Last year, I began blogging about the idea that there was "application identity management" (or "A-IdM") and "network identity management" (or "N-IdM") -- where A-IdM was traditional identity management and N-IdM was, essentially, identity-based NAC (and the tools and technologies evolving around that). I did that for a very simple reason: I couldn't see how it was that we (enterprises) could use identity as an architectural paradigm if it only extended through the application layer.
Now Sean Convery, CTO over at Identity Engines (one of the leaders in this thinking), is trying that terminology out on customers. He's finding that putting the "N" at the end resonates with people more quickly. His version is "Identity Management for Networks." So, perhaps my cute little acronyms should be IdM-N and IdM-A. This actually makes a bit more sense because ALL of what we're doing is trying to manage identity (at the machine, asset, resource or user levels), and putting the architectural layer at the end is a nice taxonomy.
Of course, beyond the "wording" of it all, lies the implementation -- where the ole rubber meets the road. Sean sees identity management becoming a "single entity." I'm not as optimistic. There's an awful lot of legacy to get through here -- legacy of job titles, legacy of how software and networking companies are organized, just plain legacy. Will IdM-N and IdM-A products and suites have to learn how to be intertwined? Absolutely. Will they merge? That sounds like a ten year job to me.
In the meantime, the folks that attend Digital ID World find themselves (once again) on the cutting edge of a concept. Did the analysts bring this up first? Nope. Are some analysts pronouncing "NAC" dead without knowing what they're actually talking about? Yep. Am I tooting my own horn? ;-)
-Eric Norlin
Hi Eric,
Thanks for keeping the conversation going. I posted some more thoughts based on your response.
http://www.seanconvery.com/weblog/2007/05/02/idm-n-idm-a-idm/