I’m just back from the DEC 2007 conference in Brussels. Unfortunately I had to miss the last day, which is a pity as there were some good SQL-related talks on the schedule, but I did get to go to all the ILM talks, as well as picking up a few MIIS pointers, and (most importantly) having some interesting chats with IdM collegues from around the world.
Probably the best attended talks in the IdM stream concerned ILM 2007 and the so-called ILM r2. I think it’s fair to say that most of the people there were running MIIS 2003 and wanted to get the goods on where the product is headed.
ILM or MIIS?
The first thing I noticed is that even the Microsoft guys are still talking about MIIS. A lot of the development seems to be in adding extra packages around the product which remains, at its heart, the sync engine that we all know (and love?) from MIIS 2003.
So it seems that Identity Lifecycle Manager is really a collection of packages grouped around MIIS, and for ILM 2007 that collection basically consists of …
Certificate Lifecycle Manager
I went to the CLM demo and found it to be more of a standalone product than I had expected, considering all the ILM hype. The actual management of the certificates themselves is done in CLM via its Sharepoint interface. The relationship with MIIS is just that of an ordinary MA-connected directory, and the objects that MIIS syncs out to CLM are requests – essentially requests for cert creates and cert deletes. All the automation concerning cert renewal and lifecycle is done in CLM itself.
ILM r2
While ILM 2007 is really no different to MIIS 2003, the plans for ILM r2 do indicate a major shift in scope. MIIS is still in there as the sync engine, but a lot of work is going into pushing identity tasks out to the end user, with password reset and management of user-owned distribution lists being featured in the presentation.
The way they achieve this is by, again, bolting on an extra, MA-connected directory, which they call the “Object Store” and is just another SQL database. Configurable Sharepoint forms are used to modify data in the Object Store and to introduce workflow, such as Approval cycles. Once the data is updated it is sync’d back through MIIS in the normal way.
The beta 1 version of ILM r2 was demo’d by Fred Delombaerde, Program Manager for the ILM group at Microsoft. There wasn’t enough time for questions, but I managed to corner him in the lift and squeeze a few extra tidbits out of him:
- ILM r2 will have much improved logging and auditing capabilities – well it could hardly be worse. Fred assured me that logging is now considered a “first-class citizen”, which I guess means they’ve realised it’s important. (Fred is also very fond of words like “rationalize” and “leverage” when “use” would probably function just as well – do they have some sort of MS training course to learn how to speak like this?Ā š )
- The management of the sync engine is to be improved – he said that Identity Manager is headed for the trash heap. I’m guessing more Sharepoint-esque management tools, but we shall have to wait and see.
- The “codeless provisioning” will, as is hardly surprising, just apply to Microsoft applications.
Unfortunately he got away from me before I managed to understand the difference between “Adaptors” and good ol’ fashioned Management Agents, and before I could ask him about task scheduling.
Predicted release date is end 2008.