Defining Role Management - Part 1

The topic of role management is always an interesting one to debate. Everyone's take seems to be slightly different; so much so that if you listen to enough people, you end up trying to rationalize a rather broad spectrum. I recently spent some time having a rather animated discussion on the topic with someone who has a need in the area of role management. He runs the IdM projects for one of our bigger customers, and with the stabilization of their initial provisioning deployment, their thoughts have now turned to role-enabling their processes.

The debate we were having was around the definition of role management, and what exactly it was that his team needed to implement. As we argued, I started to see interesting parallels between the evolution of role management and user management. It took some time to establish that user management was the sum of its parts - access management, provisioning, reconciliation, etc. Until then, every vendor that specialized in one discipline argued vociferously for their cause. Role management seems to be much in that stage, with the different vendors arguing that their approach to role management is truly the way.

The reality, of course, is that role management is a complex problem, and as such, requires multiple facets to define a complete solution. The way we see it, role management can be broadly divided into the following disciplines:

  • Role Definition
    • Mining
    • Engineering
  • Role Lifecycle Management
    • Administration
    • Run-Time Provider
The definition is further muddied by the fact that these disciplines utilize different approaches to the role problem - top-down vs. bottom-up, forensic vs. administrative, reality vs. vision. What is not lost is that each contributes value to the ultimate exercise of trying to move away from dealing with individuals when it comes to policy definition and enforcement, and creating a more manageable infrastructure by dealing with abstractions that make sense to the business. Future posts will tackle each of these aspects of role management, reflecting the evolution of our own offering in the space.

Image: RM-Small: A graphical anatomy of Role Management<br>

Click here for a larger view of the anatomy of Role Management

As for me and my debate partner, we finished our meal agreeing that the entire solution is needed for a truly successful deployment, but not entirely agreeing on which part they needed to tackle first. Stay tuned for more on how we solve this fundamental problem.

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

bocadmin_ww

Search

Archives
« July 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today