Still looking for a definition for ‘role’

Opinion
Oct 19, 20053 mins

* Can we get a standard concept for 'role'?

A recurring theme in this newsletter is the search for an ontology of identity management – finding the right vocabulary so that we can agree on the terms and their meanings, and talk about the interesting stuff. Those of you who follow my musings at either The Virtual Quill or A Journal of Identity Management may have noticed a “discussion” going on recently over the very word “identity” and its offspring, “digital identity.” But that’s not the term I want to talk about today.

Roles and role-based access controls are topics we bring up frequently. But I was reminded the other day that, perhaps, not everyone in the discussion has the same concept of “role.”

Ed Zou is the vice president of marketing at Bridgestream, which is (and has been for the last few years) a pioneer in the area of business roles automation. I met Zou at this year’s Catalyst conference where he was introduced to me as a new technology partner of Thor Technologies (see “Bridgestream separates business roles from IT roles”). I ran into Zou again last week at Thor’s Advisory Council meeting where we talked about – what else? – roles.

Zou reminded me that many of us with histories in network administration think of roles in terms of groups within the network directory. But, by their very nature, there are no relationships between and among groups. As Zou said, these groups “are typically defined only within directories without any context.” The patchwork created by managing roles and groups in existing directories and applications often lead to too many unmanageable roles and groups, what Zou calls “rogue roles.”

Now he had me backed up, with no escape and Zou the pedagogue went into high gear: “The terms ‘roles’ and ‘groups’ are used in different ways throughout the industry and within organizations. IT organizations use them to describe a class of access privileges. Business units use them to represent organization structure, responsibility, span of control and authority. For example, if Jane in the marketing department reports to the CEO, supports key sales initiatives at major accounts, manages three staff members, and participates in the revenue recognition team, she has four different business roles. Yet, most likely only two of these roles can be found in the directory: the direct reporting structure and the formal department that she belongs to. The other dimensions are difficult for directories to include and even harder to maintain. Her role changes and thus must be defined to be sensitive to business context, e.g., in-context roles.”

I now see why this current discussion of “roles” has spread so far and wide: There was the initial newsletter outlining Bridgestream’s philosophy, another outlining a definition from Eurekify founder Ron Rymon and yet a third view of “roles” from Symlabs Vice President Felix Gaehtgens. The three gentlemen have differing views of roles, and differing ways to discover, define and manage roles. If I could just get the three of them to sit down with me, perhaps over a glass of wine or two, maybe we could agree on a definition of roles. We’d also need to create some new terms for those areas that they would decide fall outside the new definition.

I’ll be at the Internet Identity Workshop next week where I hope to begin a dialog about the meanings of the terms we bandy about so recklessly at times. If you’ll be there, also, perhaps you’ll join me in that discussion.