Identity Management (IDM)
July 23, 2008
The previous post discussed the purpose of RBAC in improving the administration of access control. This post discusses how RBAC is extended to address Identity Management (IDM).
A successful IDM programme will leverage the repository of role information produced for RBAC to gain even greater rewards including automated account provisioning/deprovisioning and workflows.
Definition
- Appropriate and timely access to information assets
Business Case
- Security Efficiency
- Automated Provisioning and Deprovisioning of accounts
- Security Effectiveness
- Visibility and control e.g. application of the principle of Least Privilege by reducing accumulation of unnecessary access rights
- Business Enablement
- Agility and performance e.g. productive employees from the moment they commence employment or change roles
Process
- Identity Process (User Lifecycle Management)
- Proofing of identity assertions (i.e. background checking)
- Enrollment and self-service of profile information
- Access Model Process (Role Lifecycle Management)
- Provisioning and deprovisioning
- Recertification of access rights
- Integration with Information Security and broader Business workflows
- Information Security: Security Event Management (SEM)
- Broader Business: starter/mover/leaver process
Diagram
Identity Management
More Info
- Liberty Alliance (Proofing) - http://www.projectliberty.org/
- The Open Group (Architecture) - http://www.opengroup.org/idm/
- Microsoft Lifecycle Manager (Solutions) - http://www.microsoft.com/windowsserver/ilm2007/
- Courion User Provisioning (Solutions) - http://www.courion.com/
- Computer Associates (Solutions) - http://ca.com/us/identity-management.aspx
July 25, 2008 at 3:03 pm
[...] More Info: Liberty Alliance and blog post on Identity Management [...]
January 13, 2009 at 11:17 pm
[...] Identity Management (IDM) [...]