Defining Role Management - Part 1
By Nishant Kaushik on May 31, 2006
The topic of role management is always an interesting one to debate. Everyone's take seems to be slightly different; so much so that if you listen to enough people, you end up trying to rationalize a rather broad spectrum. I recently spent some time having a rather animated discussion on the topic with someone who has a need in the area of role management. He runs the IdM projects for one of our bigger customers, and with the stabilization of their initial provisioning deployment, their thoughts have now turned to role-enabling their processes.
The debate we were having was around the definition of role management, and what exactly it was that his team needed to implement. As we argued, I started to see interesting parallels between the evolution of role management and user management. It took some time to establish that user management was the sum of its parts - access management, provisioning, reconciliation, etc. Until then, every vendor that specialized in one discipline argued vociferously for their cause. Role management seems to be much in that stage, with the different vendors arguing that their approach to role management is truly the way.
The reality, of course, is that role management is a complex problem, and as such, requires multiple facets to define a complete solution. The way we see it, role management can be broadly divided into the following disciplines:
- Role Definition
- Role Lifecycle Management
- Run-Time Provider
Click here for a larger view of the anatomy of Role Management
As for me and my debate partner, we finished our meal agreeing that the entire solution is needed for a truly successful deployment, but not entirely agreeing on which part they needed to tackle first. Stay tuned for more on how we solve this fundamental problem.