Identity Grid – Take 2
The first Sun white paper I read before I became a Sun employee in October
2004 was entitled "The
Identity Grid: Powering the Real Time Enterprise." It presented an
articulate case for the importance of Identity Management in the modern enterprise
and gave a good overview of the critical components of an Identity Management
architecture.
Simply stated, "The Identity Grid is an organizing principle for integrating
and exchanging “people data,” or identity data, and making the data
broadly available across the enterprise. Because identity data is integral to
every relationship an enterprise is engaged in — be it with customers,
partners, or employees — identity data is in the critical path of successful
electronic business."
Produced by Waveset in 2003, prior to its acquisition by Sun, this whitepaper
presents a cohesive framework for discussing several aspects of Identity Management:
Interestingly enough, the Identity Grid Framework pictured above offers a convenient
grouping for the Sun Java System Identity Management Products:
Management Services
- Identity Manager
- Identity Manager Service Provider Edition
- Identity Auditor
Transaction Services
- Access Manager
- Federation Manager
Data Stores
- Directory Server Enterprise Edition
After my recent reading, I wouild like to suggest some updates that make this
Identity Grid concept even more relevant.
1. Add "Auditors" as a user type and "Auditing/Remediation"
as a Management Service type. Regulatory compliance is probably the number one
business driver for Identity Management implementations. Auditors must be able
to set audit policies and controls, audit compliance with those policies and
controls and remediate non-compliant conditions.
2. Change "Employee" to "Employee/Contractor." This may
be a nit, but modern enterprises all use many contractors. The distinction at
a high level might be subtle, but within the bowels of an Identity Management
system, contractors often are treated far differently than employees.
3. Add "Applications" as a user type and "Web Services"
as a user interface type. This recognizes that system users are often software
programs, not people. These applications must be identity enabled to operated
within Service Oriented Architectures.
4. Add "Federation Services" as a Transaction Services type. Federation
Services are increasingly essential for enabling interaction among trading partners.
5. Changes "Data Stores" to "Data Services." In harmony
with Management Services and Transaction Services titles, this recognizes that
Identity Management functionality is progressively delivered as sets of services,
not just independent applications.
6. Add "Virtual Directory Services" as a Data Services type. It is
increasingly evident that data access should be virtualized, wherein a data
services layer separates applications from the physical data storage contructs.
So there you have it … my suggestions for a second version of the Identity
Grid. I’d welcome your input and critique.
Tags: Identity
Digital Identity
Identity Management
Identity Grid
Sun Microsystems
Waveset