|
|
|
HOT TOPICS: IDENTITY MANAGMENT
One of the hottest topics in Information Technology at the moment is Identity Management:
| |
• Governments want to know the identity of their constituents |
| |
• Banks want a better way to identify their customers |
| |
• Departments of Transport don't want driver licences being used for identification purposes |
| |
• Companies want to restrict access to their facilities - buildings and their web site to those they can positively identify |
| |
• People want to safeguard their electronic identity on the Net |
Components
There are three main components to any Identity Management system:
On-line forms
An identity management program must provide easy access to the identity management facilities. Managers must be able to register a
new employee or update an employees record easily, anytime, from anywhere. Employees must be able to update their data records when
basic information changes. This requires an on-line form facility.
Workflow
Once a request has been entered, a mechanism to ensure the requested change is properly authorised is required. This necessitates a
workflow engine that can circulate the request details to the appropriate people to gain approval to make the change.
The workflow must be able to provision into the required applications.
Directory Synchronisation
A basic tenant of any identity management system is that identity data should only be entered once. Since it is generally unrealistic
to have all applications access a single identity data store, a system of authoritative data sources needs to be established. The
Directory synchronisation engine copies any changed data to the other repositories that store the data.
Employee location, for instance, will typically be owned by the HR system and copied to the email system, file & print directory and
white pages by the synchronisation engine.
Decision Points
An organisation wishing to initiate identity management has several decisions to make:
Target Population
Which core applications are to be included in the system. It is generally not
practical to modify all applications to utilise the new identify and access management
system. Core applications should be implemented first to ensure a realistic scope
for the project.
These will typically be:
| |
• human resources information system |
| |
• file and print directory |
| |
• email system |
| |
• white pages directory |
Role-based Access Control
Staff roles are the key to providing access to components of an organisation’s computer systems and to the ability to implement an
approval workflow.
It is important that there are a limited number of defined roles within the organisation.
Identity Product Suite
There are a number of suppliers now that provide an integrated suite of products to provide the whole identity and access management
service. Their on-line forms package integrates with their workflow engine, which integrates with their provisioning facility.
If this is applicable it is generally the best option – but support for the core applications must be provided. A “proof of concept” to
verify a vendor’s claims is generally a good idea.
|
| |
|
|
|
 
|
|
