I am just back from the RSA Conference in San Francisco.   Here are 5 of the happenings that seemed most significant to me:

1. Oracle purchases Sun -When I walked into the Moscone Center early Monday I was greeted with the news of Oracle's purchase of Sun Microsystems. Not that Sun's availability for corporate marriage was in doubt, but who would have guessed Oracle? I think the quick security oriented takeaway is that there is no security oriented takeaway. Oracle is buying Sun for a lot of reasons (Java, Solaris, to name a few) but I don't think Sun's security products are one of them. Given the significant high-level overlap between their respective security management related offerings it is anyone's guess how the deck will ultimately get sorted at the combined organization.
2. Where did all the security pros go? - Anecdotally, attendance seemed down to me this year. Given that the majority of people who typically attend this event have to travel a long way, it wouldn't be surprising if attendance was down owing to the overall economic slowdown.  I am confident attendance at the RSA Conference will bounce back, perhaps as soon as next year.  It is still one of the key happenings for security professionals. 
3. SaaS security is starting to move up the hype cycle - How do I know that SaaS is moving up the hype cycle?  When everyone is talking about something, that nearly no one has any experience with, no one can define in the same way (ask any two people and you will get at least three opinions) and that three eminent cryptographers are simultaneously positive, negative, and bored with...you know that a technology is in the midst of climbing the hype cycle.  One thing that everyone agrees with is that there are significant security issues with SaaS. 
4. The birth of the Kantara Initiative - If you have ever been frustrated with the pace at which industry adopts standards, then you need to check out the Kantara Initiative www.kantarainitiative.org.  At Monday's Liberty Alliance coordinated workshop http://projectconcordia.org/index.php/April_20_pre-conference_workshop, Brett Mcdowell announced the birth of the Kantara Initative, which, as its name implies (if you speak an African dialect or Arabic), is designed to bring us all together to deliver on the need for a privacy respecting online identity system that among other things will coalesce the identity needs of consumers, enterprises, and governments.  The adoption of standards is more than creating technical specifications, thus the Kantara Initative will be doing more.  Maybe helping to convert the Venn of Identity  into the Zen of Identity (apologies to the true author of this witty phrase if I didn't make it up...I never remember how half the things get into my head)
5. SC Magazine Awarding CA the Readers Trust Award for Best Identity Management Solution - I know what you are thinking "shameless promotion" http://www.ca.com/us/press/release.aspx?cid=204071

What can I say, it's nice to see your friends and colleagues get kudos for their hard work on a key CA security product, namely CA Identity Manager.   This is not self-congratulations as I work on the Web security solutions at CA, namely SiteMinder, Federation, and Web services security, and not directly on CA Identity Manager.  

For anyone who will be at the Kuppinger Cole identity conference next week in Munich Germany, please stop me and say hello.  I will blog about that conference probably on the flight home to Boston.

http://www.id-conf.com/eic2009