Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / January 2006

Tip: Looking for answers? Try searching our database.

identity management

Thread view: 
Enable EMail AlertsStart New Thread
Shane Petroff - 06 Jan 2006 08:01 GMT
Sorry for the off topic post, but these groups have a wide audience, so
hopefully someone can help.

I need to find a good pitch for doing identity management. I personally
don't need to be sold on the idea, but I'd like to find a site which has
a description of the benefits of IM which is sexier than anything I
could put together. Google can find a gazillion papers, but wading
through them is fairly daunting. The vendor descriptions tend to be too
biased and too sensational, and there is a whole lot of crappy articles
as well. If you happen to know a good resource, I'd appreciate hearing
about it. Thanks.

--
Shane
Reply to this Message
Chris Smith - 06 Jan 2006 08:21 GMT
> Sorry for the off topic post, but these groups have a wide audience, so
> hopefully someone can help.
[quoted text clipped - 3 lines]
> a description of the benefits of IM which is sexier than anything I
> could put together.

Oh great, another "_____ management" buzzword.

What, exactly, do you want to make a case for?  I've spent a few minutes
now looking around the Internet, and as far as I can see "identity
management" is just a fad-ish term meaning authentication.  Literally
millions of software applications do authentication, and when it's a
requirement, I seriously doubt you'll have a hard time making the case
for it.

If there's something besides authentication that you want... something
specific, perhaps, like single sign-on between systems or
challenge/response authentication schemes (both of which I found
described as "identity management", for example), then it might help to
be more specific about that.

Signature

www.designacourse.com
The Easiest Way To Train Anyone... Anywhere.

Chris Smith - Lead Software Developer/Technical Trainer
MindIQ Corporation

Reply to this Message
Shane Petroff - 06 Jan 2006 17:29 GMT
> Oh great, another "_____ management" buzzword.

It has too much traction and too much staying power to be called a
buzzword. Federated Identity Management is something of a buzzword, but
even that has been around since approx. 2002. (I don't happen to care
much about FIM because I'm not in the B2B sector) You likely haven't
heard of it because IM is largely an administrative/management issue and
is particular to large organizations.

> What, exactly, do you want to make a case for?  I've spent a few minutes
> now looking around the Internet, and as far as I can see "identity
> management" is just a fad-ish term meaning authentication.

Certainly authentication services are a central piece, but there is
more. One needn't look any further than user provisioning to see some
value. In my case I'm looking at creating some 30K users across about 10
applications (not everyone will have access to everything, but there
will be a significant number of combinations). The second phase will
involve about another 60K, but these will be limited to 2-3
applications. Given that some of the legacy apps utilize proprietary
storage and cannot be scripted, one is forced to hire a bunch of
typists, then waste additional money having users vet the data and
submit help desk requests to fix all of the errors. That's a lot of
money wasted when a scriptable, centralized approach would be much
faster, much more accurate and cheaper to maintain. Add to that number
the existing 5K users and you are into a realm where a cogent strategy
to IM is the only reasonable approach. How else does one manage the
consistency and accuracy of all the duplicated data sitting in some half
million user records stored in a dozen different formats on who knows
how many servers? Perhaps that is one of the things I'm after though,
where is the threshold beyond which centralized IM makes sense?

> Literally millions of software applications do authentication

Lack of standardization is indeed part of the problem...

>, and when it's a
> requirement, I seriously doubt you'll have a hard time making the case
> for it.

That is a truism; if it's a requirement the case has already been made.

> If there's something besides authentication that you want... something
> specific, perhaps, like single sign-on between systems or
> challenge/response authentication schemes (both of which I found
> described as "identity management", for example), then it might help to
> be more specific about that.

I'm not at all interested in the mechanics of authentication, that is
encapsulated in the IM software and the risk analysis utilized to pick
the desired protocols is a business decision. From a programmers
perspective, my intent is merely to write a new JAAS LoginModule once
the customer picks an IM solution. I'm bringing the issue forward since
my gut tells me that this volume of data, the disparate data formats and
the amount of duplication in a decentralized model sounds like trouble.
I'm also pitching it because as an ISV it limits my liability. Why would
I want to shoulder the cost of notifying people in the event of a
privacy breach? I'd prefer to leave the mechanics and risks of
authentication to someone else, because the cost of 100K stamps alone is
more than I want to eat.

--
Shane
Reply to this Message
opalpa@gmail.com - 06 Jan 2006 18:33 GMT
Okay, identity management is centralized user names/logins, with
permitted actions and accounting.

You bring up a few key things to consider in your second message.   One
is estimate of value of this effort.  There are instituations that work
fine in isolated clumps and there is little value in seeking
consistancy and close to no value in reducing duplication.  What you
need to find is what benefits come about?  What becomes possible with
centrailization in place.
Also evaluate the viability of isolation and you can answer: " where is
the threshold beyond which centralized IM makes sense?"

> Given that some of the legacy apps utilize proprietary
> storage and cannot be scripted

There is a price associated with scripting it, not that it cannot be
scripted.  That's something you want to be part of your pitch -- how to
reduce errors and withold dangerous rights from operators.

http://www.geocities.com/opalpaweb/
Reply to this Message
dwight - 06 Jan 2006 22:01 GMT
Have a  look at www.visiphor.com . Their Briyante solution is very
elegant, and you have to see how light-fingered, low- labour and
politically neutral it is to believe it. The more disparate data you
have, the more it stands out.

Dwight Jones
Imagen

> > Oh great, another "_____ management" buzzword.
>
[quoted text clipped - 59 lines]
> --
> Shane
Reply to this Message
sh3khar.jha@gmail.com - 07 Jan 2006 03:37 GMT
If you really want to create business use cases, you need to first
understand what is the problem that you are trying to solve but it
seems that you may need a combination of strategies (i.e. repository
consolidation, authentication consolidation - WebSSO, administration
consolidation - provisioning). If you are not clear about the concepts
you can look at few blogs like mine
(http://identityaccessmanagement.blogspot.com/) or here
http://storm.alert.sk/blog//identity/enterprise/re-mcgovern-1.html.
Then there are a few blogs from vendors specifically target this. Any
way for your business case you can check out these (
http://blogs.sun.com/roller/page/identity?entry=identity_benefits,
http://blogs.sun.com/roller/page/identity?entry=identity_objectives,
http://blogs.sun.com/roller/page/identity?entry=identity_problems)

Also, if you do have money the best bet would be to check out the
Burton Group's latest best practice document on IDentity Management
specifically on how to develop the use cases of IDentity Management.
Other than that you can contact me through my website.
Reply to this Message
Shane Petroff - 11 Jan 2006 20:43 GMT
Thanks everyone, for the links/ideas. That should give me something to
chew on for a while :)

--
Shane
Reply to this Message
RObert - 09 Jan 2006 00:45 GMT
> Sorry for the off topic post, but these groups have a wide audience, so
> hopefully someone can help.
[quoted text clipped - 7 lines]
> as well. If you happen to know a good resource, I'd appreciate hearing
> about it. Thanks.

One thing to look at is kerberos authentication.
I've found it very easy to manage, especially when using lists.
It's the way that iowa state does their authentication for everything
from ssh to webmail.
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.