Mark Diodati has this article about what he terms Identity 2.0, while I agree with his assessment that much of IdM seems frozen in time, I’m not sure I really agree with what he considers the new identity management. ESSO, for instance, is something I can’t really say has changed a whole lot in the last five years.
But Mark makes a great point about integration in IdM:
For example, organizations are integrating enterprise SSO with provisioning and strong authentication products to improve application security. Provisioning products provide better security because they can change passwords more frequently in both the target application and the user’s enterprise SSO wallet. Strong authentication systems (like OTPs) solve the “keys to the kingdom” problem — eliminating weak password-based authentication, which enables access to many applications.
Meanwhile, WAM and federation products are “best friends forever” because neither product provides the complete security package for Web applications, but when combined, work synergistically. WAM provides the authorization and session management, while federation provides the enterprise-to-enterprise (E2E) SSO functionality.
Another trend in the enterprise is the coupling of provisioning and strong authentication systems (e.g., OTP or smart card). When integrated, the provisioning system can manage most aspects of the authentication device. Two benefits are the elimination of near-duplicative identity management processes and timelier identity lifecycle management, which becomes especially important when employees are terminated.