• United States

Identity management boundaries

Feb 24, 20033 mins
Access ControlEnterprise Applications

*Where does identity management fit in?

Intersection, conjunction, boundaries, overlaps, tangents and diversions – these are just some of the terms you (the readers) asked about in response to our change of focus to identity management.

Daniel Beckett, from DewPoint (a Web services consultancy, asked me to talk about the convergence of identity management and Web portal technology.

At the same time, Jeff Davis from SafeStone (which provides secure access products, inquired about the boundaries among identity management, Web management and provisioning management.

First, the boundaries question. It’s not like trying to get from Spain to Gibraltar or vice-versa (e.g., you can’t fly from one to the other directly so you have to take a roundabout route). It’s much more like the boundary moving from Colorado to Kansas – you suddenly realize there aren’t more mountains and you didn’t really notice a change in scenery.

Electronic provisioning is rooted in identity management. The ease with which e-provisioning apps can automatically integrate a new hire into the enterprise, move an existing employee, or remove someone who has left the organization, is tightly coupled to the ability to identify and equate user objects in very different applications, services and datastores. The directory provides the foundation upon which an identity management framework is constructed, which in turn leads to provisioning services.

Web management can mean different things to different people – it can mean using browser-based management tools for the network and the enterprise or it can mean the management of Web-based services and the users of those services.

In either case, though, it’s directory objects we’re talking about – application objects, user objects, service and server objects. To paraphrase Dorothy in the Wizard of Oz, “routers and switches and hubs, oh my!” Identity management is crucial to controlling access to these systems and services but it’s also necessary for personalizing and customizing their use.

I’m not saying these three areas will converge to a single technology, just that the distinct technologies are interdependent.

As to the convergence of portals and identity management – it better be happening right now. The winners in the portal space will be the vendors who make best use of identity management technologies. Not only user object management and identification, but also service object management and application object control. Users will use and managers will choose those portals that allow fine-grained control of customization and personalization. Network managers and administrators want to allow self-service portal applications for users that relieve helpdesk congestion while adhering to corporate security policies. Identity management is the route to solving these issues.

Any more questions?