Microsoft Publicly Betas ID Lifecycle Management

Pushes control to users, but will that fly?

At its Tech-Ed for Professionals summit, being held in Florida this week, Microsoft unveiled the first public beta version of Identity Lifecycle Manager 2.

This product will handle the entire identity life cycle, from provisioning new users to deployment to termination.

It provides a much-needed solution in the Microsoft (NASDAQ:MSFT) space in enterprises, but whether or not it's acceptable by enterprises remains to be seen, because it will enable end users to manage their own identities, which raises security issues.

ILM 2, the codename for the successor to ILM 2007, will "deliver integrated identity management systems across heterogeneous systems and multiple audiences," Douglas Leland, general manager, Microsoft's identity and access business group, told

It will have a "powerful set of self-service capabilities for the end user and a suite of rich administrative tools and enhanced automation for IT professionals," Leland added.

ILM2 will also have automated portals based on .NET frameworks and application programming interfaces (APIs) (define). The APIs will be based on Web Services standards

Being user-centric is "significant for Microsoft," Leland said. The goal is to put users in control of the management of their identities and access privileges using Microsoft Windows and Office, "providing a consistent and familiar interface in a privacy-friendly way," he added.

There will be no problem with supporting Windows XP, "because we support down-level as well" but "obviously you will get significant benefits as you move to Vista," Leland said.

The user-centric approach puts Microsoft in the lead because "the state of the art is not providing meaningful tools for end users to manage their own profiles and entitlements," Leland said.

That's a point Bilhar Mann, CA's senior vice president of security management, takes issue with.

"They say that, in listening to customers, they've identified a major flaw with other identity management products, in that users don't have self service capabilities," Mann told

"That's not correct; we delegate the managing of identity and passwords to end users, and this feature's in our shipping product now."

Microsoft's user-centric approach worries Kevin Kampmann, a senior analyst at The Burton Group. "The concept is interesting, but there are still issues around interoperability and putting mechanisms in place that make it viable," he told

"Does the user want to do this?" he added. "And there's a whole issue of trust on the enterprise side that needs to be dealt with."

CA has got that angle covered: Earlier this week, it unveiled Security Compliance Manager and a slew of other products with identity management features.

Security Compliance Manager lets managers certify and attest to the access rights a user has. "A user can ask for access rights, but can't get them without certification or approval by a manager," Mann said. "It's just like when an executive asks for a corporate credit card, there's no way he'll get it without a manager's approval."

This article was first published on To read the full article, click here.

Comment and Contribute


(Maximum characters: 1200). You have characters left.