Friday, September 12

DIDW 2008

I saw, heard, and did a lot of interesting things this week at DIDW in Anaheim.

First, thank you Ping Identity for a good mid-week party at the HoB. (We should all publicly thank Ping and give them reason to continue hosting such events.)

We had a bloggers meet-up, though you won't hear too many others talk about that (maybe Ash). I did get to meet a number of folks who I've only previously met online. And I had many good conversations.

I heard more about the consulting (and other) capabilities of companies like Identropy, CoreBlox, and Optimal IdM – all worth a conversation if you need some Identity consulting help. And each has unique strengths. I wonder if you would all benefit from some kind of cooperative network rather than having the perception of competition. I'll have to think about that.

We gave away a lot of sticky eye balls. One became known as the eye in the sky.

I learned about important things like:
And heard a lot of interesting discussions and tidbits, including:
  • The US Treasury Dept transfers more than $1 Billion each day via PKI
  • There seems to be consensus that enterprises will be affected by market forces on consumer identity and Web 2.0. ...perhaps TPS reports will be replaced by Twitter.
  • Searching on "Identity Management" has declined throughout 2006, 2007, and 2008. My own research reveals that searching on "Microsoft", "Oracle" and "Active Directory" have all declined at a similar rate. So, it may mean nothing.
  • One interesting case for synchronization vs. virtualization: If you front-end data that you don't own (and therefore can't control), you should replicate data and sync rather than using a totally virtual approach. It sounded like someone learned that the hard way.
  • Not all Virtual Directories are created equal. I heard a panelist ask vendors for a feature that I know exists in at least two Virtual Directory products.
  • Virtual Directories might be able to fill a gap in the real-time link between physical and logical security (grant access only when employee is swiped in).
On the flight back, a crazy thing happened. I heard a horrible scream outside the window of the airplane and when I looked outside, I saw something that seemed to be flying past us at a close distance. I quickly grabbed my camera and got a shot of it. (OK - you probably had to be at DIDW to appreciate that.) If you weren't, use this short waste of your time as inspiration to go check out Symplified and see what they're doing with SaaS-based Web Access Management. Pretty cool stuff. Their model removes a lot of the pain that gave Identity Management a bad name in its early days. And no, that's not Che.

I guess that's it for my DIDW update. For now.


Matt Pollicove said...

Matt, I'm curious, what was the Virtual Directory feature that was asked about?

Matt Flynn said...

Hey Matt! They were looking for dynamic hierarchy. I took that to mean building out the OU structure on-the-fly based on attributes or query information. And my understanding is that at least two flavors of VDS have that capability.

Anonymous said...


I was the one who made the comment on the panel. I realize those features are available with virtual directory products today. But my comment was actually in the larger context of directory services in general. I feel there has been little innovation in recent years at the directory layer itself and we have been layering on technologies, such as virtual directories, to provide these sorts of features. The dynamic hierarchy was just one example of what I heard directory vendors talking about doing in the directory itself instead of with another separate product. I wasn't looking for a specific feature, per se, that was missing from one vendor's virtual directory product.
In my mind, the directory should be capable of all things - persistently storing data, virtualizing backend repositories as part of the LDAP tree, and synchronizing data with other systems. Right now, these all exist as separate technologies layered on top of each other. I really think the vendors should revisist the way their directory products are cobbled together and build an integrated solution. And also look for ways to innovate at the directory itself. Despite relational databases being 30 years old, the vendors are still innovating and delivering new features and services. When was the last time something really happened at the directory?


Matt Flynn said...

Vikas, thank you for joining the conversation! I appreciate the clarification. So, you'd like to see the directory vendors incorporate virtual-directory capabilities. Interesting. A while back, I thought some of the LDAP vendors were claiming to have a virtual directory and it turned out to be exactly that - some built-in virtual features. But, I don't have details on that. But you're right - good points!