Provisioning continues to be one of the hottest categories in the identity management space -- as the "best of breed" versus "complete product suite" argument appears that it is heating up.

This announcement from Abridean further cements the fact that the race is beginning. Quoting:

End-user management provider Abridean Inc. next week will try to set itself apart from a crowded field of players with the latest release of its Provisor provisioning software.

The niche player in the competitive space, which just yesterday saw consolidation through the Quest Software Inc. acquisition of Aelita Software, added further automation capabilities for both user account setup and ongoing maintenance to Provisor 4.1.

John Fontana writes a very good piece about the consolidation in the identity managment market -- and what it means for companies making purchasing decisions. Quoting:

"Initially, we weren't real happy that Sun bought Waveset," says Larry Burtt, desktop services group leader for Guidant, which designs and develops cardiovascular medical devices and is based in Indianapolis. "But after conversations with Waveset, we are more comfortable. We'll stay with the Waveset tools provided they still have a focus on Active Directory."

That is because Guidant is committed to Microsoft's Active Directory, which is one user repository that Waveset's Lighthouse can use.

"We are an Active Directory shop, and if [buying Waveset] is a move by Sun to counter Microsoft we would be disappointed," Burtt says. Sun has its own directory service that is part of its identity software suite, but Guidant has no plans to replace Active Directory.

Burtt says he thinks emerging identity standards, such as the Security Assertion Markup Language and the Service Provisioning Markup Language eventually will provide flexibility for his decision-making.

Netegrity announced earnings on Monday afternoon -- beating Q4 expectations, but lowering their sales target for Q1. Their CFO attributes the Q1 lowering to the "unexpected budget flush" that their customers experienced in Q4 -- something that won't be evident in Q1, combined with a slow start to IT spending in 2004.

Overall, it looks like Netegrity had a good year -- adding a bunch of new customers and making a key acquisition in Business Layers.

Read more about it here and here.

Just when you thought it was safe to go back into Wal-mart....just kidding. Microsoft has announced *their* RFID initiative -- to compete with Sun, IBM, SAP and every other major tech company on the planet. Learn more here, or just check out this quote:

The company has added Radio Frequency Identification technology, which combines silicon chips and radio frequency technology to track inventory, to its Microsoft Axapta Warehouse Management software.

Microsoft has been testing the new RFID software with KiMs, a Danish snack food company, since December 2003. KiMs, which was already using Axapta, is using the new software to monitor pallets or cartons of finished goods as they move out of production and into a third-party warehouse. The company said that the new software provides much greater knowledge of the exact location of products at various points in its supply chain.

Readers might recall my predictions for 2004. Number 9 read:

9. Howard Dean mentions Digital Identity in his presidential campaign. Okay, this one's a bit off the cuff -- first, I'm assuming that Dean gets the Democratic nomination (a pretty big assumption), then I'm predicting that Dean will mention Digital Identity in his campaign. I'm not willing to address context, but I'm looking for the mention. In 2004, Dean's "internet campaign" takes up the issue of digital identity.

So it is with great interest this morning that I read Declan Macullagh's column on Howard Dean this morning. Declan has obtained the transcript from a talk Dean gave approximately 15 months ago. Declan outlines the talk as follows:

Dean also suggested that computer makers such as Apple Computer, Dell, Gateway and Sony should be required to include an ID card reader in PCs--and Americans would have to insert their uniform IDs into the reader before they could log on. "One state's smart-card driver's license must be identifiable by another state's card reader," Dean said. "It must also be easily commercialized by the private sector and included in all PCs over time--making the Internet safer and more secure."

The presidential hopeful offered few details about his radical proposal. "On the Internet, this card will confirm all the information required to gain access to a state (government) network--while also barring anyone who isn't legal age from entering an adult chat room, making the Internet safer for our children, or prevent adults from entering a children's chat room and preying on our kids...Many new computer systems are being created with card reader technology. Older computers can add this feature for very little money," Dean said.

ooooh....SO CLOSE to fullfilling my prediction, but I imagine that now Dean will have to respond -- so my prediction should come true.

It will be interesting to see if this column elevates the Identity debate (as a whole) on the campaign trail....

At its annual conference for users of its business applications next week, Oracle Corp. will unveil new software pricing and outsourcing options and plans to embed radio frequency identification (RFID) technology in its products.

Oracle said in a written statement that it plans to discuss its RFID strategy at the AppsWorld event, due to begin Tuesday in San Diego. The company also will make other announcements related to its E-Business Suite 11i line of applications, but declined to provide any details. Nor would it say when the RFID technology is scheduled to become available as part of 11i.

There's an awful lot of RFID news, alliances and partnerships going on these days -- add this one to the pile.

The question remains: will the RFID market be as big and important as everyone is anticipating?

Quoting:

The market opportunity of RFID tags is estimated at $3.1 billion by 2008, according to research group Applied Business Intelligence. Another research group, IDC, estimates that retail demand alone will be $1.3 billion within four years.

The FTC is putting out some stats and info regarding identity theft for last year.

Quoting:

Identity theft and fraud cost Americans at least $437 million last year, as scam artists made themselves at home on the Internet, according to federal statistics released today.
The Federal Trade Commission said it received more than half a million consumer complaints in 2003, as scam artists financed their spending sprees with other people's credit cards and hucksters sold nonexistent products through online auction sites.

Identity theft -- the practice of running up bills or committing crimes in someone else's name -- topped the list, with 215,000 complaints, up 33% from the previous year.

AOL is endorsing a sort-of authentication system for email (much like caller id) that is based on an emerging standard called, "SPF." Learn more here.

Quoting:

The online unit of media giant Time Warner last week implemented SPF, or Sender Permitted From, an emerging authentication protocol for preventing e-mail forgeries, or spoofing. The trial involves the company's 33 million subscribers worldwide and is the first large-scale test for the protocol, which standards groups are considering along with various other e-mail verification proposals.

An article from MSNBC discusses the US-VISIT program, and the massive IT contract that it holds for some makers of biometric technology (and associated systems). Quoting:

The U.S.-Visit program is expected to cost between $7-$10 billion though 2014, according to the Department of Homeland Security.

“Up to now, most of what the Homeland Security has done has involved getting airports up and running with their baggage screening, but now we’re at the point where we are seeing serious money come into this industry,” added Andreassen.

The International Biometric Group, an industry consulting and research firm, predicts that industry revenues from biometrics technologies will grow from $600 million last year to more than $4 billion by 2007, the biggest chunk — about 75 percent — of the demand coming from government-related investments.

U.S.-VISIT is one of the government's most expensive technology contracts, and it is likely to be the first of many.

An interesting article from the CEO of Thor Technologies, it does a very good job of outlining identity management's value proposition.

Quoting:

With automated enterprise provisioning, new systems and applications as well as new business rules are easily added. IT departments can quickly regain control over a changing environment. A rationalized IT department can also reap significant savings on expensive software licenses. It is very common, for example, that a merger or consolidation of business units results in layoffs, and a company finds itself with far more software licenses than users. However, manually tracking down all the user accounts and verifying the required number of licenses is extremely tedious and time consuming. With automated provisioning, a company can quickly determine the required number licenses and reduce its license fees accordingly.

This is a great look at the history of RADIUS -- and the problems facing it today, especially in a wireless world. Most people haven't considered the identity implications of security on wireless networks -- but the Enterprise sure is. Quoting:

Interestingly, the use of 802.1X for authenticating wireless access based on user identity has engendered a similar effort for traditional wired LANs. Leading switch manufacturers such as 3Com Corp., Alcatel, Cisco Systems Inc., Enterasys Networks Inc., Extreme Networks Inc., and Juniper Networks Inc. have embraced 802.1X as a means of authenticating users to a wired LAN port and assigning them to an appropriate virtual LAN. This essentially allows each user's access to the LAN to be conditioned on who the user is, not which Ethernet receptacle he happened to plug into. To the extent that use of 802.1X becomes the norm, both for wireless and wired LAN access, the RADIUS server occupies an increasingly critical position in the network infrastructure.

When Novell isn't busy making Linux news, they're working hard on their identity management initiatives.

Quoting:

A new release of the product, Nsure Identity Manager 2, improves the tools used by network administrators for managing and synchronizing passwords across different network directories. The update introduces a visual tool to establish company password policies for assigning access rights to applications.

The National Retail Federation show has generated much RFID news (see below). This article gives a good wrap-up of the events and happenings.

Verisign has won the contract to design and operate the root directory for the Object Naming Service (ONS) -- a distributed global network that will use EPC (i.e., RFID) technology. Quoting:

EPCs are unique numbers, akin to automobile license plates, that identify items in shipping cases and pallets. Using RFID technology, the EPC information can be broadcast to handheld and mounted RFID readers, which track the items as they move through an organization's supply chain, from manufacturing floor to store shelf, Hutchinson said.

The ONS will function like the U.S. Department of Motor Vehicles for companies that use EPCs to track merchandise, relating the unique EPC number to information that describes the product, she said.

ONS is key to the commercialization of the EPC network, which was developed by a public-private initiative coordinated by the Auto-ID Center at the Massachusetts Institute of Technology in Cambridge, Massachusetts. Without it, trading partners using EPC can only transmit product information directly using "point to point" communications, Hutchinson said.

A European retailer has announced plans for an extensive deployment of RFID technology -- without the usual privacy brouhaha that would occur if such an announcement occurred in the United States. Perhaps this discrepancy is due to the rather large difference in attidunal and legal treatment of personal privacy that exists between the EU and the US government. For more, see this link.

The National Retail Federation continues to yield much RFID-Identity related news. The lastest is this from Microsoft. Quoting:

Other applications being developed under the program include software for use with point-of-sale terminals and analytic tools based on Microsoft's SQL Server designed specifically for the retail sector. The software maker reported that RadioShack has already adopted 8,000 point-of-sale systems based on Windows XP throughout its stores and that it built a mobile store management system with another partner, Wipro Technologies.

SAP annonces RFID middleware...which isn't a big deal in and of itself, except for this: all of this RFID news lately doesn't jibe with the "rfid fails in '04" predictions that I saw everywhere in the past week. We shall see...quoting:

SAP Monday launched new infrastructure software designed to help companies manage and communicate data captured by wireless inventory tags based on radio frequency identification (RFID) technology

"Web Services Security" is code-speak for digital identity. This article outlines several case studies of companies implementing web services security -- in the face of constantly evolving standard. Quoting:

We have a layer written to change out our security depending on where the standards evolve," he says.

Getting up to speed on the architecture, methodology and tools for writing Web services applications and then securing them remains the most common problem today, users say. Success, however, has spurred wider adoption, putting a greater emphasis on security.

An interesting article that reveals people's willingness to give up their personal information in exchange for money off of their groceries -- at least up to a point.

The survey of US consumers found that, when questioned, people admitted they wouldn't mind giving up certain information about themselves via RFID, including location, if it saved them time or money – with over half of consumers saying they'd be happy to be tracked in a supermarket if they were given money-off coupons for their groceries.

WOZ is making news with this announcement of a partnership with Motorola. RFID seems like a baby-step compared to the project that Wheels of Zeus is taking on....

Yet another brick in the identity wall...

A nice article from John Fontana that dives further into Mircosoft's efforts around identity management.

It has become clear in the last 12 months that Microsoft views the identity thread that runs through their stack as absolutely integral to everything that they're building.

This story from MSNBC details the introduction of the new US-VISIT program, which will be using fingerprint and facial recognition technology to detail visitors from some foreign countries. Quoting:

Inkless fingerprints will be taken and checked instantly against a national digital database for criminal backgrounds and any terrorist lists. The process will be repeated when the foreigners leave the country as an extra security measure and to ensure they complied with visa limitations.

Homeland Security spokesman Bill Strassberger said once screeners become proficient, the extra security will take only 10 to 15 seconds per person. Foreign travelers also will continue to pass through regular Customs points and answer questions.

Photographs will be used to help create a database for law enforcement. The travel data is supposed to be securely stored and made available only to authorized officials on a need-to-know basis.

A similar program is to be installed at 50 land border crossings by the end of next year.