So, the more and more I work with the ILM "2" portal, the more I come to the realization that the "Identity" in "Identity Lifecycle Manager" is becoming irrelevant. The ILM "2" portal is built to be extensible so you can model virtually any type of object and track its lifecycle. For instance, if you wanted to track the lifecycle of pagers or other assets in your company and you needed to do so with a rich workflow based request model you could use the ILM "2" portal application to do so.
What about the Sync Engine?
While it is true that the ILM "2" portal will be somewhat limited in what it can action through the Sync Engine, the ability to action directly from a workflow activity running in the ILM "2" portal is certainly possible. Whether or not this action is sanctioned by the Product Group is an open question but I certainly hope it is not frowned upon. Today, for good reason, we limit external calls from ILM rules extensions because of the linear and transactional nature of the sync engine - but with Workflow state can be serialized and de-serialized at any point in the program execution without affecting the host service so I don't believe the same restriction applies here. If you wanted to have a workflow interact directly with another web service or process then I don't see an issue here.
A new MOSS Development Platform?
Ok, so replacing MOSS app/dev is perhaps going a bit too far, but for most rapid application development and small enterprise applications, building an application on top of the ILM "2" web service and the ILM "2" site template (or a heavily modified one) isn't a bad idea. As the technology matures and we collectively get better at manipulating the portal I can see this happening for sure; especially if the heart of what you are doing requires workflow driven request processing. For the right price, Microsoft might actually have something capable of combating the Notes application threat. If you've worked in a Notes-infected environment then you are well acquainted with the proliferation of "Notes applications" that are next to impossible to supplant. Again, if we collectively make this simple for Administrators and Power Users to build quick feature rich applications around then it will begin to accrete the "quick and easy" applications over time the way Notes environments have. Having a full powered self-service request mechanism at your fingertips is powerful indeed.
So, in summary, I truly believe the scope of "identity management" is blurring into a more general and open "lifecycle management"; identities and certificates are just the start my friends, get ready for a brave new world! I say, name the new product "Lifecycle Manager 2009."
Who's with me? I ask, toga enabled.
Posts
2 comments:
Brad,
There is a presence of “identity” in everything. It’s only now that the industry living in a Windows world is acknowledging the overhead and headaches required manage them – weather a device or person - regardless, in the digital world they are all objects with some unique identification value.
I’d be a hypocrite if I said I’ve never done performed actions from the Sync Engine; however the question still remains is this the correct place for execution? Personally, I think this is one of the most EXCITING areas being introduced to the world of ILM Junkies! How I see it, you are definitely hitting the nail on the head.
A current focus in the world we live in are in connectivity (management agents) and not really the front-end processes required to support a “true” end-to-end identity management solution. A huge limitation in SPS2003/WSS was the advanced extensibility (although not impossible, was very time consuming) which was resolved in MOSS2007/WSS platforms; specifically allowing the product to fully compete with Notes, WebSphere, etc. In short, conceptually building advanced workflows, support apps, reporting, and even rebranding the ILM”2” portal, etc. and presenting them to the end user through a simple web part is not farfetched; therefore, count me in!
Chris
Brad,
The thing that ILMv2 has to be careful of is becoming too general, and not focused enough on managing of identities. IDM itself has specific requirements (and regulation compliancy) that would differ from managing services such as pagers, or requesting business cards.
ILMv2 is a solution built on other technologies focused on IDM, so it needs to provide exceptional core services.
So while I too see the extensible nature of ILMv2 portal to branch out of just identities, it needs to manage the identities very well first. One of the exciting things about work with the portal/framework is how customizeable it is, but certain use case scenarios should ship with the product. (Account reconcilliation, Account/Access Recertification/Reporting, etc.) They maybe able to be customized from the enterprise, but at least show the funcionality that can be built on the framework.
It might be harder to establish the business value of ILMv2 if it requires a development team to implement and manage it, compared to the "promises" of the other IDM vendors. (Reality is in larger enterprises, I don't think %100 "codeless" is possible). If the barrier to entry to provide a solution is high, it may not matter how flexible it is, if it is hard to implement.
I think the real "power" of the ILMv2 solution has been made possible by the inclusion of the Windows Workflow Foundation. Shipping with common workflow scenarios, but the ability to import your own really allows the product to fit the business needs.
I love the term "Notes-infected", because that is exactly how it appears to be. We don't want the terms "Sharepoint-infected" or "ILM-infected" to be also be coined though. It's not a good model to follow based upon looking at the Notes landscape.
Jef
http://jeftek.com
Post a Comment
Post a Comment