identity management

Discussion in 'Java' started by Shane Petroff, Jan 6, 2006.

  1. Sorry for the off topic post, but these groups have a wide audience, so
    hopefully someone can help.

    I need to find a good pitch for doing identity management. I personally
    don't need to be sold on the idea, but I'd like to find a site which has
    a description of the benefits of IM which is sexier than anything I
    could put together. Google can find a gazillion papers, but wading
    through them is fairly daunting. The vendor descriptions tend to be too
    biased and too sensational, and there is a whole lot of crappy articles
    as well. If you happen to know a good resource, I'd appreciate hearing
    about it. Thanks.

    --
    Shane
    Shane Petroff, Jan 6, 2006
    #1
    1. Advertising

  2. Shane Petroff

    Chris Smith Guest

    Shane Petroff <> wrote:
    > Sorry for the off topic post, but these groups have a wide audience, so
    > hopefully someone can help.
    >
    > I need to find a good pitch for doing identity management. I personally
    > don't need to be sold on the idea, but I'd like to find a site which has
    > a description of the benefits of IM which is sexier than anything I
    > could put together.


    Oh great, another "_____ management" buzzword.

    What, exactly, do you want to make a case for? I've spent a few minutes
    now looking around the Internet, and as far as I can see "identity
    management" is just a fad-ish term meaning authentication. Literally
    millions of software applications do authentication, and when it's a
    requirement, I seriously doubt you'll have a hard time making the case
    for it.

    If there's something besides authentication that you want... something
    specific, perhaps, like single sign-on between systems or
    challenge/response authentication schemes (both of which I found
    described as "identity management", for example), then it might help to
    be more specific about that.

    --
    www.designacourse.com
    The Easiest Way To Train Anyone... Anywhere.

    Chris Smith - Lead Software Developer/Technical Trainer
    MindIQ Corporation
    Chris Smith, Jan 6, 2006
    #2
    1. Advertising

  3. Chris Smith wrote:
    >
    > Oh great, another "_____ management" buzzword.


    It has too much traction and too much staying power to be called a
    buzzword. Federated Identity Management is something of a buzzword, but
    even that has been around since approx. 2002. (I don't happen to care
    much about FIM because I'm not in the B2B sector) You likely haven't
    heard of it because IM is largely an administrative/management issue and
    is particular to large organizations.


    > What, exactly, do you want to make a case for? I've spent a few minutes
    > now looking around the Internet, and as far as I can see "identity
    > management" is just a fad-ish term meaning authentication.


    Certainly authentication services are a central piece, but there is
    more. One needn't look any further than user provisioning to see some
    value. In my case I'm looking at creating some 30K users across about 10
    applications (not everyone will have access to everything, but there
    will be a significant number of combinations). The second phase will
    involve about another 60K, but these will be limited to 2-3
    applications. Given that some of the legacy apps utilize proprietary
    storage and cannot be scripted, one is forced to hire a bunch of
    typists, then waste additional money having users vet the data and
    submit help desk requests to fix all of the errors. That's a lot of
    money wasted when a scriptable, centralized approach would be much
    faster, much more accurate and cheaper to maintain. Add to that number
    the existing 5K users and you are into a realm where a cogent strategy
    to IM is the only reasonable approach. How else does one manage the
    consistency and accuracy of all the duplicated data sitting in some half
    million user records stored in a dozen different formats on who knows
    how many servers? Perhaps that is one of the things I'm after though,
    where is the threshold beyond which centralized IM makes sense?


    > Literally millions of software applications do authentication


    Lack of standardization is indeed part of the problem...


    >, and when it's a
    > requirement, I seriously doubt you'll have a hard time making the case
    > for it.


    That is a truism; if it's a requirement the case has already been made.


    > If there's something besides authentication that you want... something
    > specific, perhaps, like single sign-on between systems or
    > challenge/response authentication schemes (both of which I found
    > described as "identity management", for example), then it might help to
    > be more specific about that.


    I'm not at all interested in the mechanics of authentication, that is
    encapsulated in the IM software and the risk analysis utilized to pick
    the desired protocols is a business decision. From a programmers
    perspective, my intent is merely to write a new JAAS LoginModule once
    the customer picks an IM solution. I'm bringing the issue forward since
    my gut tells me that this volume of data, the disparate data formats and
    the amount of duplication in a decentralized model sounds like trouble.
    I'm also pitching it because as an ISV it limits my liability. Why would
    I want to shoulder the cost of notifying people in the event of a
    privacy breach? I'd prefer to leave the mechanics and risks of
    authentication to someone else, because the cost of 100K stamps alone is
    more than I want to eat.

    --
    Shane
    Shane Petroff, Jan 6, 2006
    #3
  4. Shane Petroff

    Guest

    Okay, identity management is centralized user names/logins, with
    permitted actions and accounting.

    You bring up a few key things to consider in your second message. One
    is estimate of value of this effort. There are instituations that work
    fine in isolated clumps and there is little value in seeking
    consistancy and close to no value in reducing duplication. What you
    need to find is what benefits come about? What becomes possible with
    centrailization in place.
    Also evaluate the viability of isolation and you can answer: " where is
    the threshold beyond which centralized IM makes sense?"

    > Given that some of the legacy apps utilize proprietary
    > storage and cannot be scripted


    There is a price associated with scripting it, not that it cannot be
    scripted. That's something you want to be part of your pitch -- how to
    reduce errors and withold dangerous rights from operators.

    http://www.geocities.com/opalpaweb/
    , Jan 6, 2006
    #4
  5. Shane Petroff

    dwight Guest

    Have a look at www.visiphor.com . Their Briyante solution is very
    elegant, and you have to see how light-fingered, low- labour and
    politically neutral it is to believe it. The more disparate data you
    have, the more it stands out.

    Dwight Jones
    Imagen

    Shane Petroff wrote:
    > Chris Smith wrote:
    > >
    > > Oh great, another "_____ management" buzzword.

    >
    > It has too much traction and too much staying power to be called a
    > buzzword. Federated Identity Management is something of a buzzword, but
    > even that has been around since approx. 2002. (I don't happen to care
    > much about FIM because I'm not in the B2B sector) You likely haven't
    > heard of it because IM is largely an administrative/management issue and
    > is particular to large organizations.
    >
    >
    > > What, exactly, do you want to make a case for? I've spent a few minutes
    > > now looking around the Internet, and as far as I can see "identity
    > > management" is just a fad-ish term meaning authentication.

    >
    > Certainly authentication services are a central piece, but there is
    > more. One needn't look any further than user provisioning to see some
    > value. In my case I'm looking at creating some 30K users across about 10
    > applications (not everyone will have access to everything, but there
    > will be a significant number of combinations). The second phase will
    > involve about another 60K, but these will be limited to 2-3
    > applications. Given that some of the legacy apps utilize proprietary
    > storage and cannot be scripted, one is forced to hire a bunch of
    > typists, then waste additional money having users vet the data and
    > submit help desk requests to fix all of the errors. That's a lot of
    > money wasted when a scriptable, centralized approach would be much
    > faster, much more accurate and cheaper to maintain. Add to that number
    > the existing 5K users and you are into a realm where a cogent strategy
    > to IM is the only reasonable approach. How else does one manage the
    > consistency and accuracy of all the duplicated data sitting in some half
    > million user records stored in a dozen different formats on who knows
    > how many servers? Perhaps that is one of the things I'm after though,
    > where is the threshold beyond which centralized IM makes sense?
    >
    >
    > > Literally millions of software applications do authentication

    >
    > Lack of standardization is indeed part of the problem...
    >
    >
    > >, and when it's a
    > > requirement, I seriously doubt you'll have a hard time making the case
    > > for it.

    >
    > That is a truism; if it's a requirement the case has already been made.
    >
    >
    > > If there's something besides authentication that you want... something
    > > specific, perhaps, like single sign-on between systems or
    > > challenge/response authentication schemes (both of which I found
    > > described as "identity management", for example), then it might help to
    > > be more specific about that.

    >
    > I'm not at all interested in the mechanics of authentication, that is
    > encapsulated in the IM software and the risk analysis utilized to pick
    > the desired protocols is a business decision. From a programmers
    > perspective, my intent is merely to write a new JAAS LoginModule once
    > the customer picks an IM solution. I'm bringing the issue forward since
    > my gut tells me that this volume of data, the disparate data formats and
    > the amount of duplication in a decentralized model sounds like trouble.
    > I'm also pitching it because as an ISV it limits my liability. Why would
    > I want to shoulder the cost of notifying people in the event of a
    > privacy breach? I'd prefer to leave the mechanics and risks of
    > authentication to someone else, because the cost of 100K stamps alone is
    > more than I want to eat.
    >
    > --
    > Shane
    dwight, Jan 6, 2006
    #5
  6. Shane Petroff

    Guest

    If you really want to create business use cases, you need to first
    understand what is the problem that you are trying to solve but it
    seems that you may need a combination of strategies (i.e. repository
    consolidation, authentication consolidation - WebSSO, administration
    consolidation - provisioning). If you are not clear about the concepts
    you can look at few blogs like mine
    (http://identityaccessmanagement.blogspot.com/) or here
    http://storm.alert.sk/blog//identity/enterprise/re-mcgovern-1.html.
    Then there are a few blogs from vendors specifically target this. Any
    way for your business case you can check out these (
    http://blogs.sun.com/roller/page/identity?entry=identity_benefits,
    http://blogs.sun.com/roller/page/identity?entry=identity_objectives,
    http://blogs.sun.com/roller/page/identity?entry=identity_problems)

    Also, if you do have money the best bet would be to check out the
    Burton Group's latest best practice document on IDentity Management
    specifically on how to develop the use cases of IDentity Management.
    Other than that you can contact me through my website.
    , Jan 7, 2006
    #6
  7. Shane Petroff

    RObert Guest

    Shane Petroff wrote:
    >
    > Sorry for the off topic post, but these groups have a wide audience, so
    > hopefully someone can help.
    >
    > I need to find a good pitch for doing identity management. I personally
    > don't need to be sold on the idea, but I'd like to find a site which has
    > a description of the benefits of IM which is sexier than anything I
    > could put together. Google can find a gazillion papers, but wading
    > through them is fairly daunting. The vendor descriptions tend to be too
    > biased and too sensational, and there is a whole lot of crappy articles
    > as well. If you happen to know a good resource, I'd appreciate hearing
    > about it. Thanks.
    >
    > --
    > Shane


    One thing to look at is kerberos authentication.
    I've found it very easy to manage, especially when using lists.
    It's the way that iowa state does their authentication for everything
    from ssh to webmail.
    RObert, Jan 9, 2006
    #7
  8. Thanks everyone, for the links/ideas. That should give me something to
    chew on for a while :)

    --
    Shane
    Shane Petroff, Jan 11, 2006
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Giovanni Bassi
    Replies:
    0
    Views:
    626
    Giovanni Bassi
    Oct 20, 2003
  2. nalbayo
    Replies:
    2
    Views:
    5,477
    Bruce Barker
    Nov 11, 2005
  3. JimLad
    Replies:
    0
    Views:
    434
    JimLad
    Jan 16, 2009
  4. Frederick D'hont
    Replies:
    0
    Views:
    298
    Frederick D'hont
    Jul 25, 2005
  5. Replies:
    6
    Views:
    437
Loading...

Share This Page