Identity management is a sore spot for enterprises attempting to extend the reach of their applications to customers, partners and suppliers. Enterprise security and the ability to personalize applications both demand robust identity management, and the difficulty is compounded when users are external. Composite applications, made up of services sometimes originating from both inside and outside the enterprise, add more complexity. Recent product releases from Oracle and IBM — Oracle Identity Management and Tivoli Identity Manager, respectively—seem at first glance to offer solutions. Today, however, there's no single company that offers a comprehensive suite.
"There are so many facets of identity management," says Burton Group practice manager and senior consultant Kevin Kampman. "There's access management, authentication, portal management, user management, administration and workflow, provisioning, password management and directory services — to name a few."
Although vendors may heed customer pressure to expand their identity management offerings by allying with or buying complementary products, they're still motivated to promote their own original tools and platforms. "They don't want to sell identity and access management so much as parts of an infrastructure," warns Gartner Group VP of information security strategy research Ray Wagner.
Kampman predicts it will take up to 18 months before any vendor has a comprehensive identity management solution. "Seamless interoperability will require a change in mindset for those vendors with OS and hardware agendas."