Unless you didn't read any tech news yesterday, you heard that Scott McNealy is stepping aside as CEO and Jonathan Schwartz is taking over.

I'm not quite sure *how* this affects identity at Sun -- and maybe it doesn't at all. Clearly, the most significant thing that Sun ever did (on the identity front) was buy Waveset (No, it was not "start Liberty"). That purchase put their product set, their personnel, their customer successes on a trajectory that they're still riding today.

So maybe the Schwartz effect is no effect at all. Or maybe Sun makes another really good identity acquisition. I'll bet on the latter.

Final note on this: It makes me glad I saw McNealy keynote at this year's RSA show. I'd never seen him live and it was fun to see just how funny the guy actually is (live and in person).

Newsflash: According to a recent Forrester study, Identity Management is critical to security AND compliance. Stunning.

Okay, snarkiness aside, two very interesting facts:

1. 41% of organizations surveyed (in both Europe and the U.S.) expected IdM budgets to increase over the next 3 years.

2. While a lot of respondents had gotten started on their provisioning work, one third of companies will begin on strong auth initiatives in the next 12 months (while the other two thirds will need more than 12 months), and the majority of companies won't get to web single sign on (federation) for another 12 months.

Johnson & Johnson has adopted SAFE-Biopharma Digital ID Standards and can now provide SAFE-compliant digital identity credentials for use in authentication and digital signature services across its companies. "The signatures are designed to be legally binding and regulatory compliant, meeting 21 CFR Part 11 requirements for electronic signatures and signed electronic records."

The SAFE-BioPharma association announced its standards last Fall, and most large Pharmaceutical companies are mounting efforts to create interoperable, compliant deployments. In December, 2005, Adobe, Arcot Systems, CoreStreet, nCipher, IBM, and Kyberpass became the first ocmpanies to participate in the SAFE Vendor Partners Program.

Now we see the beginnings of deployment. Its starting to look like this ambitious identity program may soon become real.

ActivIdentity (Formerly ActivCard) has released its SecureLogin SSO product. This represents the first fruits of its acquisition of Protocom, and also represents a new level of integration of stronger authentication, SSO, and identity management.

Among the more interesting features is the ability to store PC passwords on a smart card, making them both portable and not available to others who might share or obtain access to a work station. This represents a significant step towards making authentication and security both portable and transparent to users, and it will be interesting to see how those who deploy it react to this user presentation.

SPML 2.0 has been ratified by OASIS. SPML 1.0 never really got the traction that SAML or WS-Security has, perhaps this release will change that.

I'm personally still waiting for the ability to dynamically provision and deprovision accounts on the fly as I bounce around the web ;-)

There's a cool new RSS tool that allows you to pull a feed into a stylized module in a website. Here's an example of our ZDNet blog:

[later: okay it *was* cool, but it started causing problems as it fed into the Digital ID World homepage. More to come...]

Burton Group has launched a podcast series that they're calling "Inflection Point" (ya gotta love marketers -- so serious -- "inflection point!" ;-). The most recent episode is all about the authentication trends in the marketplace, and its well worth the listen.

The podcast highlights how the FFIEC and HPSD guidance are driving authentication in the financial services and federal government (respectively). And then goes on to cover some interesting topics around risk-based authentication, layered authentication and the expansion of authentication technologies and devices.

We've highlighted the importance of authentication in 2006 here many times, and it will be one of the main themes we explore at the Digital ID World conference. In the meantime, check out the podcast from Burton...

Over the years, Phil and I have constantly tried to bring in members of the identity community -- giving them a focused home to live. One of the groups we have always considered part of the Digital ID World "family" is the Trusted Computing Group, as ALL of their work is about identity.

The corollary of the TCG is Network Access Control. Vendors like Cisco and Juniper haven't historically seen themselves as "identity" companies, but let's face it, that's what network access control is all about --- controlling who has access to what resources in the network.

NAC (or NAP) is identity-based technology for network security. Finally, today, Network World has written a fabulous piece about network access control -- one that clearly illustrates the ties to identity.

Please check it out...

Phil and I have started a new Digital ID World blog over on the ZDNet website. I hope you'll check it out and let us know what you think.

However, I also hope you won't stop reading this blog. This blog will roll on - though its aim is to speak more directly to "identity insiders" - or "identirati." While the ZDNet blog is aimed at the larger IT audience that may not be as familiar with the ins and outs of the identity story.

In any case, yet *another* feed to add to your reader ;-)

The U.S. Department of Justice has released a study on identity theft, and it contains a bunch of interesting data.

Quoting:
Of the other identity theft victims, about 25 percent had banking and other types of accounts used without permission, 15 percent had their personal information misused, and about 12 percent faced a combination of several types of ID theft.

The young and the well-to-do appear to be more at risk for identity theft, according to the DOJ numbers. Households headed by people between 18 and 24 years of age and those with incomes of $75,000 or more were the most likely to experience identity theft. Households in urban and suburban areas were also more likely to be affected.