A marketing brochure the other day that claimed “Today’s average enterprise utilizes 16 different directories,” touting their synchronization engine for provisioning and de-provisioning. The vendor’s take seemed to be that 16 was a huge number, but I merely chuckled to myself. Fifteen years ago, while barnstorming the US for a provisioning vendor I would frequently ask the audience how many identity stores they’d identified in their organization. I still remember one memorable response: “we’ve found 116, but we’ve only just started looking.”

Ten years ago, soon after the Liberty Alliance introduced the concept of “federation” as a way for partners, clients, vendors and others to share authentication and authorization, I discovered – again, by asking users at a conference session – that one of the major uses of the federation technology was to connect the different parties after mergers and acquisitions so that the newly formulated organization could do real business while the IT department caught up with the different, disparate and often unconnectable systems that existed in the various parts of the enterprise. The standout memory here was one of the “big 5” US banks who had acquired a small, community bank in California which was still running one update program on an old (i.e., pre-1980) Z-80 single-board machine which couldn’t be integrated with the bank’s network nor was it viable to re-write the software. They never did find a way to connect it directly to the bank’s systems. Read more here…