Tuesday, September 23, 2008

Oslo, Microsoft not Oslo, Norway

I've been to Oslo, Norway - and it's wonderful - but Oslo, Microsoft is definitely a place to get more familiar with. The front cover of the Sept 8/08 E-Week featured Microsoft's Oslo. Oslo is all about making it easier for developers to develop distributed applications which in today's parlance means Web-based and services oriented. I think the article was also interesting in describing how Microsoft's BizTalk Server is going to play a significant role "in the cloud".

There are other articles about the origins of Oslo and the "D" language that was (is?) being developed at Microsoft to support developing Oslo content. I'd recommend taking the time to read the articles. A significant part of the Microsoft Professional Developer Conference (PDC) is going to be dedicated to Oslo including a delivery of the first Community Technology Preview (CTP) for Oslo.

If you check the agenda for the PDC you'll see there are 26 sessions on "cloud services" in addition to 5 sessions on Oslo specifically compared to 14 on SQL Server, 8 on identity and only 5 on "Windows 7". Hmmm, I wonder where Microsoft is focusing?!

Technorati Tags:
, , ,

Monday, September 22, 2008

Netpro and Quest - Now the real work begins!


I mentioned in a post last week that a bunch of people from both Quest and NetPro were locked in a room in Aliso Viejo figuring out our go forward plans for both sets of products. I think we made awesome progress last week in at least determining which were the best products wherever there was overlap. Now the technical guys are going to figure out the finer details of what, if any, engineering work needs to take place to ensure there is no loss of functionality based on the preliminary discussions. We are pretty much still on target for announcing our roadmap plans on Oct 15.

Dave Kearns over at Network Computing recaped the acquisition in his story "Two Classy Organizations are Now One". He asks an interesting question:

What happens to NetPro's TurboCharge after its meger with Quest?

As usual, Dave poses a good question. We definitely discussed TurboCharge so I think it is safe to assume that we'll disclose our plans regarding it on Oct 15, too. I will go out on a limb and tell everyone that I went ahead and made the (easy) decision that we would continue with NetPro's MissionControl for Microsoft ILM product. MissionControl proactively troubleshoots and diagnoses issues with ILM servers, management agents, and connected databases along with providing auditing and reporting on critical configuration changes as they occur.

My compliments to everyone involved last week. We shared a lot of laughter during the meetings. Everyone is excited!

Technorati Tags:
, , , , , , , , , ,

Thursday, September 18, 2008

Adobe expands their SSO efforts

Today, we announced an expanded OEM agreement with Adobe Systems Incorporated to help organizations simplify their identity and access management needs. The agreement provides single sign-on to Adobe LiveCycle products in Java environments with Active Directory. Basically, with this capability, organizations can strengthen authentication and authorization for electronic forms, process management and document security.

The last sentence of the quote from Jonathan Herbach at Adobe really sums up Quest's strategy nicely:
Our customers need to know that they have more secure and compliant access to the documents we help them manage, and they want this access without the need to manage multiple identities and access roles across their heterogeneous environments," said Jonathan Herbach, product manager for LiveCycle Rights Management at Adobe. "With Quest's single sign-on technology included in the LiveCycle suite, we can offer our customers increased security without implementing more infrastructure."

Without implementing more infrastructure - aka, yet another directory service.

Technorati Tags:
, , , , ,

Tuesday, September 16, 2008

NetPro & Quest - Getting down to brass tacks

Friday we acquired NetPro. Monday we're all in a hotel meeting room trying to figure out our move forward plan. That's Mark Armstrong (NetPro's CTO) giving us a detailed review of NetControl which is the framework for NetPro's common console and tasks like workflow and approvals. Awesome stuff! Mark was joined by Rod Simmons (NetPro's Director of Product Management) and Heather Dunn (NetPro's Director of Product Marketing).

What our marching orders? Ensure that none of our joint customers are disadvantaged by the acquisition or our product plans moving forward.

Gil Kirkpatrick and Christine McDermott will be joining the fun on Wednesday for the rest of the week. Hopefully the oxygen in the room holds out.

Wish us luck!




Technorati Tags:
, , , , ,

Monday, September 15, 2008

Google, age and single sign-on

Kim Cameron and I were talking this weekend and he mentioned he was about to post regarding Google's recent single sign-on and SAML "faux pas". Kim does a fine job of pointing out the problem and providing references to the relevant material. However, there are a few lines that I thought were interesting and made me think a bit about Google from a different angle:

But the surprising fact is that the errors made are incredibly basic - you don’t need an automated protocol verification system to know which way the wind blows. The industry has known about exactly these problems for a long time now. Yet people keep making the same mistakes.

(snip)

But let’s face it. As an industry we shouldn’t be making the kinds of mistakes we made 15 or 20 years ago. There must be better processes in place. I hope we’ll get to the point where we are all using vetted software frameworks so this kind of do-it-yourself brain surgery doesn’t happen.

I've heard from a number of people who have either joined Google, been acquired by Google or interviewed at Google that they seem to place particular reverence on young, hip, styling, hot, recent graduates from name brand schools. Of course, this makes me think that they may not revere the more mature, industry (and customer) schooled professional who has been around the block more than once. Could Google's predilection for those who have just emerged from the fountain of youth have contributed to this SSO "disaster"? Obviously, I don't know if it is a contributing factor or not but I do wonder.

But, if Google is looking for someone more mature, who has been described as beautiful by many, is gregarious and outgoing, then look no farther and click here.

Technorati Tags:
, , , ,

Friday, September 12, 2008

Quest acquires NetPro Computing

Yes, we did. Today. A pretty amazing event if you ask me. See the press release here.

When I was at Microsoft I got the opportunity to work closely with Kevin Hickey, Gil Kirkpatrick, Christine McDermott and many others from NetPro. I'm looking forward to working with them as fellow Questies now. Welcome aboard, guys!

Maybe I'll finally get to speak at "The Experts Conference"? Yah, I know, but even I have to have a dream, a goal, something to aspire to...



Technorati Tags:
, , , , ,

Friday, September 05, 2008

September 5, 2008 - Links and Commentary

I'll be at DIDW 2008 next week!
Blogging live, of course. I hope I see you there!

Fire and Motion Strategy
I love this article - a simple and succinct strategy.

How Microsoft IT Manages its Active Directory Schema
A webcast and detailed document on how Microsoft does this.

The Laws of Identity - Pamela Style
Pam did a great job on a "less internerdy version of the Laws of Identity".

Looking for a change? Quest has IDM related job openings:
At our Lindon, Utah office which primarily focuses on our Vintela products, authentication, authorization and Java. Click here.

At our Somerset, UK office which primarily focuses on our security products. Click here.

Upcoming events I'm attending or speaking at:
Digital ID World 2008, US
I'll be attending this conference being held September 8-10 in Anaheim, CA. I hope to sit in on some great sessions and meet up with various identity management cognoscenti. Will you be there?

Digital ID World 2008, Europe

Quest is sponsoring this event in Hamburg from Oct 7-8. I'll be speaking so I do hope to see you there!

Burton Group Catalyst Conference Europe, Prague
It's been a few years since I've attended a Catalyst Europe event - I think my last one was the 2004 event in Monaco. This one is in Prague from Oct 20-23! Quest is also sponsoring this one.

Gartner Identity and Access Management Summit
This is a (the?) key identity management event. It's being held in Orlando, Florida from November 10-12, 2008. Mickey Mouse will be there, will you?

Technorati Tags:
, ,

Thursday, September 04, 2008

Death of passwords? Not quite yet!

On Valentine's Day 2006 Bill Gates talked about the need to move away from passwords:

"I don't pretend that we are going to move away from passwords overnight, but over three or four years, for corporate systems, this change can and should happen,"

So we are about 2.5 years after that speech by Bill and 52% of enterprises still only require passwords to access critical data. That's one of the many data points that came up in a recent Aberdeen study that we underwrote regarding strong authentication. Some of the other interesting statistics include:

Other key findings of the Aberdeen benchmark study include:
  • 88% of enterprise users have multiple work-related passwords, averaging between five and six
  • 64% of organizations do not even require users to change their passwords
  • 45% of organizations allow standard dictionary terms (like “password”)
  • 29% of organizations have no requirements for password length
I wish I had a comparable study from a few years ago so I could answer questions like: Have we improved our security related to password and strong authentication and how?

Do you think we have improved much since Bill's RSA keynote speech? I'm not feeling all warm, cozy and secure...

Technorati Tags:
, , , , , , , ,

Tuesday, September 02, 2008

User-centric or Identity-centric or both?


Dave Kearns penned an article on the difference between user-centric and enterprise-centric identity. He right-brained a post by Kim discussing user-centric identity and a recent post by mine talking about identity consolidation and came up with this:
Enterprise-centric identity management is really all about tying together all the activities and attributes of a single entity into a readily accessible (and reportable and auditable) form. User-centric identity is about keeping various parts of your online life totally separated so that they aren’t accessible and no report can be drawn.

Kim is our identity crusader. Me? I work for the Ministry of Information...

P.S. I think the answer is that we need both.

Technorati Tags:
, ,