""People think of role management as a one time function, but the business changes, the regulatory environment changes, and there are mergers and acquisitions," he said. "In addition, people are role accumulators throughout their careers."

"From an IT standpoint, there are so many entitlements," he added. "An IT organization supporting 20,000 users on hundreds of resources can be supporting individual entitlements in the millions or tens of millions. The question becomes how to manage it, given this scale.""

"This transition is more complex than it sounds, because it involves designing software that allows business users to play a bigger role in identity management business processes, such as requesting, approving, certifying, or removing access privileges." – I disagree. Aside from the "certifying" activity, the rest of these activities are the responsibility of the user provisioning systems.