The Old IDM Kings Are Dead. Long Live the New Kings.

It can be said that Identity Management (IDM) was born in early 2000s. That was the time when many people realized that a single big directory just won’t do it. They realized that something different was needed to bring order into the identity chaos. That was the dawn of a user provisioning system. Early market was dominated by only a handful of small players: Access360, Business Layers, Waveset and Thor. Their products were the children of the dot-com age: enterprise software built on the state-of-the-art platforms such as J2EE. These products were quite terrible by todays standards. But they somehow did the job that no other software was able to do. Therefore it is obvious that these companies got acquired very quickly. Access360 is now IBM Tivoli product. Business Layers was acquired by Netegrity which was later acquired by CA. Waveset was taken by Sun. And Thor ended up in Oracle. By 2005 the market was “consolidated” again.

The development of all the early products went on. A lot of new features was introduced. Also some new players entered the market. Even Microsoft hastily hopped on this bandwagon. And the market became quite crowded. What started as a provisioning technology later became “compliance” and “governance” to distinguish individual products. And even more features were added. But the basic architecture of vast majority of these products remained the same during all these years. One just cannot easily evolve the architecture and clean-up the product while there is an enormous pressure to deliver new features. Therefore the architecture of these products still remains essentially in the state as it was originally designed in early 2000s. And it is almost impossible to change.

That was the first generation of IDM systems.

The 2000s was a very exciting time in software engineering. Nothing short of a revolution spread through the software world. The developers discovered The Network and started to use SOAP. Which lead to SOA craze. And later the new age developers disliked SOAP and created RESTful movement. XML reached its zenith and JSON became popular. The idea of object-relational mapping spread far and wide. The term NoSQL was coined. The heavyweight enterprise-oriented architectures of early 2000s were mostly abandoned and replaced by lightweight network-oriented architectures of late 2000s. And everything was suddenly moving up into the clouds.

It is obvious that the old-fashioned products that built up a decade of technological debt cannot keep up with all of this. The products started to get weaker in late 2000s. Yet only a very few people noticed that. The first-generation products gained an enormous business momentum and that simply does not go away from day to day. Anyway, in 2010 there was perhaps only a couple of practical IDM products left. The rest was too bloated, too expensive and too cumbersome to be really useful. Their owners hesitated for too long to re-engineer and re-fresh the products. But it is too late to do that now. These products needs to be replaced. And they will be replaced. Soon.

This situation is quite clear now. But it was not that clear just a few years ago. Yet several teams begun new projects in 2010 almost at the same time. Maybe that was a triggered by Oracle-Sun acquisition or maybe the time was just right to change something … we will probably never know for sure. The projects started almost on a green field and they had an enormous effort ahead of them. But the teams went on and after several years of development there is whole new breed of IDM products. Lean, flexible, scalable and open.

This is the second generation of IDM systems.

The second-generation systems are built on the network principles. They all have lightweight and flexible architectures. And most of them are professional open source! There is ForgeRock OpenIDM with its lightweight approach and extreme flexibility. Practical Evolveum midPoint with a very rich set of features. And Apache Syncope with its vibrant and open community. These are just three notable examples of the new generation. A generation of IDM systems that has arrived right on time.

Leave a Reply

Your email address will not be published.