European Identity Conference – Day 2

The second day of EIC is over, and I have to say I’m impressed. I’m feeling a real interest in Identity Management by the participants, that will hopefully turn into real projects and through the feedback loop bring the topic forward.


Today there were a lot of breakout sessions in addition to the keynotes. GRC was added as a topic in many titles, but I have to say this needs more work – I didn’t find much to take away regarding GRC, and some sessions that had “GRC” and “Compliance” in the title mentioned neither.

From a consulting perspective (i.e. real world needs) most of what is discussed here may sound like science fiction to participants. Most customers I’m talking to are busy working on much more mundane issues, namely re-gaining control of the authorizations they created and distributed over the years when words like “GRC” and “Compliance” had not yet been discovered.

More than one session complained about the complexity of todays authorizations (Kim Cameron said something along the lines of “I’m happy that SAP is on the panel to take the heat for this” ;) ), and everybody was ready to take a vow to simplify, many saw XACML as the solution.
This of course completely ignores that the complexity has not been implemented because programmers are too lazy to simplify, but because customers asked for the flexibility to be able to control access in such a granular way.


I will go on a limb and say that if authorizations were easier, applications supported XACML and supported claims, management would not be that much easier for customers. The reason I’m saying this is that I often see customers struggle to define the exact access that should be assigned to employees.

So, a logical step to advance the topic would be to work on processes and best practices to assist in defining access requirements, that can then help to define an authorization structure that can actually be well supported by identity management systems. Right now, we may succeed in speeding up provisioning, but if the mess still remains below the surface, this is not much more than put lipstick on a pig.

European Identity Conference 2009 – May 5th to May 8th


I’ll be spending the rest of this week visiting European Identity Conference 2009 in Munich. I was there last year, and it’s an event worth visiting – a diverse set of great personalities in the identity space, and a perfect opportunity for networking.

I’ll be blogging and twittering (use hashtag “#eic2009”) here, and you can follow more information about the event on EventTrack.


See you there!

CeBIT 2008: Day 1


This is where you’ll find me until sunday (Hall 4).

My last CeBIT was around 1999, in comparison today was quite a slow day. Nethertheless, a very interesting one: my SAP colleagues are very energized, you can feel the buzz. The german chancellor was visiting our stand, all the SAP board members were here as well.

I managed to slip in an hour with Craig (who complained that his blog has a lot less subscribers than mine – go over and subscribe!) which was a lot of fun. This is probably the best part of this event: you get to spend a lot of time with colleagues that you wouldn’t meet otherwise.