Peter Christy

At TechEd Microsoft announced Beta 3 of Identity Life Cycle Manager Version 2, hardly an earthshaking announcement given that the product won't ship for quite a time, but a great opportunity to talk to the ILM team and better understand their current plans. That was pretty eye-opening. First, MS quoted respectable research that says that Active Directory is used as the primary directory in 92% of the F1000. I love confusing market statistics. It would be another thing entirely to say that 90% of F1000 enterprises used AD (and much less interesting). 92% is a pretty stunning number and that context I think that ILM will also be a pretty big thing pretty quickly. A modern identity management system consists of a set of different directories and a scheme for keeping their contents coordinated, typically by use a meta-directory system that understands which subordinate directory is the authoritative source for information that is then shared with others. For example, HR is authoritative for new employees while something in the network assigns them IP addresses. ILM has a meta-directory and coordinates AD and other directories as well. What is innovative in ILM is that the operation takes IT out of the picture except where IT the authoritative source for directory information. For example, HR would provision a new employee record, their manager would define their role and then owners of various assets and services would approve their use based on the role they play. Historically IT would own and run the directory infrastructure and be responsible for making changes. The problem with this design is that IT is rarely the authority for directory information. With ILM business rule and workflow can be specified that define the constraints and process for making directory changes. Microsoft has lots of interesting business rule and workflow mechanisms to bring to bear. In most cases the change approval process is run via forms though the Exchange email solution. The solution design (driven by individuals and the organization, not IT) sounds right, and given Microsoft's dominance already in the core directory business will ILM be the next domino to tip in the favor of Redmond?