At its Tech-Ed for Professionals summit, being held in Florida this week,
Microsoft unveiled the first public beta version of Identity Lifecycle Manager
2.
This product will handle the entire identity life cycle, from provisioning
new users to deployment to termination.
It provides a much-needed solution in the Microsoft (NASDAQ:MSFT) space in
enterprises, but whether or not it’s acceptable by enterprises remains to be
seen, because it will enable end users to manage their own identities, which
raises security issues.
ILM 2, the codename for the successor to ILM 2007, will
“deliver integrated identity management systems across heterogeneous systems
and multiple audiences,” Douglas Leland, general manager, Microsoft’s identity
and access business group, told InternetNews.com.
It will have a “powerful set of self-service capabilities for the end user
and a suite of rich administrative tools and enhanced automation for IT
professionals,” Leland added.
ILM2 will also have automated portals based on .NET frameworks and
application programming interfaces (APIs) (define).
The APIs will be based on Web Services
standards
Being user-centric is “significant for Microsoft,” Leland said. The goal is
to put users in control of the management of their identities and access
privileges using Microsoft Windows and Office, “providing a consistent and
familiar interface in a privacy-friendly way,” he added.
There will be no problem with supporting Windows XP, “because we support
down-level as well” but “obviously you will get significant benefits as you
move to Vista,” Leland said.
The user-centric approach puts Microsoft in the lead because “the state of
the art is not providing meaningful tools for end users to manage their own
profiles and entitlements,” Leland said.
That’s a point Bilhar Mann, CA’s senior vice president of security
management, takes issue with.
“They say that, in listening to customers, they’ve identified a major flaw
with other identity management products, in that users don’t have self service
capabilities,” Mann told InternetNews.com.
“That’s not correct; we delegate the managing of identity and passwords to
end users, and this feature’s in our shipping product now.”
Microsoft’s user-centric approach worries Kevin Kampmann, a senior analyst
at The Burton Group. “The concept is interesting, but there are still issues
around interoperability and putting mechanisms in place that make it viable,”
he told InternetNews.com.
“Does the user want to do this?” he added. “And there’s a whole issue of
trust on the enterprise side that needs to be dealt with.”
CA has got that angle covered: Earlier this week, it unveiled
Security Compliance Manager and a slew of other products with identity
management features.
Security Compliance Manager lets managers certify and attest to the access
rights a user has. “A user can ask for access rights, but can’t get them
without certification or approval by a manager,” Mann said. “It’s just like
when an executive asks for a corporate credit card, there’s no way he’ll get it
without a manager’s approval.”
CA’s identity management products also control access based on a user’s role
in the corporation. For example, finance department staff won’t be able to get
access to engineering applications and vice versa. “There’s control at the
outset and there’s also a control chain,” Mann said.
ILM2 will let enterprises manage multiple credential types — passwords,
identity certificates, smart cards and
one time password devices, which will “provide significant cost savings and
advantages in terms of security because you get an end to end view,” Leland
said.
ILM2 also provides a policy management infrastructure. This will use
Microsoft
Active Directory as its repository and is based on the Windows Workflow
Foundation.
It provides a user interface for creating workflows and policies. This lets
users “select, drag, drop and create sophisticated workflows and policies
through portals,” and allows policies to manage both Windows and non-Windows
environments, Leland said.
The public beta of ILM2 shows that Microsoft is “getting serious about
identity management in terms of the ability to provide a consistent management
framework for identity information,” Burton Group’s Kampmann said.
Next page: Leveraging Microsoft solutions
Leveraging Microsoft solutions
While there are “a number of large identity vendors in this space” like
Oracle, IBM, CA and Sun, “the opportunity for Microsoft is to put together a
consistent suite of services around its own domain that the enterprise can
leverage for managing Microsoft solutions,” he explained.
That’s been needed “for some time” and ILM2 not only consolidates
Microsoft’s own space but gives it the chance to extend to other areas and
coordinate its activity with partners, according to Kampmann.
Enterprise identity management players such as Sun, IBM, Oracle, Novell
and CA, which just announced some identity management products,
have good products but the Microsoft space “does have nuances that require
special attention” and Microsoft’s partners “recognize that taking care of
Microsoft does give you specific benefits, Kampmann said.
One of those partners is Omada, a Microsoft solution provider for advanced
role-based access control and compliance.
At Tech-Ed for Professionals, Omada unveiled the enhanced Omada Compliance
Reporting Center Module beta 3, which builds on top of ILM2. One of eight
modules in the Omada Identity Manager Solution, this makes security audits
easier, faster and less expensive while improving the quality of compliance
reporting, according to Omada.
The Omada Identity Manager integrates with ILM, Microsoft Active Directory
and ERP (define)
systems from SAP.
Omada “provides a management solution that leverages Microsoft technologies
and understands how to tie them back into the business process,” Kampmann
said.
Users will be able to host ILM2 on premise or access it in the cloud as a
service, and Leland said it will be available in both the physical and virtual
environments.
The back story
ILM2 is Microsoft’s umpteenth kick at the identity and access management
can.
Back in July 2003, it unveiled Microsoft Identity Integration Server (MIIS)
2003, which was a revamped version of its Meta Directory Product, and unveiled
its Identity and Access Management Solution Accelerator.
The latter was a set of guidelines created jointly with
PricewaterhouseCoopers to help enterprises build and test identity management
infrastructures.
Microsoft also entered partnerships with security infrastructure specialists
and independent software vendors Oblix, now owned by Oracle, and OpenNetworks
Technologies, acquired by BMC Software.
At the RSA Conference 2007, Microsoft outlined a roadmap for identity
lifecycle management that would combine metadirectory, user provisioning and
certificate management capabilities into one solution — ILM 2007 — that would
be built on the capabilities in MIIS 2003 and Microsoft Certificate Lifecycle
Manager.
The public beta of ILM2, beta 3, is late, having originally been scheduled
to ship in February 2008 at the RSA Conference 2008, held in San Francisco.
A release candidate of ILM2 will be issued in the fourth quarter, and ILM2
will be released to manufacturing, which means burned on CDs and packaged, in
the first quarter of 2009, according to Leland.
Article courtesy of
InternetNews.com
