EIC 2010 has ended. And like each year, there are some interesting observations. I'll take three of them:

  1. The "classical" IAM topics like provisioning or E-SSO are well understood now - and extended.
  2. Federation becomes reality.
  3. The cloud impacts IAM - and vice versa.
Topics like provisioning and E-SSO were discussed mainly in the many "Best Practice" sessions. There are many implementations out there. Several of them use MSSPs (Managed Security Service Providers) or other Saas-/Cloud style types of deployment. And they are increasingly integrated with other IT infrastructure elements like the ITIL tools or portals. There is an evolution towards more integrated approaches and thus more architecture options, and it is obvious that the cloud starts to impact this as well. In the area of E-SSO, trends towards more versatility and integration with for example strong authentication technologies as well as the emerging topic of convergence (physical/logical) were the most important ones discussed at EIC.

Federation is becoming reality. It isn't hype anymore - which is a good sign. Interestingly, the federation sessions I've attended at EIC as a panelist or speaker were fully packed - a difference to last year. The value of federation is understood - now it is about implementation.

With the separate Cloud Computing track and the parallel Cloud 2010 Conference we had this year, there was as well a lot of attention on Cloud Computing topics. These sessions were as well crowded. The most important topic was the relationship between the Cloud and IAM/GRC. There were many interesting, though provocing sessions and many practical views, beyond the hype towards the real thing: How can we make the Cloud more secure? And how can we do IAM/GRC in the cloud for internal and external environments? And there were valid answers, not only questions. It was sort of "The Cloud brought down to Earth"...

I'll blog about many of these aspects more in detail over the course of the next weeks.