All due respect to Mark, who I know has been around the IdM world for some time, but none of these elements should be considered New School and have been around for quite some time.
- Privileged Account Management - I don't know of an engagement I've worked on in the last 5 years that did not have some concern about the creation and management of both Privileged and Service accounts. If anything, because of their nature, these accounts have a greater need to be created in such a way that they are done according to mandated processes and recorded for audit and review.
- AD Bridges - While not a technology I've gotten to work with a lot I know that many a mixed UNIX/Microsoft shop consider the Vintella/Quest tools to be indispensable.
- Virtual Directories - Again, a technology that's been around for a long time. I've been working with Virtual Directory technologies since 2004, where I would commonly show customers how to map information, provide access controls and even used the Virtual Directory as a write back mechanism to supported repositories.
However, in the end, the design and implementation of an Identity Management solution must be holistic in nature. Regardless of one's opinion on the New School qualities of the all the technologies Mark mentions in his article, they must all be considered and planned for in the final design.
2 comments:
Hi Matt,
Great blog!
I agree that these products have been around for a few years. I remember discussions with Radiant Logic as far back as 2002 on the virtual directory front. My "new school" designation is meant to differentiate these IdM products from the conventional wisdom (e.g., provisioning, WAM, LDAP, et al).
Keep up the great work!
Best,
Mark
Mark, thanks for the comment. I understand your feelings on "New School" IdM; I'm even happier that the rest of the industry is realizing what we knew and were building all along.
Cheers,
Matt
Post a Comment