Category Archives: ILM

Cool Quiver of IdM Arrows

OptimalIdM just announced their latest offering, the Virtual Identity Server for Enterprise Group Management. This product solves a very specific pain point for many enterprises: synchronizing user membership in AD groups based on external identity information. Their product integrates with Microsoft ILM and is also available as stand-alone service.

I am going let my inner comic book geek out for a moment. In both DC and Marvel Comics there was an archer super hero (Green Arrow and Hawkeye respectively). These heroes not only had the ability to hit any target with unerring accuracy, they also had a quiver of specialty arrows that met specific needs. Arrows that delivered an electric shock, spread entangling nets, exploded, whatever was needed.

OptimalIdM seems to be turning into the Green Arrow/Hawkeye of IdM Vendors. In addition to their Virtual Directory, they have been busy rolling out a cool quiver of point solution arrows. You need AD group membership management, they have an arrow for that. You need to deploy SharePoint across multiple siloed forests, they have an arrow for that. Need to deploy an application that requires AD schema extensions your AD group won’t put in, they have an arrow for that too.

Afterall, who really needs the Hulk when a less destructive solution is at hand.

[Full Disclosure – the founders of OptimalIdM are former coworkers of mine at OpenNetwork Technologies.]

Where is Microsoft going on identity?

There has been some interesting news on Microsoft and Identity recently. Of course there is the recent acquisition o f U-prove. You can read Stefan Brands’ thoughts here and Kim Cameron’s here. I think that this is in theory a great move for Microsoft that could be very beneficial to the internet at large.

The real question is whether the theoretical benefits will ever realized by significant relying party adoption. As with SAML, OpenID, and Information Cards/Cardspace, it doesn’t matter how good the idea is or how many vendors back it, if popular relying parties don’t adopt it, it will remain an interesting topic of conversation and nothing more. I hope this catches on, I am just not betting on it.

There have been some interesting discussion going on at DEC (which I missed unfortunately). John Fontana has articles on it here, here, and here. There are three interesting thoughts here; Microsoft’s notion of an Identity Bus, opening the door to more standards adoption, and IdM as a service.

Of the three I think the notion of standards adoption is the most interesting to me personally since I have been involved in a lot of these standards activities. I would love to see Microsoft add support for the SAML protocol, XACML, and SPML.

Interesting times.

An Optimal Solution for Virtual Directories

Today at DEC2008 Optimal IdM unveiled their new Virtual Directory product. The Virtual Identity Server (VIS) is unique in that it is a pure .NET virtual directory intended for use with AD in a heterogeneous environment.


I expect this product to do quite well because it hits a real sweet spot in the market. A simple to install Virtual Directory based on Microsoft technology for the AD centric enterprise. I know from experience that there are a lot of enterprise customers that just don’t want Java solutions for their Windows server. For these enterprises VIS should serve as a nice compliment to AD and ILM.


Also the founders of Optimal IdM came from OpenNetwork Technologies prior to it’s acquisition by BMC Software. These guys know IdM well and they know what customers are looking for.


If you are looking for a Virtual Directory solution for AD, I would give this product a try.


[Full Disclosure – I worked with the founders of Optimal IdM at OpenNetwork Technologies]