An area of relevance to Identity Management is “Federated Policy Management”.
Policies are used to drive access control decisions and enforce accesses to resources. How to “synchronise” policies that are used at different levels of abstraction – for example in complex telecom or enterprise environments?
Ideally an organisation might want to define high-level policies, check for their compliance and manage them in a centralised way. However, the idea of having a general purpose policy language is unfeasible, given the current legacy systems and the complexity of the real world.
In practice, different policies are defined and enforced at each different IT layers (e.g. network, system, OSs, middleware, application/services, etc.). Keeping these policies aligned with (high-level) business and security objectives and fully understanding the impact of local changes to the global context is often a challenging experience.
I believe there are great R&D opportunities in this space (and some initial work has already been done, of course …).
No comments:
Post a Comment