IdM - Technological Implementation of Policy

Identity and Access Management: Technological Implementation of Policy (PDF), provides another great overview of the identity management opportunity. One of the things I appreciated the most about this paper is the clarity of the business case based on "other than IT" perspectives. Besides the amazingly effective Ann West, nsf middleware and nmi-edit outreach coordinator, the article was written by Jeff von Munkwits-Smith, the University Registrar at the University of Connecticut.

A functional definition - Identity and Access Management:

• Integrates all the pertinent information about people from multiple authoritative source systems, reconciles the accounts, and joins identities together under one campus unique identity.
• Processes and transforms information about people including their affiliations with the institution, resource access etc. and pushes out and stores the information where it can be of use to applications.
• Acts as a focus for implementation of policy concerning visibility and privacy of identity information and entitlement policies across the systems.

Some more take-away notes and highlights below...

Components

• Who are you? (Identification)
• How do we know? (Authentication)
• What services and transactions are available to you? (Authorization)
• Is the information about you secure? (Privacy)

Drivers - internal and external

• Reduced overheard of service management
• Increased security
• Simplified netowork and online service access
• Contractual requirements
• Legal preasures
• Business and ethical stewardship

Stewardship - who needs to be involved

The stewardship of the identity management system should be combined management of IT (for the service), data stewards (for the data), and the policy stewards. Additional players including the risk managers and auditors, online service providers and resources managers, application champions, and system users.

Effective Conclusion

In general, we are all trying to accomplish similar things, such as transitioning to self-managed services for faculty, staff, students, parents, alumni and any constituent the institution wants to maintain a relationship with. In fact, we want contact with more people, earlier in their affiliation with us, wherever they are, and for life. Beyond that, we want these services to work and we want a degree of trust that only those we want to access them do so. Beyond that, we hear rumors of government-sponsored electronic services that are reliant on our campus ability to vouch that a student or faculty member is who they say they are. All this can't be done cost effectively or reliably without an identity management system.