all contents © 2003 burton group. all rights reserved. identity management market update prepared...
TRANSCRIPT
All Contents © 2003 Burton Group. All rights reserved.
Identity Management Market UpdatePrepared for Cal State Universities
Mike Neuenschwander
senior analyst
www.burtongroup.comMonday, December 2nd 2003
2Identity Management Market Update
Executive summary
• IdM market is consolidating cross-functionally• Vendors are refining packaging and integration issues• Meanwhile, the need to move forward in building identity
infrastructure is urgent• Recommended approach:
• For product acquisition, rely on vendors that will be long-term, full-service providers of IdM or smaller vendors likely to be acquired by an acceptable vendor
• Focus on deploying foundational, mature, and interoperable technologies
• Wait for market convergence to solve some of the higher-level issues or treat the deployment of such technology as purely tactical
3
Directory
Identity Management Market Update
Overlap without integration causes consternation and cost
• Around 60 vendors in IdM
Meta-directory
Appliances
Access Management
Virtual Directory
Provisioning
Password ManagementAuthentication
4Identity Management Market Update
Market corrections underway
• A thousand flowers have bloomed; time for the bouquet• Lots of technology has sprung up to fill specific needs• Vendors have little room to expand without creating further overlap
• Economic realities are driving consolidation• Vendors looking for ways to accelerate growth, increase their share• Typically, this means creating integrated suites of IdM products• Vendors continually evaluating buy-vs-build evaluations
• But investors in target companies often don’t want to sell at today’s deflated valuations
• Results in a war of attrition, slower transition than merger and acquisitions
5Identity Management Market Update
Hooked on suites: Vendors pursuing multi-IdM strategies
Vendor Access ProvN Passwd Meta AuthN
IBM
Novell
Sun CA Microsoft Netegrity
Oblix
RSA Entrust
= Partner provided
6Identity Management Market Update
Consolidation denouement
• Who will have a seat when the music stops?• Platform and suite vendors will remain
• Microsoft, IBM, Novell, and Sun committed to IdM• BEA will cover some aspects of IdM• HP acquired part of Baltimore Technologies and will likely acquire other
IdM technology• A few independent companies will emerge as platform-neutral IdM
companies• Netegrity a strong possibility• Entrust, RSA are candidates with security emphasis• Novell may fit here rather than as a platform vendor• Oblix – has yet to go public or produce a broad IdM product line
• Other vendors will serve niche markets or exit the IdM market
7Identity Management Market Update
Consolidation: A technical view
• Two technical areas: operational and management
Directory
Meta-directory
Appliances
Access Management
Virtual Directory
Provisioning
Password ManagementAuthentication
Identity IntegrationAccess Management
8Identity Management Market Update
Defining access management
• Software that enables authentication, identification, and authorization for users in the context of a security domain
• Improves manageability and accountability• Operates a layer above the application, replacing ad-hoc, inconsistent
Web application authentication and access controls
9Identity Management Market Update
Market overview
Vendor Agent Proxy SAML XACML Liberty
BEA
CA
Entrust
HP (Baltimore)
IBM
Netegrity
Novell
Open Network
Oblix
RSA
Sun
10Identity Management Market Update
Access management in the context of the über-architecture
• Where to put the application policy?
Perimeter layer Control layer Resource layer
Application
Application server
Web access manager
Security appliance
Standards & protocols
Access layer
Web server / proxy
11Identity Management Market Update
Identity integration overview
• What is identity integration?• Technology that links and unifies identity information across a wide
range of applications
• Identity integration is the means, not the end • It’s the leavening that improves the success of other projects
App 1 App 2 App 3 App 4 App 5
Integrated sign-on and permissions
Common Profile
12Identity Management Market Update
Four types of identity integration activities
• Account management• Creation, deactivation, and removal• Enforce naming policies
• Data synchronization and maintenance of identity data• Ensure that attributes on an account are accurate and consistent with
other applications• Enterprise directory deployments
• Permissions and access maintenance• Group and role membership• Rules based on identity data
• Password management and synchronization• Definition of management vs. synchronization
13Choosing a Vendor
Several approaches and solutions today
• Feature overlap in products can be confusing• Causes redundant infrastructure for similar and related solutions
Activity
Product
Account Mgmt.
Data Synch
Permission Mgmt.
Password Mgmt.
Meta-Dir Provisioning Virtual Dir. Password
= Strong functionality = Partial functionality = No or Little functionality