Emerging Fundamental Points
- IdM provides significantly greater opportunities to online businesses beyond the process of authenticating and granting access to authorized users via cards, tokens and web access control systems.
- User-based IdM has started to evolve away from username/password and web-access control systems toward those that embrace preferences, parental controls, entitlements, policy-based routing, presence and loyalty schemes.
- IdM provides the focus to deal with system-wide data quality and integrity issues often encountered by fragmented databases and workflow processes.
- IdM embraces what the user actually gets in terms of products and services and how and when they acquire them. Therefore, IdM applies to the products and services of an organization, such as health, media, insurance, travel and government services. It is also applicable to means by which these products and services are provisioned and assigned to (or removed from) "entitled" users.
- IdM can deliver single-customer views that include the presence and location of the customer, single products and services as well as single IT infrastructure and network views to the respective parties. Accordingly, IdM relates intrinsically to information engineering, security and privacy.
- IdM covers the machinery (system infrastructure components) that delivers such services because a system may assign the service of a user to: a particular network technology, content title, usage right, media server, mail server, soft switch, voice mailbox, product catalog set, security domain, billing system, CRM, help desk etc.
- It is equally important for users to correctly identify and authenticate service providers as it is for service providers to identify and authenticate users. This aspect has largely been ignored during the early development of identity management.
- Critical factors in IdM projects include consideration of the online services of an organization (what the users log on to) and how they are managed from an internal and customer self-care perspective.
Capabilities of IdM systems include:
- User Management by a Help/Service Desk, as in creation, deletion, modification of user identity data by a staffed desk
- User Self Service, as in user being able to modify one's own mutable or correctable data - e.g. postal address, telephone number, and more importantly and frequently, one's own credentials. Credentials are the, typically, secret piece of information that allows a user to identify himself or herself to the IdM system
- Roles Based Delegated User administration, which involves, as an example a supervisor of an employee being able to modify certain attributes of an employee's user data. Delegation allows for scaling of an IdM solution in that local administrators or supervisors are able to perform permissible modifications without requiring a global administrator perhaps. Roles based aspect allows for the Supervisor, to be a role in this example, as opposed to a specific person. For e.g., today it might be Jane Smith who occupies the supervisor role of a local department store, where Debbie Forsyth is an employee; a few months down the line, the supervisor role might be assigned to a new person say, Joseph Peterson. At that point, no IdM system changes will need to be made, except removing Jane Smith from the Supervisor role and assigning Joseph Peterson that role at the local department store. Roles based access mechanisms also allow for implementation of privacy controls around user attribute data.
- Provisioning resources, as in the assignment of a desk or a phone to a new employee in an office
- Roles Based Access Control, as in the rights to access resources secured using a companion access control agent, by specifying user access roles within IdM system
- Entitlement to resource privileges, as in the privilege to read and update Human Resources paperwork (files and folders on a shared network drive) for a newly recruited Human Resources Administrator
Note that for each of the above, there could be a withdrawal action as well, as in withdrawal of privileges as the opposite of assignment of privileges.
Read more about this topic: Identity Management
Famous quotes containing the words emerging, fundamental and/or points:
“Adolescents, for all their self-involvement, are emerging from the self-centeredness of childhood. Their perception of other people has more depth. They are better equipped at appreciating others reasons for action, or the basis of others emotions. But this maturity functions in a piecemeal fashion. They show more understanding of their friends, but not of their teachers.”
—Terri Apter (20th century)
“Much of what contrives to create critical moments in parenting stems from a fundamental misunderstanding as to what the child is capable of at any given age. If a parent misjudges a childs limitations as well as his own abilities, the potential exists for unreasonable expectations, frustration, disappointment and an unrealistic belief that what the child really needs is to be punished.”
—Lawrence Balter (20th century)
“If I were in the unenviable position of having to study my work my points of departure would be the Naught is more real ... and the Ubi nihil vales ... both already in Murphy and neither very rational.”
—Samuel Beckett (19061989)