- Moderator: Phil Becker, Editor, Digital ID World
- Rick Caccia, Director & Product Mgr, Oblix
- Brian Anderson, Program Director, IBM Tivoli
- Andy Eliopoulos, Director, Business Mgt. Network Identity, Sun
- Kurt Johnson, VP Business Development, Courion
The number of applications that IT shops are supporting and the number of connections to partner systems is going up, not going down. Companies that can put the right people through the right resources, with the right resources are the companies that succeed. Identity has moved beyond can I come in, to the questions of where can I go and what can I do.
Measure the right thing or it will bite you: internal help desks sometimes fight against identity management solutions because they're measured on how many calls they take and how long they spend on the calls. If you introduce a password self-service reset system and calls to the help desk go down, help desks that are measured on the wrong things will be punished and consequently give pushback.
IT needs to remember that telling management what a technology does isn't the same as telling business why they need the technology. The example given in the panel is meta-directories. Explaining what a meta-directory does isn't the same as describing the business problems that it solves.
One of the problems with identity projects is that they requires some degree of centralized coordination. That means that its not a business unit decision, but an enterprise decision. This raises questions of governance and politics that haven't been part of the equation before.
The problem with this panel is that Phil is asking CIO-type question of a group of vendors and they're falling all over their tongues trying to come up with smart sounding answers. Phil asked about the centralization issue I pose above and follows up with a question about whether standards will alleviate this problem. No one gave the right answer. The right answer is that governance is the issue and that has to be worked out whether you've got industry standards or not. Governance implies that you've going to create an enterprise architecture and an interoperability framework. Once you've got those then each business unit can go do their own thing, follow the standards, and the system will stand a chance or working. Without them, its endless meetings leading to project failure.