Day 3 of the 4 day training course in Sydney, Australia, has just completed.
We have been hit for 6 in the range of mental athletics in the business implementation of the Role-Based Provisioning of Identity Manager 3.5.
It's a fantastic technology that I think is more of a glue - universal and flexible, quick to cure and yet can be warmed for extra movement.
IDM has a great background in the directory sync area - more common usage I think. The ability to then take the concept of business roles and apply them to the IDM model is fantastic to say the least.
However it's not all roses.
Be ready for plenty of consulting and querying of the customer - the difficult questions for some businesses (and I don't mean who gets the car park out the front) have to answered, let alone asked.
One example we have come across is the dissipation of the decision making process away from the "board" room to the minute-to-minute activities of the participants at the PC or terminal. Companies can still have the same decisions made but not requiring the removal of managers away from their more important roles.
Even better is the ability to remain uncompromised in a quorum decision; for example, a staff member Andy has to take over the role of Jim who's on holidays. Jim made the company purchases for production.
Andy makes an application for the role of Jim, and has to go through a quorum decision-making process with at least 66% majority.
In the process of allowing the new role for Andy, the decision makers do not see who amongst them has allowed the role change for Andy.
OK, so some developer skills are required. Yes, a few commands went through the fingers to the keyboard without a blink, but it's the architectural capacity that's impressive.
We are going to get dirty over the next few weeks with IDM so a few more entries to be made here.
Get to the ATT courses - well worth the human contact, particularly with the sharing of information and contacts.