The old year has passed and a new one has dawned. Yet, we can never really discard the old year (as we can throw away the calendar) because its legacy lives on into the New Year. Still, each new year brings hope for a better life and to mark this hope we make New Year's resolutions - vows to better ourselves in some way. Last January, I offered three possible resolutions for the identity management industry - let's take a look at how well they were kept.

1.) We need to consolidate standards as well as vendors. While electronic provisioning, for example, fueled the identity management revolution it's time to move beyond that particular niche. Provisioning is now only a small part of the entire identity management spectrum and needs to be integrated as part of vendor offerings.

Consolidation has been happening, although it was slow going for much of the year. Sun and Microsoft have launched a cooperative venture in support of Web services that presages better alignment of WS-Federation and the Liberty Alliance specification. This will be helped enormously by IBM's actions both in joining Liberty as well as taking on the task of implementing (using the Liberty spec) federation for France Telecom. Industry consolidation was typified by Computer Associates' buyout of Netegrity, HP's acquisition of TruLogica and Oblix' grab of Web services vendor Confluent Software. Looks like people were listening to me on this one.

2.) Privacy needs to feature more prominently as a major factor in identity management. Too often in the past, we've relied on the difficulty of retrieving information to act as a barrier to its accessibility. Computers, online databases and vastly improved search facilities make all data easier to find for even the most casual searcher. Those with nefarious ideas and stronger motives can compile remarkably complete dossiers on just about anyone in a matter of hours - or even minutes. We need to strive to enable data owners to have the power of informed consent when revealing information while still allowing authorized access to necessary information on an "as-needed" basis. It is a tightrope to walk, or perhaps more like a minefield, but privacy needs to be considered now before the backlash is upon us.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.