Subject Re: Gartner Hype Cycle for IAM
From "Andy Swiffin" <a.l.swiffin@xxxxxxxxxxxx>
Date Mon, 27 Jul 2009 09:43:41 +0100

>>> On 26/07/2009 at 15:15, in message
<20090726141615.5AD7B8800E@xxxxxxxxxxxxxxxxxxxxxx>, Alex Reid
<alex.reid@xxxxxxxxxx> wrote:
> Dear colleagues (sorry for cross-postings),
> If you have access to Gartner research, you may find the following 
> recent publication & analysis interesting.
> Gartner Hype Cycles are an appealing way of understanding where 
> various technologies, systems, etc are in terms of their maturity, or 
> excessive hype!
> Gartner clearly see IAM as starting to mature, with federation 
> gaining ground;  they see SAML as key.

Which makes all the more ironic the difficulties I had in setting up our own access to Gartner.

They, not surprisingly, require a subscribing organisation to provide authenticated access.  They supply a script in various languages (I used PHP) which will pass users through to Gartner after authentication and they ask for one of two  modes of operation, one where we must supply a full set of personal information about a user such as first/last name email address etc (which we declined to do)  or for us to identify our users by a unique but opaque identifier.  

What they don't offer is any form of federated access :-(   When asked if they intended to do so the reply was:   " The Federated Identity model is not something Gartner supports at this time. Hopefully, Gartner will elect to change our support model in the near future."  ......

Anyway, when I saw they were asking for an opaque identifier my immediate thought was "I already have one of those"....  Unfortunately ePTID was _not_ suitable in its normal form as its too long, and in fact according to the documentation even with the scope stripped it was still too long.    Thankfully, after checking with Gartner support it seems that the documentation isn't quite right and ePTID is usable with the scope stripped (and the trailing "=" padding), so it was a fairly simple matter of sticking their script in  a shibboleth protected apache folder and passing (the slightly modified) ePTID as identifier.   So we _do have_ Shibboleth authentication to Gartner :-)

One unfortunate side effect of this slightly "cobbled" approach is that when I get my daily Gartner email alert for the paper which Alex mentions, I can't just click on the link to read it as it takes me to Gartners own login page....  Ho Hum...  I'm just waiting for them to catch up with their own advice.

Andy Swiffin

The University of Dundee is a registered Scottish charity, No: SC015096