I've said this repeatedly, but no one until now seems to get it. Identity management is interesting, but its not the point. Controlling access to resources is the point. No one goes to work in the morning saying, "Hmmm... I need to manage my identities." But everyone (well, security and IT people anyway) worries about how to control access to IT resources.
I'm not saying that IdM isn't important... it is critical. Effective identity management is something that you have in place before you can control access to resrouces. But IdM is not the goal; access control is.