Two weeks ago I was at Digital ID World in Anaheim, CA, followed by a briefing in Redmond. My mind is still returning to this action-packed event every once in a while, and I am still trying to make sense of it all. For me the most interesting aspect of DIDW has certainly been to meet face to face with lots of the usual suspects, some people I "know" virtually, but have never met face to face, and some new acquaintances. Over the next few week, as my busy research agenda allows, I will write up on some of the cool stuff, new technologies and new evolutions of products that I've learned about during those three days.

Just thought I'd just pay tribute to some of my experiences during those three days. For me as well as for many others, DIDW started off with a visit to the new "IDTBD" (ID To Be Determined) initiative that the Liberty Alliance sponsored. Bob Blakeley from the Burton group stood in the middle of a fully crowded room (including people standing outside). After a somewhat tedious roll call where everybody present stated why they actually went to this meeting, the discussion came into full swing. The idea behind the "IDTBD" was to provide an infrastructure framework for projects around identity. Instead of every project getting tied down with bureaucracies, legal agreements and organisational matters, IDTBD would provide support and let participants focus on what they can do best. I thought the idea was pretty good, but not everybody thought the same. As organisational matters like these were not my forte, I disappeared after the break, and when I walked past the open door an hour later, I could see that a very small crowd was still in very animated discussion.

I had my fun with Sun that afternoon, evening and night, and honestly, I had a blast. Sun brought me in twice for their Identity Buzz TV show. Daniel Raskin was my host, and we talked about open source within identity management - the specific nuances and what customers can expect from it. We also talked about one of my favourite topics, the identity bus (I did a round-table at our European Identity conference back in May), and in that one I managed to turn it around and have Daniel add his thoughts to the discussion (later on that week, I had the pleasure of meeting again with Stuart Kwan who explained me his vision, but more to that later). It was great to meet Daniel, I only had the virtual pleasure up to that point, and can attest that he is at least as cool and knowledgeable in real life as well. I also had some quality time with Pat Patterson, who I've met before, but only shortly between doors, and it was good to catch up. Saachin was there as well and turned on several light bulbs in my head when he talked to me about Sun's 3 month roadmap for deploying Role Manager within an enterprise. My head was spinning a bit after so much information, and I was really grateful when Saachin's colleague Neil Gandhi patiently spent a good two hours briefing me and walking me through the product in great detail a day later. As my colleague Sebastian Rohr and other noted, Sun certainly made a killing snapping up Vaau earlier this year, and now I can fully appreciate Sebastian's enthusiasm.

John Barco very cunningly demonstrated a concept that is likely to pop up in the same basket as identity theft: identity exchange. ;-) By wearing Nicholas Crown's badge around his neck the next day, he had me confused, because I just met both of them in person for the first time the day before. I had some great discussions with both of them later, especially with Nick, whom I talked after the Ping Identity party until the not-so-wee-anymore hours. Oh yes, the Ping party. Aren't they legendary! As this event was held at the "Blues house", the "house drink" was a blue liqueur. It did not glow in the dark, but turned out to be somewhat of an acquired taste. Andre Durand's team were busy making sure that everyone held at least one cup in their hands at all times. I decided to be careful with it. At the party I made some great acquaintances, and ran into Doug Anter from Covisint. In a very forward-looking spirit that is common after successive libations in the later evening, we decided to set up a "breakfast briefing" for 9 AM the next morning. This turned out not to be painful at all (perhaps I can attribute this to my special care with the house drink), but to the contrary highly interesting, as I have an article in preparation on Covisint's offerings on "Identity as a Service (IaaS)".

In the same area, I was equally impressed with a briefing that I received earlier from Eric Olden who is the founder and CEO of Symplified. Having founded Securant in 1995 (which he later sold to RSA), he well understands the need, but also the entry barrier for small and medium enterprises when it comes to identity and access management. Symplified provides identity and access management as a service in both directions - incoming and outgoing. On the outgoing side, Symplified can connect an enterprise's users to internal and external SaaS services (such as Salesforce, Workday, ADP, etc.) with single sign-on. On the incoming side, access to resources is controlled through a proxy layer that is either hosted by Symplified itself, or runs inside an organisation in several form factors: appliance or virtual machine. I think there is a photograph of myself wearing a Symplified T-Shirt towards the end of the Ping party.

Another very interesting briefing I received was from AEP Networks' J. Alan Bird who is extending identity throughout the network with identity based access control. Their IDpoint solution tags every network packet (actually, the payload within IP packets) from an authenticated client PC with a special token. Specialised identity routers then act like firewalls by checking access against tokens and making access control decisions. A sophisticated auditing and reporting engine is included that can act as a feed to current GRC (Governance, Risk-Management and Compliance) solutions. As identity management has traditionally focused mainly on application security, I think that this pioneering approach offers a significant manageabilility gain and a previously not well-addressed need for extending GRC towards the network layer. I am convinced that this will become an important topic, especially with investments in strategic GRC projects increasing.

Oracle was a main sponsor at Digital ID World, and many of its brightest minds were roaming around. I was particularly happy to finally meet face to face with Nishant Kaushik whose blog I read regularly and recommend (it's on my blogroll). Same with Clayton Donley, who I've seen already seen previously from far away, but have never had the opportunity to shake hands with. I had a great follow-up discussion with Eric Leach on Oracle's new access management suite (he had briefed me on it a month before). And of course Phil Hunt, whose efforts around the Identity Governance Framework I wrote about previously. When I finally got to meet Dennis MacNeil in person, he gave me some good advise and helped me understand better how the individual pieces fit into Oracle's strategy.

Understanding that it is impossible to mention everyone and everything that I met and discovered, it is perhaps worth mentioning what I wish I could have done. The time was limited, and unfortunately the exhibition floor closed very promptly, and I just plainly ran out of time. Matt Flynn was there and I shook his hand but had to run off and couldn't catch up with him anymore. He will not escape me next time (or rather, I will not escape him) :-) I also ran out of time and couldn't properly catch up with the folks from Optimal IDM anymore, who briefly told me about the new features added to their virtual directory product. Equally with my old colleagues from Symlabs who would have loved to show me the upcoming full virtual tree feature in the next version of their virtual directory. Charles Andres who is now the head of the Information Card Foundation was all over the place but unfortunately so was I (and at the Information Card Foundation's booth I ran into Axel Nennker, which was really cool). I did not have time for Sailpoint and Novell unfortunately - although I did have a brief chat with Dale Olds and some of the other "Bandits", but would have loved to spend more time with his colleagues as well. Next time it will be!