Friday, March 26, 2010

Functional level definition of Identity management

Identity – An Employee or Non-employee. Here Non-employee includes business partners, customers or contractors.

Management – Creating, Updating or Deleting function that manages the identity details and account details.

Difference between identity details and account details

Identity detail includes one's own common details say their first name, last name, address, Phone number etc.

Some of the user accounts at target resources are

Windows user account
Linux user account
Web mail account

User information form and Account form may or, may not have common attributes.

In the above example we have First name and Last name as common attributes. But it is not mandatory to have such common attributes in general.

An IDM suite will make our job easier to manage these accounts for any number of users in an organization.

you may also interested in A glance at identity manager suites

Wednesday, March 10, 2010

Authentication and Access Control

"Authentication is any process by which you verify that someone is who they claim they are. Otherwise the process of identifying an individual usually based on a username and password is what we call as authentication.

"Access control is a much more general way of talking about controlling access to a resource. Access can be granted or denied based on a wide variety of criteria."

To understand it better let me explain these with an example.

I hope you all are familiar with 'Windows XP user accounts'.

Consider both Administrator and Guest accounts. And also consider you have set the password for Administrator account.

Say, you want to sign in as ‘Administrator’. That means you are going to claim yourself as 'Administrator'. For that you need to give the corresponding password for the administrator account. Then only the system will allow you to login. For simple understanding we can consider 'Authentication' as a process of ‘user credential verification'.

Now let us think about the difference between Administrator Account and Guest Account. Both are user accounts but the difference here is that Administrator has more privileges than Guest i.e. Administrator can do more things in the system than a guest can. For instance, Administrator can change date/time of the system but the guest cannot.These kind of controlling the access based on some criteria we call it as access control.

These criteria in IDM we normally control by defining 'Roles' and 'Policies'. This you will understand better when you start working on any IDM suite.

Tuesday, March 9, 2010

A glance at identity manager suites

Identity manager suite helps to reduce the cost and redundant tasks in managing the identities.

Some of the popular identity manager suites are

Sun Identity manager
Oracle Identity manager
Novell Identity manager
Tivoli Identity manager (IBM Product)

Though the user interface for all these suite seems different the functioning and basic concepts remains one and the same.

What is Identity management(IDM) ?

When you Google "Identity Management", mostly you will be end up with the definition that’s given below

“Identity management (ID management) is a broad administrative area that deals with identifying individuals in a system (such as a country, a network, or an enterprise) and controlling their access to resources within that system by associating user rights and restrictions with the established identity.”

As a novice it’s little difficult to understand the concept above. So let me try to explain this in a simpler way.

Identifying individuals in a system – Identifying a person in an organization. For example, in an organization each employee is uniquely identified using their employee number.

Controlling access to the resources – In an organization, employees are only allowed to visit the bay to which they have access. Imagine restricted bay access in a typical IT company.