On 5 September 2007, Oracle announced that it has acquired Bridgestream, an enterprise role management vendor based in San Francisco. Financial terms of the deal were not disclosed, but are estimated at approximately $30 million.

Oracle's acquisition of Bridgestream, a Gartner 2005 "Cool Vendor," is the first attempt by a large user-provisioning vendor to enter the broader IAM market, which Gartner defines as including user provisioning, role management for enterprises (RME), identity auditing and resource administration. Three smaller user-provisioning vendors — Beta Systems, Courion and Voelcker Informatik — already have their own RME capability. Other large software vendors — such as BMC, CA, IBM, Novell and Sun — have partnered with RME vendors (including Bridgestream) for some time.

Gartner predicts this RME-focused acquisition won't be the last. The use of RME products is fueled by regulatory compliance and workforce management pressures in the U.S. and Europe, the Middle East and Africa (EMEA). Two goals for managing these pressures are addressing segregation-of-duties issues through the use of roles (roles are not an end in and of themselves), and addressing identity-auditing needs for access reporting and attestation (roles are not required). RME and identity-auditing products can address these goals, and therefore the boundaries between those two markets are beginning to blur.

Oracle states that it plans to continue support for technical integration of the Bridgestream products with other user-provisioning products from IBM and Sun. If the acquisitions of other RME vendors by large user-provisioning vendors continue, technical integration between the RME and user-provisioning products must shift to service-oriented architecture (SOA) and Web services using standard products such as Lightweight Directory Access Protocol (LDAP), Service Provisioning Markup Language (SPML) and Extensible Access Control Markup Language (XACML), making it unnecessary for RME and user-provisioning products to come from the same vendor.

• Bridgestream customers: Even if your user-provisioning tool isn't Oracle Identity Management, stay the course with Bridgestream, unless your non-Oracle identity management vendor removes support for Bridgestream. Oracle has a good track record in integrating its product acquisitions and in retaining the brainpower responsible for the early success of its acquisition targets.
• Oracle Identity Management customers: Review your role management and identity-auditing needs. Bridgestream is a good RME choice, but don't rule out other RME or identity-auditing tools. Aim for the best pricing and fit with your role and identity-auditing needs.
• Customers seeking RME solutions: Review all RME and identity-auditing tools and chose a product that includes support for SOA technologies such as LDAP, SPML, XACML and Web services. Expect acquisitions among the remaining RME vendors, but don't use the market's fluidity as a reason to delay making any technology investment.

• "Magic Quadrant for User Provisioning, 2H07” — Driven by requirements for compliance and security efficiency, the market for user-provisioning systems has matured and grown, even as identity-driven governance and risk concerns raise new issues for customers. By Earl Perkins and Roberta Witty
• "Hype Cycle for Identity and Access Management Technologies, 2007” — Regulatory compliance continues to be a major force for changes in IAM technologies. By Greg Kreizman and others

(You may need to sign in or be a Gartner client to access the documents referenced in this First Take.)