Identity Administration

Identity administration models include centralized, delegated, and self-service administration; delegated administration with workflow approval; public key infrastructure (PKI)-based administration; federated IdM; and automated administration. The identity of the person who is being allowed to administer designated IdM stores, functions, and data is often the principal difference among the models:

• Manual: Administration of identity data and functions by IT personnel or LOB representatives; identity data may be entered directly into application environments that don’t source identity information from a shared service or into a user provisioning system that distributes identity data to multiple applications.
• Automated: Administration based on rules according to business, security, or regulatory policies—accounts are created or access is granted based on the value of certain attributes (e.g., “if cost center is xyz, then permit access to procurement system”); these rules are evaluated and processed without human intervention or workflow approval:
  >>Workflow approval: A subset of automated administration requires the review and approval of system, resource, or application owner.

>>Federated: In federated models, identity attributes are sourced from partner systems in an automated fashion at runtime. This is also known as just in time provisioning of access.

• Self-service: Administration of selected user-specific identity data by the users to whom the data pertains. Self-service interfaces are increasingly required to allow internal or external users, who are often the best information source, to update and manage a subset of data about their identities and therefore shoulder a portion of the administrative cost. Self-service capabilities can include self-registration, subscribing to published services, maintaining personal data, and self-help such as password resets.

Federation : The Empire Strikes Back

What is Federation?

Let us discuss the challenges of Identity Silos.

Enterprise IAM suites provide a tightly coupled integration with managed resources.

This is better than having indipendent ID's on individual systems. But falls short of the ideal solution where we can maintain the unified identity outside the enterprise domain.

With increasingly collaborative environment being enabled by online communities there is a need for a loosely coupled system providing a way to identitify users accross domains which collaborate frequently.

This is what Federation addresses.

So to summarize technically, Federation is:
1.A set of technical, legal, and operations agreements that facilitate distributed identification, authentication & authorization across boundaries (security, departmental, organizational or platform).
2.A model based upon trust in which user identities and security are individually managed and distributed by the service providers or member organizations.
3.The individual organization is responsible for vouching for the identity of its own users and the users are able to transparently interact with other trusted partners based on this first authentication

The figure below depicts a typical Federated environment:

Entitlement Management: Business Value

The business value of an Identity Solution is directly proportional to the number of integrated business applications and systems.

Business applications and systems have owners
•Owners must be convinced to integrate with IAM
•Convincing stakeholders requires tangible business benefits:
–Business Executive Sponsors
–IT Executive Sponsors
–Business Owners
–IT Custodians

Implementing a successful Identity Management systems requires a "Buy-in" from all stakeholders. Only when the functional requirements are clearly defined does the IAM program deliver maximum benifit to the organization.

Corporate Identity Projects: The Stakeholders

Implementing a Corporate Identity management program affects not just the IT infrastructure and operation but also impacts the Business as usual. IAM solutions provide services to multiple business applications, and involve a broad group of stakeholders.

Understanding their concerns and perspectives is a key project success factor.

Identity and Access Management Business Drivers: Why, Who and Where

There are various Business Drivers for implementing IAM solution.

Its is critical to know what your stakeholders want for an IAM program to be successful.

In our next post we will take a look at some of our prime stakeholders.

Identity and Access Management Overview

Identity and Access Management is the set of business processes, information, and technology for managing and using digital identities.

The diagram below illustrates these various components :

What's my Identity ?

Who am I?
Depends on who's asking.
Depends on when he's asking.
Depends on why he's asking.

This gives rise to the various dimensions of Identity.
Okey so let me be more specifc. We will restrict ourselves to talking about one's Digital Identity.
There are three aspects to it:
1> Who we are , this will be the personal attributes as in our name, our fingreprints our Social Security number etc.
2> The context, this is the frame of reference our identity is being used. Put simply it means how do we relate to the situation in which out identity is being used.
3>The profile, this maps to the specific role we play in the system. So your profile in the organization you work for is "An Employee" , your profile in Google is that of "A User" or "Client", unless you work for Google, then you would be an employee.

These three concepts make up for the basis of our Digital Identity.
Hopefully this has helped clarify the fundamental question.

For more discourse on Identity Management, keep a tab on this URL and more will follow.
Your comments are most welcome.