Phil Becker has written an interesting series of articles about the top 5 fallacies which appear and reappear in identity discussions, technologies and deployments. It makes for pretty interesting reading, so check it out at the Digital ID World Blogs. I wanted to comment on fallacy #3: Centralized Management Means Centralized Data. In his article,
In part 1 of this multi-post blog, I laid out what I believe are the various disciplines that make up a complete role management solution. In this post, I will tackle the more contentious discipline – that of role definition. Fundamentally, two camps have evolved around different approaches to the problem of defining roles. There
PwC recently published the “Information Security Breaches Survey 2006” report, sponsored by the Department of Trade and Industry (DTI) in the UK. The 8th such survey is aimed at raising awareness among UK businesses of the risks they face in the internet age. Below are some highlights from my quick read through it, and some
The topic of role management is always an interesting one to debate. Everyone’s take seems to be slightly different; so much so that if you listen to enough people, you end up trying to rationalize a rather broad spectrum. I recently spent some time having a rather animated discussion on the topic with someone who
Gartner’s MQ report on provisioning calls out the different approach that Microsoft has taken to the provisioning space. Termed the “enterprise access management” approach, it essentially advocates the externalized authn and authzn model that requires less pushing of data into target system repositories, and more pulling of data by the target systems from MIIS at
I have been neglecting this blog for a while, and it took an event of historic importance to pull me out of my reverie and back into the blogosphere. No, I am not talking of the arrival on this earth of Suri Cruise. It was the eagerly anticipated publication of Gartner’s magic quadrant on User
One of the philosophies at Thor (that we have proudly carried over to Oracle) is our commitment to building products that deal with the dirty realities of our customer’s deployment needs, instead of living on some idealized plane. Getting there requires a lot of input from our customers. This week, our Product Management team is doing a customer
Attestation (aka Re-certification aka Periodic Review) is one of the latest must-have’s in the world of compliance-driven IdM (if you know of another name it goes by, please share). It essentially refers to the management practice of periodically checking and certifying that only the individuals who need certain access privileges have those access privileges. Here
Working as I am on the architecture for the next generation of our IdM products, I found the thesis of this article extremely interesting. It basically uses Windows as an example of how the cost of innovation increases dramatically with any attempt to make that innovation backwards compatible. And points out how Apple tackled a
In an internal memo last October, Ray Ozzie, CTO for Microsoft, wrote, “Complexity kills. It sucks the life out of developers, it makes products difficult to plan, build and test, it introduces security challenges and it causes end-user and administrator frustration.” Amen to that! That is why the new focus of the IdM groups should