During the second and third weeks of November, I will have the distinct pleasure of accompanying Michelle Dennedy, Chief Governance Officer of Cloud Computing for Sun Microsystems, in a series of three CIO Roundtables in New York, San Francisco and Washington, DC, and two CIO breakfast seminars in Toronto and Vancouver, Canada. 

Sponsored by Sun and moderated by CIO Magazine executives, these events will address the topic, “Identity Management – Pathway To Enterprise Agility”,  providing excellent forums to discuss such pertinent questions as:

1. How does strategic Identity Management contribute to business growth and not merely fulfill technology “need to do” requirements?
2. What Identity Management steps should you take to enhance business effectiveness?
3. How can good security governance is be good business?
4. Is your Identity Management system tuned for emerging marketplace requirements?
5. How does Identity Management address cloud computing?
6. How is Identity Management is enabling enterprises to capitalize – and not merely cope with – these realities?

To read more information about specific locations, including registration information, you can download .pdf fliers for each event:

1. Washington, DC – November 10th
2. New York, NY – November 11th
3. San Francisco, CA – November 12th
4. Vancouver, BC – November 13th
5. Toronto, ON – November 17th

Thanks! Hope to see you there.

This post is the third in a series of eleven posts I am writing about trends in the Identity Management industry.

One might say that simple authorization is like permitting entry through the front gate of an amusement park, while fine grained authorization is like granting access to each individual attraction within the amusement park separately, based on some sort of policy.  Following this analogy, the most common method of Identity Management Authorization is like a full-day pass to Disneyland granting access to the front gate as well as every ride in the park.  Similarly, simple Identity Management authorization allows access to all functions within an application.

However, a trend is growing towards using standards-based, fine grained authorization methods to selectively grant access to individual functions within applications, depending on user roles or responsibilities.  For example, one user could be granted access to only simple data browsing privileges, while another user could be grated data creation or edit privileges, as determined by a policy stored in XACML format.   The definition and enforcement of this fine-grained authorization would be externalized from the application itself.

At the present time, fine grained authorization is desirable but difficult to implement.  It appears to be easier to define and control policies in an Identity system than changing each application to rely on an external system for authorization policy. 

Much is being discussed about policy management standards (e.g. XACML).  Several vendors are effectively demonstrating interoperability based on XACML, but such systems are not yet in broad production.

Recommendations:

As progress is being made in both management of standards-based policies and the enforcement of such policies within applications, the following questions could be considered:

1. Which of your applications could benefit most from fine-grained authorization?
2. How would externalizing policy management and enforcement streamline your applications?
3. How could standards such as XACML improve the management of security and access control policies in you organization?