Microsoft Preps Identity Lifecycle Manager
- By Stuart J Johnston
Microsoft is preparing a spring release for an identity management infrastructure tool aimed at simplifying credential administration across the enterprise. The new tool was announced last week at the RSA Conference in San Francisco.
Identity Lifecycle Manager (ILM) 2007, which is set to ship in May, builds on the metadirectory and user provisioning capabilities in the existing Microsoft Identity Integration Server 2003, adding support for managing credentials such as certificates and smart cards, company statements said.
It is designed to provide an integrated approach that pulls together metadirectory, digital certificate and password management, and user provisioning across Windows and other enterprise systems.
ILM 2007 aims to help IT organizations reduce costs associated with managing identity and access life cycles by providing a single view of a user’s identity across a
heterogeneous enterprise. For instance, IT shops will be able to automate management of smart cards and digital certificates via policies and workflows, statements said.
Microsoft also presented a road map for its identity life-cycle management strategy that include a version 2 release in late 2008.
According to company statements, ILM 2007 manages identity information across multiple stores by aggregating this information in a central repository called the “metaverse.” Management agents serve as connectors that translate data from these connected stores to the metaverse. For example, the e-mail system can be linked to its HR
database through the metaverse.
When an employee joining the organization is added to the HR database, ILM can automatically provision that employee to the e-mail system. Each employee’s attributes, from the e-mail system and the HR database, are imported into the connector space through management agents.
The e-mail system can then use individual attributes, from the employee entry that originated in the HR database, such as the employee’s telephone number. If an employee’s telephone number changes in the HR database, the new number will automatically be propagated to the e-mail system, the statements said.
Synchronizing user identities across multiple identity stores is another example of a process that can be automated with ILM.
Additionally, ILM will provide credential management features to Windows Server 2003 Certificate Authorities by acting as an administrative proxy. Once installed within an organization, all digital certificate and smart card management functions pass through ILM.
In other news at the RSA Conference, Microsoft announced it is collaborating with JanRain, SXIP, VeriSign, SixApart and Ping on the use of Windows CardSpace with the OpenID 2.0 specification.
Stuart J. Johnston has covered technology, especially Microsoft, since February 1988 for InfoWorld, Computerworld, Information Week, and PC World, as well as for Enterprise Developer, XML & Web Services,, and .NET magazines. Contact him at [email protected].