"Which of our enterprise directories are we talking about?"

I overheard this sentence today in discussions with a client and it stuck with me because it summed up so well some absurdities of "enterprise identity management" (as well as many large scale technology projects).

Currently, user identities are usually stored and managed in identity silos and having the eneterprise directory (read single authoritative source of user identity data across an organisation) would be seen as a benefit, providing integrated view and forming a first step in a longer term identity management strategy. Which is, in theory, something highly desireable, but in practice often unachievable.

There is a number of challenges standing in the way towards the ideal of the entereprise service including incompatibilities between products from various vendors (even those based on open standards such as LDAP), ill-defined (intentionally or unintentionally) people-related business processes and disconnect between the need for long-term investment and of short-term cost control objectices. It is because of these difficulties, absurdities like multiple enterprise directories or multiple corporate PKIs can exist.

This is not to say that it is not possible to build such an infrastructure, but rather that there is far more to do to achieve it than to throw in some technology and expect it will find its own use and justification.

10:37:00 PM