Well I'm glad to hear our products have served you well. IMO though XSLT is a dinosaur and really not the best language for identity mapping. I think the simple JavaScript pattern we have exposed and the rich utility classes you can leverage from it are a vast improvement. Also the primary advantage to moving to ISAM in either Virtual Appliance or containerized deployment is the natural fit into modern automated devops practices. 

Regards,
Shane. 

Well I'm glad to hear our products have served you well. IMO though XSLT is a dinosaur and really not the best language for identity mapping. I think the simple JavaScript pattern we have exposed and the rich utility classes you can leverage from it are a vast improvement. Also the primary advantage to moving to ISAM in either Virtual Appliance or containerized deployment is the natural fit into modern automated devops practices. 

Regards,
Shane. 

Understand, but measure the cost objectively.  The XSLT -> Javascript conversion is highly unlikely to be significant, even for 100+ federations and partners. I would strongly suspect there sre a lot of similar rules, doing identical or near-identical mapping operations. In Javascript you can write common functions and import them into other mapping rules. This will reduce the TCO over time as there will be less to maintain. 

The more significant burden, being borne by everyone in modern IT, is digital transformation to automated devops processes. An up-front cost that is returned over time for sure, but one that I am certain is worth the effort. I wonder, for example, how many security vulnerability patches have not been applied in older software-based systems like that which TFIM is running on? How quickly can you [safely] respond to that, etc, including fallback to a previous version or patch level? Those things are generally not measured or taken into consideration until you become the victim of an attack. 

I would implore you to keep a broader perspective than just the transactional cost of going from TFIM->ISAM and XSLT->JavaScript. The value proposition is much more significant than that.

Well I'm glad to hear our products have served you well. IMO though XSLT is a dinosaur and really not the best language for identity mapping. I think the simple JavaScript pattern we have exposed and the rich utility classes you can leverage from it are a vast improvement. Also the primary advantage to moving to ISAM in either Virtual Appliance or containerized deployment is the natural fit into modern automated devops practices. 

Regards,
Shane. 

Hi Shane and all

I would like to re-enforce your point of automation and DevOps. In the ITFIM days (or even ISAM software stack as in V7), we could do some level pf automation but that was with different command lines and disparate tools. Now with the unified ISAM v9 (Virtual Appliance or Docker) we have found a DevOps friendly platform where all new investments that we made so far in our transformation journey (adopting Git, Ansible, Python…) are paying back already. We do more development now and less repetitive operations, and I believe that makes pretty much all team members happier, and we seem to have now an infinite backlog of good ideas to make our automation stack do more to help bring more value-add to our IT partners overall.

As for the ITFIM->ISAM migration, we did it in somewhere less than 60 days including coding, running processing of data export from ITFIM->Git->Massaging->Import to ISAM for about 40-50 feds. We did not need to contact our SaaS vendors as we kept our URL identical but of course we were well prepared and rehearsed. We decide to go that route after a preliminary pilot that demonstrated that we could rapidly apply small updates with our automation should the need arise. It provided us also more agility, and since everything is in Git, our knowledge base (configuration registry) is well protected and versioned. And we can rebuild any Virtual Appliance from scratch and be confident we can redeploy all federation no sweets.

As for going IDaaS cloud or not, the notion of DevOps in my mind will already remain relevant for provisioning your federations into the Cloud offering, as you would for provisioning your AWS EC2 instances if you believe in the value proposition of DevOps.

 Cheers

Understand, but measure the cost objectively.  The XSLT -> Javascript conversion is highly unlikely to be significant, even for 100+ federations and partners. I would strongly suspect there sre a lot of similar rules, doing identical or near-identical mapping operations. In Javascript you can write common functions and import them into other mapping rules. This will reduce the TCO over time as there will be less to maintain. 

The more significant burden, being borne by everyone in modern IT, is digital transformation to automated devops processes. An up-front cost that is returned over time for sure, but one that I am certain is worth the effort. I wonder, for example, how many security vulnerability patches have not been applied in older software-based systems like that which TFIM is running on? How quickly can you [safely] respond to that, etc, including fallback to a previous version or patch level? Those things are generally not measured or taken into consideration until you become the victim of an attack. 

I would implore you to keep a broader perspective than just the transactional cost of going from TFIM->ISAM and XSLT->JavaScript. The value proposition is much more significant than that.

Well I'm glad to hear our products have served you well. IMO though XSLT is a dinosaur and really not the best language for identity mapping. I think the simple JavaScript pattern we have exposed and the rich utility classes you can leverage from it are a vast improvement. Also the primary advantage to moving to ISAM in either Virtual Appliance or containerized deployment is the natural fit into modern automated devops practices. 

Regards,
Shane.