Download the authoritative guide: Cloud Computing 2018: Using the Cloud to Transform Your Business
At its Tech-Ed for Professionals summit, being held in Florida this week, Microsoft unveiled the first public beta version of Identity Lifecycle Manager 2.
This product will handle the entire identity life cycle, from provisioning new users to deployment to termination.
It provides a much-needed solution in the Microsoft (NASDAQ:MSFT) space in enterprises, but whether or not it's acceptable by enterprises remains to be seen, because it will enable end users to manage their own identities, which raises security issues.
It will have a "powerful set of self-service capabilities for the end user and a suite of rich administrative tools and enhanced automation for IT professionals," Leland added.
Being user-centric is "significant for Microsoft," Leland said. The goal is to put users in control of the management of their identities and access privileges using Microsoft Windows and Office, "providing a consistent and familiar interface in a privacy-friendly way," he added.
There will be no problem with supporting Windows XP, "because we support down-level as well" but "obviously you will get significant benefits as you move to Vista," Leland said.
The user-centric approach puts Microsoft in the lead because "the state of the art is not providing meaningful tools for end users to manage their own profiles and entitlements," Leland said.
That's a point Bilhar Mann, CA's senior vice president of security management, takes issue with.
"They say that, in listening to customers, they've identified a major flaw with other identity management products, in that users don't have self service capabilities," Mann told InternetNews.com.
"That's not correct; we delegate the managing of identity and passwords to end users, and this feature's in our shipping product now."
Microsoft's user-centric approach worries Kevin Kampmann, a senior analyst at The Burton Group. "The concept is interesting, but there are still issues around interoperability and putting mechanisms in place that make it viable," he told InternetNews.com.
"Does the user want to do this?" he added. "And there's a whole issue of trust on the enterprise side that needs to be dealt with."
CA has got that angle covered: Earlier this week, it unveiled Security Compliance Manager and a slew of other products with identity management features.
Security Compliance Manager lets managers certify and attest to the access rights a user has. "A user can ask for access rights, but can't get them without certification or approval by a manager," Mann said. "It's just like when an executive asks for a corporate credit card, there's no way he'll get it without a manager's approval."