Information Technology News| IT News India | IT industry

presented by

Provisioning Service (fig 4) systems are relatively new and their implementation faces several technical problems especially in terms of interoperability. Further the line of demarcation between provisioning and identity management services are rather blurred. The primary task for the provisioning service is to automate the process of creating and maintaining digital identities by leveraging on existing user information contained in the organization's IT infrastructure. It should also speed up the process of granting and revoking user access entitlements for information resources.

A typical provisioning service system should include a translation engine, a workflow subsystem, an event logging sub-system, a database to support the workflow and event logging as also agents to communicate with applications to gather user access information.

The Identity Management Service system typically handles the traditional user administration tasks such as user registration, user change management and de-registration. It is also expected to resolve logistics issues associated with deployments. It employs workflow to administer users on an individual, group and organizational basis.

The Identity management service enables creation, deletion or modification of user profile, change of user's role or his association with a function, business unit or organization. It also usually includes user self-service options to initiate the process of setting up user identity in the directory by enabling filling out customized forms, modification of personal details such as contact information and managing user passwords.

The Access Management Service system is primarily intended to provide a mechanism to establish the identity of a user (specifically an external user) and to determine the extent of access permissible once the user identity has been established. The external user identity and authentication can either be proxy-based (fig 4) or a plug-in (fig 5) based.

The Single-sign on capability that would be made available through the access management service would enable users to access a number of web sites or services without the need to re-authenticate for each subsystem.

The Presentation Service provides a personalized interface for all user interactions with the system. It also provides a personalization feature using the data stored for identity management purposes and can be used by many enterprise portals and content delivery applications. Needless to say the relevant enterprise portals and applications will have to be integrated with the EIM system. A typical approach is to customize the integration solution based on http headers and application programming interfaces.

While the specific EIdM technology to be deployed would depend upon the overall Enterprise IT Architecture components mix, the extent of vendor support that may be available and the IT team experience and expertise, as a first step it is vital to establish a set of clearly defined permissions and security policies and to ensure that these policies are enforced in a real-time mode as part of the Enterprise Identity Management Strategy.

As is the case with any IT project, the first step for an EIdM initiative is to assess the business requirements followed by gaining an understanding of the Enterprise IT infrastructure. It is also vital to establish unambiguous IS Security and Access policies. These would then be followed by:

• Establishing Directory Service & Standards
• Evaluating available IdM tools and technology
• Implementing Identity Aggregation & Synchronization (a task easier said than done)
• Automating Provisioning, De-provisioning and Group Management; and
• Consolidating Identity Stores.

The following issues should also be borne in mind during an EIdM initiative:

• Need for a clearly defined enforceable Security Policy Frame work
• Access & Privilege
• Data / Information classification
• Internet related security; and
• Remote access to employees
• Unambiguous application level access policies
• Big bang approach may not be the right approach
• ROI may not be measurable in a short duration of time (one to two years)
• Evaluation and selection of IdM tools and technology may prove to be a challenging task; and
• Not just a technology deployment but a strategic business initiative.

Article Home

Product Reviews
Forsa GeForce 7600 GS
Share Music over iTunes

Digital Communication
Go Local For Broadband
RFID: Emulate the Internet

Channel Tech
Super Storage On Its Way
Globalsat GPS gets certified by Dell

	Make a life with software lifecycle
	Try Airtel Conferencing now!
	Strong Business needs Green Intelligence

	Motorola : Good Mobile Messaging
	Smart Enterprises = Smart CIOs
	"Start, Build & Advance your PM career"

	NSA: Network security & performance
	How to fix web application security and compliance issues

	Integrate your diversified system environment - Wipro
	HP Business Availability Center
	Transforming Business