Different “types” of identities are currently used in enterprises, including:
- Network identities
- System/device identities
- Application/Service identities
- User identities
Each type of identity is mainly “relevant” at a specific layer in the enterprise “IT stack”: however all together concur in defining the current operational context, important to make decisions and impact businesses (e.g. in case of access control – the current context might be determined by a user’s identity, his/her roles, the fact he/she is trying to access an application/service, from a specific device connected to a portion of the corporate network).
So far the management of these identities has been done in a “compartmentalized” way, at different levels of abstractions: different provisioning, access control and auditing solutions are required, each of them operating almost independently from the others. Different type of policies and enforcement mechanisms are used. This creates duplication of resources/efforts, headaches to IT administrators and potential security holes.
I believe that in the future there will be more and more demand for integration of identity management solutions to uniformly and consistently handle heterogeneous types of identities, improve control and further simplify related processes. Hence, in addition to “horizontal” identity federation - across multiple players/organizations, I predict there will be an increased need and attention for “vertical” identity federation within an organization’s IT infrastructure. Have a look at http://www.hpl.hp.com/techreports/2003/HPL-2003-149.pdf for some initial thoughts about this concept and a related “Adaptive Identity Management” framework …
I believe this is a challenging area and, at the same time, a great opportunity in the Identity Management space.
No comments:
Post a Comment