The end of the firewall is something I've talked about before in this newsletter as well as, more extensively, in the Windows Networking newsletter (see "Time to rethink the term 'firewall'"). When the network becomes borderless, you can no longer police the border. That topic came up in a conversation with Steve d'Alençon, senior vice president of marketing at Encentuate, when he said: "Enterprise perimeters are disappearing."

He went on to explain that he meant that end-users access corporate networks and resources from a wide variety of end-points and access paths, such as personal or shared workstations within the office, PDAs of many varieties, kiosks, home office computers, virtualized remote access terminals and more.

But not only are people accessing the network from multiple places, platforms and paths - the experience on each of those can be very different. Mobile users can be users who move within the building or campus or those literally on the road for a business trip or sales call. They receive an inconsistent user experience to access the systems, applications and information they need to perform their job. According to d'Alençon, this heterogeneous environment is a trouble spot for IT to provide a consistent end-user access experience, consistent identity, security and access control, workflow policies across end-points and compliance tracking.

Well, that's true as I think we all can agree. But is it relevant to our identity management discussion?

It's relevant, d'Alençon said, because a "user-centric end-point Identity and Access Management (IAM)" approach is the only way to deliver balance. User-centric end-point IAM effectively solves the business issues of multiplying end-point devices, inconsistent end-user access experience, threat of a security breach, IT ease of management and compliance tracking. He explained that by "user-centric end-point IAM," he means a solution that balances the enterprise and IT requirements for monitoring, control and compliance with the end-user imperative of convenience.

It's this last element, user-convenience, which often gets left out of the equation as far as I can tell. And it could be a big reason why many IAM projects fail - or at least are less successful than predicted. d'Alençon explained why:

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.