As in the past years, the analysts Kuppinger Cole + Partner have worked out 10 top trends in Identity Management. Some developmental aspects of Identity Management have already raised attention in the last few weeks. This includes HP's exit from the market, but also and in particular the substantially improved support for OpenID as one of the most important standards of Identity 2.0 –an aspect of Identity Management that is rather focussed on the end user.

But there are many other developments in Identity Management that are not so much in the eye of (IT)public, but nevertheless important issues that in 2008 will have an effect on IT development in general and might even become a matter of public discussion.

The 10 top trends in Identity Management

Trend No. 1: OpenID, InfoCards, CardSpace – Identity 2.0 is becoming part of real life

Without question the predominant topic is Identity 2.0. This is clearly reflected in the support by large companies like Yahoo, Google, Microsoft and IBM. Although it is obvious that the standards will have to be elaborated, also with respect to interoperability of Open ID and CardSpace, there will be innovative CardSpace implementations. This subject is not only getting settled in the minds of geeks, but is starting to catch the interest of the mass-market of users. This means all website providers getting engaged in Identity 2.0 to best meet the changing expectations of their users in future.

Trend No. 2: Governance, Risk Management, Compliance as a “superstructure”

The term Compliance is still in use, even if today we should rather speak of GRC which comprises Governance, Risk Management and Compliance. GRC has become the driving force of Identity Management with a strong impact on the change from administration-focussed to business-orientated Identity Management. This trend will accelerate in the course of 2008. In addition to Business Role Management, which is being widely discussed already, more and more specialized applications for Identity Risk Management and Auditing will be launched. This market is about to develop, initiated by many interesting innovative vendors.

Trend No. 3: Open systems and modules instead of monolithic suites

The past year has demonstrated that the core products of Identity Management – the provisioning solutions mostly referred to as “Identity Manager” – need to be opened up. However, the support by external workflows and standards like BPEL (Business Process Execution Language) are only one step in this direction. A flexible collaboration with GRC solutions should be targeted as well as a strategy for the support of ESBs (Enterprise Service Bus) for communication. The applications of the future need to be flexible to be used with other components of IT infrastructure. This also opens up market opportunities for new vendors covering sectors like MDM (Master Data Management) and BPM (Business Process Management), but also for specialists producing solutions to connect to various identity repositories such as LDAP directories.

Trend No. 4: SOA and IAM are growing together

It took a while, but now, finally, not only vendors from both sides, but also application developers have become aware of it: Collaboration between SOA (Service-Oriented Architectures) and Identity Management is an important requirement. A discussion is beginning about which concepts for the execution of services in the context of identities are most suitable to ensure end-to-end security. This discussion will gather in pace and importance in this coming year with the result that the significance of Identity Management, particularly of Identity Federation for an application-wide use of identity data, and of virtual directories for the flexible provision of selected identity data, will continue to grow.

Trend No. 5: Authentication and authorization in the context of the user

Particularly in e-banking, the approach of a risk-based authentication has been addressed for some time. Primarily, information delivered by Fraud Detection needs to be taken into account for authentication. However, the development towards a context-based authentication and authorization will in future have a bearing on all security-relevant areas, from e-banking and e-commerce up to internal IT systems. More precisely, a combination of all kinds of data – gained from the physical access control system, the NAC (Network Access Control), from Fraud Detection and other sources – as well as information about the used device and its location is targeted. A set of rules will then facilitate the decision whether authentication is allowed or not, under which conditions, and which applications are allowed to be used.

Trend No. 6: Privacy and data protection regain in importance

Since the Federal Constitutional Court’s decision in the “Bundestrojaner” proceedings, privacy and data protection have found their way back into public discussion. But also the security concerns with respect to OpenID show that public interest in these topics is growing again. We are expecting a heightened awareness as to general security issues, not least because more and more Internet users perceive themselves as transparent people. They realize that this development needs a critical look.

Trend No. 7: More, not less vendors

Although HP has withdrawn from the Identity Management market, the number of vendors is constantly growing. This seems to remain unaffected by occasional strategically disputable misjudgements by some enterprises. Also many vendors’ turnovers being beyond the average of IT industries show that Identity Management is ranking among the booming market segments of IT. The new trend topics such as GRC applications, and the chances resulting from concepts addressing open modular systems, have already attracted a number of interesting new vendors. And there will be more of them, as we believe.

Trend No. 8: Secure online banking – finally!

The USA as well as Great Britain are countries that seem to prove it: online banking is getting more secure, and the new concepts reach far beyond the archaic PIN/TAN method and their follow-up iTAN. Sophisticated encryption mechanisms, Flash Player-based methods and many other developments are being tested by banks to implement a simple as well as secure access to e-banking. This trend will of course influence Germany and other states, where there is still need to catch up with the newest technologies. Many innovative developments in South America and Asia show that this trend is global.

Trend No. 9: Information and identities are linked: “Enterprise Information Management”

Still only a touch of a trend, but not to overlook: Due to a more explicit business orientation, the general view on Identity Management is changing. The target aimed at is an Enterprise Information Management, focussed on information. It defines who is allowed to use the information and in which way it can be protected. Access authorizations, Information Rights Management, but also storing can be centrally controlled following this concept. Business roles are needed to allow users to decide who is authorized to do which tasks. Identity Management serves as a substantial basis in this model without being the only component. Enterprise Information Management is the approach of transferring information control to the user, particularly ensuring a consistent and uninterrupted data protection.

Trend No. 10: Federation is growing up – slowly

Federation, one of our top trends for a long period of time, has slightly stepped out of the focus. However, this does not mean that is has become less important – on the contrary, the number of implementations as well as vendors is still growing. Also the interoperability concern has reached a rather high level. But like all hypes, Federation has now arrived at the point where practical solutions are in demand. And these are – gradually – on the rise, even if the branch is growing at a slow rate. This is among other things due to the fact that organizational and legal requirements to be met by Identity Federation are often obstacles to overcome. But meanwhile it has become apparent that a practice-oriented approach as to the use of Federation in the B2B as well as B2C environment – addressing standards like CardSpace – has prevailed over the rather theoretical ideas circulating in former discussions (“Circles of Trust”).