ILM2
- built on top of existing investment in metadirectory, but reaching way farther towards the user with really slick UI
- ILM2 becomes a lot different than other IDM vendors because of the integration with the Microsoft platform (Windows client, Office, Certificate Services, Windows Workflow, Communication Foundation, Presentation Foundation, etc, etc).
- migration story should be very good since the core engine is likely to be the same
- CLM integration should be very slick, no longer looking like a separate product
- apps supplied in ILM2 (self-service, workflow, etc) will all use public interfaces to ILM so in theory it will be a rich platform for identity apps
- codeless provisioning is a big scenario
- Microsoft's adapter framework opens the doors to the connectivity barn
- SPML is not at the top of the connectivity list, but I don't think it will be difficult to write an adapter for ILM2 that translates from SPML. This will be a fun pet project when the beta arrives.
- On its own ILM2 is pretty exciting, but combined with other Microsoft identity activities (CardSpace, WS-*, ADFS, Identity Metasystem, etc) I am really excited about the potential.
Kim's throne speech:
- claims, claims, claims - becoming increasingly important, we should start thinking a lot more in terms of claims as opposed to AuthN, AuthZ
- "legonic systems" will become more pervasive to the point where rigid systems will become irrelevant. To me this means a platform for identity will be readily available and simple for application developers to use, as opposed to baking identity into the application
ILM2007
- we should see a service pack towards the end of this calendar year, including Vista support for the CLM client among other things. E12 support might also be in there.
- The CLM MA bridges the gap between the MIIS sync cycle and CLM long running workflows.
Creating XMAs - Jeff Bohren (BMC)
- the password management interface in MIIS today does not provide configParams
A solution to this would be to stuff the configParams into the connectTo as an XML string. I have another solution, it doesn't require duplicating the configParam data but it isn't for the faint of heart at design time. - SSH can be made easier using a .NET library at http://weonlydo.com
- BMC employs an agent approach for asynchronous scenarios such as event-based deltas and password notifications (they call it the delta cache I think). Blockade took the same approach with their host management agents.
- L18N testing for internationalization is important
- Jeff uses the DOM in his XMAs. this makes navigation simple but performance must be an issue on larger systems
System Reporting Services and MIIS - Brad Turner (MIIS MVP)
- Brad released the Community Reporting Pack 2007 - cool!
- CRP can be used by anybody, pretty much out of the box
- Some cool features can be added, like export detail reporting (how many samAccountNames were updated last week?)
Group Based Provisioning - Markus and Mike (Microsoft)
- Excellent walkthrough of the challenge and the design decisions
- Markus had a really good slide showing the scope of reference attribute mappings (CS-CS, MV-MV, CS-CS)
- Neat solution for getting memberOf onto the MV person object without sucking at performance
- I'm not sold on bit vectors yet, but agree they improve performance. Just not sure the added complexity is worth it
