DEC'd Out

Just got back from DEC 2007 and still buzzing from the good times. I hope to cover more topics in future blogs but will just sum my conference experience for now.

ILM2

• built on top of existing investment in metadirectory, but reaching way farther towards the user with really slick UI
• ILM2 becomes a lot different than other IDM vendors because of the integration with the Microsoft platform (Windows client, Office, Certificate Services, Windows Workflow, Communication Foundation, Presentation Foundation, etc, etc).
• migration story should be very good since the core engine is likely to be the same
• CLM integration should be very slick, no longer looking like a separate product
• apps supplied in ILM2 (self-service, workflow, etc) will all use public interfaces to ILM so in theory it will be a rich platform for identity apps
• codeless provisioning is a big scenario
• Microsoft's adapter framework opens the doors to the connectivity barn
• SPML is not at the top of the connectivity list, but I don't think it will be difficult to write an adapter for ILM2 that translates from SPML. This will be a fun pet project when the beta arrives.
• On its own ILM2 is pretty exciting, but combined with other Microsoft identity activities (CardSpace, WS-*, ADFS, Identity Metasystem, etc) I am really excited about the potential.

Kim's throne speech:

• claims, claims, claims - becoming increasingly important, we should start thinking a lot more in terms of claims as opposed to AuthN, AuthZ
• "legonic systems" will become more pervasive to the point where rigid systems will become irrelevant. To me this means a platform for identity will be readily available and simple for application developers to use, as opposed to baking identity into the application

ILM2007

• we should see a service pack towards the end of this calendar year, including Vista support for the CLM client among other things. E12 support might also be in there.
• The CLM MA bridges the gap between the MIIS sync cycle and CLM long running workflows.

Creating XMAs - Jeff Bohren (BMC)

• the password management interface in MIIS today does not provide configParams
  A solution to this would be to stuff the configParams into the connectTo as an XML string. I have another solution, it doesn't require duplicating the configParam data but it isn't for the faint of heart at design time.
• SSH can be made easier using a .NET library at http://weonlydo.com
• BMC employs an agent approach for asynchronous scenarios such as event-based deltas and password notifications (they call it the delta cache I think). Blockade took the same approach with their host management agents.
• L18N testing for internationalization is important
• Jeff uses the DOM in his XMAs. this makes navigation simple but performance must be an issue on larger systems

System Reporting Services and MIIS - Brad Turner (MIIS MVP)

• Brad released the Community Reporting Pack 2007 - cool!
• CRP can be used by anybody, pretty much out of the box
• Some cool features can be added, like export detail reporting (how many samAccountNames were updated last week?)

Group Based Provisioning - Markus and Mike (Microsoft)

• Excellent walkthrough of the challenge and the design decisions
• Markus had a really good slide showing the scope of reference attribute mappings (CS-CS, MV-MV, CS-CS)
• Neat solution for getting memberOf onto the MV person object without sucking at performance
• I'm not sold on bit vectors yet, but agree they improve performance. Just not sure the added complexity is worth it