Thursday, March 15, 2007

Setting the record straight on Oracle Identity Architect's blog

Those of you that read Oracle's Identity Management product architect Nishant Kaushik's blog may have recently read this post where he comments on the behaviour or IBM Tivoli Identity Manager's (ITIM) reconciliation function and contrasts it with Oracle Identity Manager (OIM).

Nishant had attended the RSA conference and sat in on a session titled "Delivering Security Integration with Compliance" by IBM's Stuart McIrvine. The following question was asked by an attendee:
"How do you figure out and correlate the account [say account 'jsmith2345'] with the identity [John Smith] it belongs to".

Apparently Stuart's answer was:
"It is based on matching of a common attribute tracked on both the account and the identity. This could be an employee id, a social security number or some other attribute that makes sense."

Nishant's critique on ITIM was that it should really support pattern recognition based matching like OIM does. I have news for readers...ITIM does. I'm not here to defend ITIM. Remember, I no longer work for IBM. I just happen to be in a position where I know ITIM inside out and felt the need to set the record straight.

I actually did attempt to do this by commenting on Nishant's blog in response to his post about a month ago. I waited and wondered why it didn't appear. I was about to rant about how Oracle suppresses information that does not aid OIM's case until our good friend Google found my response here.

While this isn't exactly suppressing information, it is still not good enough in my opinion because it's almost impossible to find unless you're specifically looking for it like I was. My observation of Nishant's blog is that he seems to route all comments relating to his posts into his discussion forum. If you look at his posts, it looks like no one's commenting (the footers all say "comment[0]"). Not exactly useful because there's no easy way to track the comment thread from the original post. Heck, I can't even find a link to the discussion forum itself. Maybe I'm not looking hard enough.

I seriously doubt Nishant reads my blog so if anyone knows him please pass this message on. I'd email him, but I have a feeling it'll be ignored.

UPDATE: I received an email from Nishant shortly after publishing this post. The email was sent in reply to my comment on his blog which I mentioned above (looks like he gets an email everytime someone posts a comment). So maybe he doesn't ignore emails...he just takes a very long time to answer them...or maybe you need to make a blog post which provides him with a compelling reason to act :-)

No comments: