SAP tends to talk about its concept of business-driven Identity Management in these days and claims this to be a new approach. But honestly – neither the term nor the concept are really new (but valid). Business-driven Identity Management in SAP’s vision is role-based. Based on business roles, to clarify this, not on the technical system roles SAP supports today in its different business systems.

There is no doubt that business roles are becoming more and more important for IAM. SAP supports them today in its GRC Access Control product. SAP NetWeaver Identity Management in the current and near-term releases will use a separate role management approach. That might, from my opinion, change over time due to the fact that the integration between SAP GRC Access Control and SAP NetWeaver Identity Management is one of the major points on the SAP roadmap.

There are two things I’d like to add. First of all, what SAP delivers today in SAP NetWeaver Identity Management is a first step towards the right direction but definitely not the leading business role management approach in the IAM space. Second, business-driven IAM doesn’t end with business role management. In my vision for the evolution of IAM there is much more business control of information through the user, centered around “information objects” and the identities. I’ve talked about that in some of our webinars and will, probably by the end of November, write a report on this vision and the things I observe in the industry – and probably I will write a little about this in my blog even before publishing the report.