|
|
|
Entitlement Management
No identity management environment should exist without policy. In fact none ever does. In the many cases we come across
there is always a reason decisions have been made and people always know why things are why they are, but often these are
not written down and rarely have the policies that govern the identity management environment been formally agreed by
senior management.
ICA works with management on setting policy and ensconcing identity management policy in the organisation's governance
processes although we help to implement policies that are inherent in the business, whether they have been formally adopted
or not. It is incredibly important that Identity management policy be formerly adopted and approved, but we'll concentrate on making it work.
The standards
There are two standards that have developed to the point that entitlement management is now fully supported and is undoubtedly the was to go.
SAML
The security assertion markup language is a fully supported standard for the sharing of credentials between systems.
The basic core is the Assertion Request and Assertion Response message. These provide the vehicle for the requesting system
XACML
A small number of innovative companies have been employing policy-based identity management for some time. They have deployed policy enforcement points and policy decision points that are controlling access to restricted resources based on policy determined by management. These have, to a large degree, been proprietary systems specifically designed for the application in question, or an implementation of a specific vendor's access control system. While these have successfully implemented the organisation's policy at a specific point in time they have typically been hard-coded for a specific purpose and require a significant level of effort to manage or modify. In the event of a company merger or acquisition the shortcomings of the initial planning come to light and it is likely that a complete re-design of the access control system will be required.
We advise on the regimen behind XACML (eXtensible Access Control Mark-up Language) and use a standard approach to policy-based access control and one that will be the basis of most future vendor offerings.
The primary reasons why a customer employs ICA are:
| |
• Vendor independence |
| |
• Understanding of the complex technical requirements and environments in delivering Single Sign On, RBAC
(Role Based Access Control) & Unified User Management |
| |
• Clear knowledge and experience in evaluating different vendor capabilities. |
|
| |
|
|
|
 
|
|
