days. Big turnout for the exposition hall, too. Quest Software is represented but so are all of the other "usual suspects" and a number of companies I've never heard of before - I'll be checking them out, too.

Technorati Tags:

Monday, April 21, 2008

Context in Identity

Dave Kearns mentions one of the panel sessions that I'm participating in at the 2nd European Identity Management conference in Munich. It's called "Context in Identity". I'm looking forward to it!!!
If you are here in Munich, be sure to come by our three hour long session Wednesday afternoon on Context in Identity, as well as my opening “Putting Identity in Context” talk that morning. But just in the last couple of weeks the “aha” guy of this conference, Kuppinger-Cole’s Joerg Resch, has put together a dynamite panel for Thursday morning – I’ll be moderating while host Martin Kuppinger, Quest VP Jackson Shaw (ex-Microsoft), Symlabs co-founder Sampo Kellomaki, Radiant Logic CEO Michel Prompt and the Bandit Project’s (and Novell’s) Dale Olds talk about “Virtual Directories and Beyond.” Each of the participants have been deeply involved in virtual directory technology – Sampo and Michel created their companies’ virtual directory products, Jackson was formerly VP at Zoomit who’s VIA product became the Microsoft Metadirectory Service, and Dale has worked on both Novell’s virtual directory as well as the Bandit Project. Martin and I simply like to talk about virtual directories!
Technorati Tags:

Friday, April 18, 2008

ADAM - Active Directory Application Mode

Joe Richards had a couple of interesting posts about ADAM over at his blog.

The first one was about ADAM 2008 on Vista:

"The MSFT DS Dev team needs our help. They need use cases for ADAM 2008 on Vista as well as future client OSes to push for an install that works on Vista and future client OSes. Apparently they want to do it and my response of "what are you kidding me, how come I can’t load it right now?" wasn’t good enough, they need help getting it justified and so if you have any use cases other than for developers… Let me know and I will pass it on."

The Microsoft DS Dev team? How about a Microsoft DS Product Manager telling the dev team to do it? Jeepers. Here's my rationale:

1. Make it as easy as possible for a developer to develop. Or, to put it another way: "What, are you kidding? I need a Windows Server to develop for ADAM?!"

2. Make Active Directory viral by making it as easy as possible for someone to deploy it. Deploying ADAM on Vista is easy. Deploying ADAM on a server is more difficult. My main point is remove all possible blockers to deployment. Sure, the customer or developer may decide that Vista performance isn't spectacular but get them hooked and then let them upgrade. Or, to put it another way: "Wow, I can install ADAM and try it out without asking the bozos in the IT department for permission?"

Joe's second post was on ADAM vs ADLDS:

Sorry MSFT Marketing, I will not call ADAM by the new name you want to give it, ADLDS, no matter how much you want me to….

I also will not call AD, ADDS….

No kidding. I agree totally. This is what happens when the Microsoft "Branding Police" get involved.

Technorati Tags:
, ,

Thursday, April 17, 2008

Smoke & Mirrors = Lawsuit

This one liner caught my attention:

Waste Management claims SAP showed it "fake, mock-up simulations" of software in order to snag a contract to rehaul its revenue management system.

Waste Management claims it was a ruse, starting in 2005 with demonstrations in both the U.S. and Germany, involving high-level SAP executives such as SAP Americas President Bill McDermott and former president of technology, Shai Agassi, of what SAP said was mature, industry standard software for the waste industry that did not require customization. Waste Management claimed it later learned the demos were of "fake , mock-up simulations" of software with "false functionality."

Is the concept of honor being eroded in our industry or has it always been somewhat tattered? The example above is a stark example of a software company (allegedly) going too far.

Unfortunately, this is all to often something I hear from customers. Here's a recent personal example from my travels for Quest Software:

We were in a pitched battle to win a particular bank's business. A competitor was involved and was fighting just as hard for the business. In the end, we won the business. The bank called us to tell us we won the business just after they told our competitor that they lost. The bank told us that when they informed our competitor that they lost and began to tell them why that the sales rep was rude and hung up.

I believe that a company's executives and culture set the tone for how graceful a company can be in situations like this. The competitor in our case is headed by an idiot with the morals of a weasel and it permeates their organization - case in point above.

I hate to lose business to a competitor but for me it's an opportunity to try to improve our software or our sales process. It's definitely not the customer's fault.

Semel malus, semper malus. (For that that did not have Fr. O'Keefe for Latin here's the translation: Once bad, always bad.)

Technorati Tags:

RSA - Exclusive Insights from Security Solutions Leaders

If you have a favorite security vendor you may want to check out these podcasts from RSA that the Information Security Media Group recorded while at RSA:

Information Security Media Group recently attended the RSA Conference 2008, the premier information security conference showcasing over 300 of the top vendors in the information security technology space. The following audio is a selection of recordings taken on the expo floor where industry-leading vendors addressing all aspects of information security presented their products and services to attendees. Vendor solutions ranged from application security, encryption, multi-factor authentication, biometrics, ID and access management, compliance management, database security, email and messaging security, and many, many other solution categories.

My podcast interview with them is also available here. There are probably over 75 different vendors represented.

Technorati Tags:
, ,

Wednesday, April 16, 2008

Are you going to the 2nd European Identity Conference?

I am! This event is being put on by the good people of Kuppinger-Cole and takes place April 22-25 in Munich, Germany. There a great line up of speakers including yours truly. The theme of the conference is "Thought Leadership & Best Practices in Identity Management". I have to say that there are a lot of thought leaders attending including...
  • My old friend and colleague Kim Cameron from Microsoft
  • Doc Searls editor of the Linux Journal and a Harvard Fellow
  • Dave Kearns from Network World
  • Andre Durand from Ping Identity
  • Dale Olds from Novell
  • ...and what looks like lots of customers including France Telecom, HypoVereinsbank, ING Bank, Volkswagen and many more

It's shaping up to be an awesome conference. I hope to see you there!!!

Technorati Tags:
, ,

Tuesday, April 15, 2008

Are you going to the SSO Summit?

If you don't know about the SSO Summit then check it out here:

Quest Software is a sponsor of the show. It's being held in Keystone, Colorado on July 23-25. Ping Identity is the catalyst behind making the show happen.

See you there???

Technorati Tags:

Monday, April 14, 2008

Active Directory is the incumbent

Yes, Jeff Bohren is a convert. His post "The elephant in the room" hit home for me. Active Directory is the incumbent directory out there and as such needs to figure very centrally in any future "meta-directory" world. It's about time we, as an industry, gave it up for Microsoft.

Despite all of its flaws, Active Directory is the king. Jeff's advice is exactly what I have been preaching for a long time now:

I know this isn’t pleasant to hear, but AD is the incumbent. It’s nearly everywhere. It’s scalable to millions of users. The LDAP protocol is efficient and mature. It’s supported by countless applications. Before a customer considers displacing or adding another identity layer on top of AD they are going to need real cost savings or additional capabilities and order of magnitude over what they have now.

Let's all get with the program.

Technorati Tags:
, ,

Friday, April 11, 2008

Mr. LDAP at Microsoft now

A month or so ago I was presenting to a group of identity and access management folks over at Microsoft and one of the folks who attended the meeting was none other than Mark Wahl. I first met Mark back in my Zoomit days. I believe, at the time, Mark was with Innosoft which was later acquired by Sun. I'm proud of having my name attached to a few patents but Mark has his name attached to a number of RFCs related to LDAP: 2253, 2247 and let's not forget 2251 - the LDAP V3 RFC!

I have to admit I was surprised to see Mark at Microsoft (he's pictured above, on the right). He told me he had joined around Thanksgiving and he was working on protocols as part of the identity team. Of course, when I heard that my immediate question was:

So you're the guy I can talk to about when and how Microsoft is going to support XACML?

Unfortunately, Mark wasn't able to give me a clear answer to that question. Anyway, it's good to see a standards person at Microsoft. I hope you get to make an impact, Mark.

Technorati Tags:
, ,

Thursday, April 10, 2008

Upon my final deprovisioning...

With all the Olympic torches passing through San Francisco, advanced cryptography going on here at RSA, code flying around everywhere, XACML interoperability explosions and cooled RAM attacks there is considerable worry and concern about the collateral damage to us civilians who are attending the expo.

RSA has taken that into consideration and joined the green movement as seen in the photo here. While I appreciate their efforts I'm not too sure who will deposit my badge holder and lanyard if I do make my final departure while on the show floor.

Perhaps there's an identity management vendor out there that can take care of this problem for me? Which vendors take care of final deprovisionings?
Posted by Picasa

Technorati Tags:

Excuse me, but is that liquid nitrogen in your pocket or are you just happy to see me?

Posted by Picasa

I'm at RSA and one of the things I'm doing is visiting various booths, talking to customers, etc. I'll be posting about a number of things over the next few days but when I saw this I started to laugh...

The background for this is the "cooled RAM attack" which you may have read about:

The new attacks exploit the fact that information stored in a computer’s temporary working memory, or RAM, does not disappear immediately when a computer is shut off or when the memory chip is taken from the machine, as is commonly thought. Under normal circumstances, the data gradually decays over a period of several seconds to a minute. The process can be slowed considerably using simple techniques to cool the chips to low temperatures.

Fortunately, the folks from SecureDoc and Seagate have solved this problem through software. I solved it without spending a nickel with the additional benefit of increasing both my physical fitness and cardiovascular system:

If I happen to see someone coming at me (or my laptop), towing a vat of liquid nitrogen I run away, quickly.

If there was an award for the stupidest marketing campaign I'd nominate this one.

Technorati Tags:

Wednesday, April 09, 2008

Hitachi buys majority of M-Tech

Update: I'm at RSA and managed to bump into Idan Shoham who is M-Tech's CTO. He confirmed that he already likes sushi and that he was flying to Tokyo at the end of the week. All is well from his perspective.

Consolidation continues!!! Just forwarded to me from one our guys in our APAC division. Original article is on "ARN".

Looking to expand its line of identity management products, Hitachi has bought a majority ownership interest in M-Tech Information Technology, a vendor of password management software.

Hitachi already sells authentication products that identify the patterns of the veins in a person's finger to confirm the user's identity. The company expects that the M-Tech products will help expand this product line by giving the company new software to help manage functions on the back end.

So, what does this mean? Bye-bye M-Tech. My friends up in Calgary are going to be busy integrating with Hitachi's "finger-vein authentication system" which, according to the article, "is used by about 80 percent of the Japanese financial institutions". I hope you guys like sushi.

If I were an M-Tech customer I'd be worried. Also, why buy a majority of M-Tech but not all of it?? That seems weird but I'm no financial rocket scientist.

Unfortunately, I don't associate Hitachi with identity management. Maybe this is a big area for Hitachi in Japan but what about the rest of the world?

Technorati Tags:

Tuesday, April 01, 2008

Windows Server 2008 Launch in Seattle

I had the opportunity to speak at the Windows Server 2008 launch today here in Seattle. Ted Kummert who is the Corporate Vice-President for the data and storage group was the executive speaker for the keynote. I was asked to speak about the products that Quest Software has that support Windows Server 2008, SQL Server 2008 and about our partnership with Microsoft.

It all went off without a hitch but guess which technology I spoke most highly of...

Active Directory?? Nope.

Identity Management?? Nope.

SQL Server?? Nope.


I really do believe that PowerShell is revolutionary compared to everything else that's "new" in Windows Server 2008. If you haven't checked out our free PowerShell GUI and cmdlets then now is the time:

Technorati Tags:
, , , ,