The other side of the article

It’s seldom that I publish more than one blog post on a single piece, but Mark Diodati’s article “Changing times for identity management ” (login required) spoke of two main themes that I felt needed to be discussed.  In an article on IdM Thoughtplace, I looked into some issues of what composes “New School” Idm.

In this piece, I’d like to comment on a couple of points that Mark makes that I particularly agree with.

First off, Mark mentions that thorough analysis and review of IdM offerings is essential.  The selection team/steering committee  needs to remember that no IdM product exists in a vacuum.  Testing against ERP, enterprise LDAP/AD and other key systems is essential, and involving a pilot group is key as well.  I’d go a step beyond what Mark specifies, by adding that your pilot group needs to be multi-disciplinary. Just IT or Help Desk folks won’t cut it here.  Make sure there’s some HR and ERP users along with other “typical” users in your organization.  You’ll need to do a little more hand holding and training earlier that you’d like, but you’ll get better responses and metrics in return.

I’m also in agreement that you should review all offerings and available features/upgrades from current infrastructure. That “buried treasure” could be the key to keeping your infrastructure secure and compliant. Also find every way possible to use and reuse your current infrastructure., it can pay off in the long run.

It’s a tough economy out there, but that does not mean that you should stop your review of  IdM improvements.  Use the current time for evaluation and planning.  Bring some vendors in for a PoC to make sure it fits into current infrastructure.  The best place to start looking is right in your server rooms and data centers.  Go to it!

Advertisements

More Thoughts on Federated Provisioning

If we look up the definition of the term “federated” in the Computer Desktop Encyclopedia via answers.com it returns this definition:

“Connected and treated as one. See federated database and federated directories.”

This definition makes sense when we discuss identity.  We have two systems within separate legal entities separated by a barrier.  At one time this barrier was  like a wall, a fortress.  Entry was made through prescribed gates.  Today it is more like a cell with it’s bi-layer lipid membrane and  trans-membrane proteins.  It acts as a protective barrier and a regulator of transports in and out.  When we connect the IdM system of one entity with another they are treated as one; however, the other sub-system elements are logically subordinate so if we talk about federated provisioning there is a strong argument that it is semantically irrelevant.  Ian Glazer is right there is only provisioning.