I just got out of a session led by The Burton Group's Kevin Kampman who made the point that the Identity Management conversation is changing. It can no longer be about technology. It needs to be about business needs. Don't ask what is the tool? Ask what problem are you trying to solve?
During Q&A, somebody made the point that currently, Identity Management is often mandated by the security team who is implementing it as a way to enforce secure practices and restrict access where appropriate. The business owners may not always have the right to choose where they're comfortable with increased risk and where they're not. Valid point.
I think Kampman's point, though, is that in a larger sense, as the industry moves into the cloud and becomes further distributed, Identity tools will be more about enablement rather than restriction. Identity Enablement tools such as Federation solutions will enable conversations and transactions to take place that haven't been possible in past (and current) models. So, the conversation starts with a business team that is looking to expand its capabilities rather than with a technology team who might be focused on specific tool sets.
To me, it's a whole different mindset than traditional enterprise Identity Management. And therefore, it's an entirely different conversation (not just a re-focusing of the existing conversation.)
It will be an interesting decade for identity.