An excellent article on role management was published last week in CSO Online.    Business drivers, benefits and challenges were listed from a Burton Group study:

“In its 2007 survey of 35 organizations, Burton Group found that the number of role management initiatives has grown significantly since 2003, especially in the financial services industry. The top business drivers include:

• Administrative efficiencies for access management
• Ease of audit and compliance
• Improved security controls for access and authorization

“The payoff? In return for your efforts, expect the following benefits:

• Simplified number of managed entities
• Improved visibility into available resources
• Better enforcement of policy
• Improved relationship of IT with the business

“The Burton Group says major challenges for these projects include:

• Establishing the relationship of roles to business and administrative processes
• Setting guidelines for defining and establishing roles
• Determining who should participate and in what capacity
• Determining how to maintain roles over time
• Associating roles with resources
• Determining how to associate business process and policy with roles”

A variety of customers, using several role management software tools, were quoted in the article in support of a good list of recommended Do’s and Don’ts for role mangement projects:

• DON’T select a tool until you’ve defined your process.
• DO take a combined top-down, bottom-up approach.
• DO take a combined top-down, bottom-up approach.
• DO create links between IT roles and business roles.
• DO go beyond access control when communicating business benefits.
• DO look for a tool that mirrors your organizational approach.
• DON’T underestimate the time commitment.
• DO manage scope.
• DO consider getting a quick start with role mining.
• DON’T create too many roles.
• DO look for reporting capabilities and a strong certification process.
• DON’T assume you need a suite to integrate role management with your provisioning system.

Although no vendors were directly quoted, many observations were favorable for the Sun Role Manager product.

I thought it interesting that Kevin Kampman, senior analyst at Burton, recommended the role discovery process directly supported by the Sun product:

“DO take a combined top-down, bottom-up approach. According to Kampman, role management typically combines a top-down (or business responsibility-driven) perspective, and a bottom-up (or system resource-oriented) approach. Top-down reflects the needs of the business, while bottom-up reflects the application privileges and permission sets to satisfy those business responsibilities.”

Craig Cooper, senior project manager at Thrivent Financial for Lutherans, a Vaau/Sun Role Manager customer, offered some interesting practical insights:

“Cooper sees role management as an integral part of enhancing Thrivent’s trusted reputation with customers. ‘We want to be able to demonstrate that we have the controls in place related to access, and this process has allowed us to do that,’ he says.

“The most time-consuming piece, according to Cooper, is the communication, analysis and research required to get business people on board and ensure your initial design is correct. The good news, he says, is that the learning curve drops off, and you can leverage process improvements and reuse definitions. While it took 12 weeks to set up roles for Thrivent’s first business unit, the team is now completing units in six weeks.”

“It’s important to keep the number of roles you create down to keep your management burden low. ‘It’s a lot easier to manage 1,000 roles than 5,000 or 7,000 individual access profiles,’ Cooper agrees. It’s good practice to use an 80/20 rule, he says, where you assign groups of users a base set of access and then use auxiliary roles and exceptions to cover additional access needs.

Technorati Tags: Sun Microsystems, Identity, Identity Management, Digital Identity, Sun Role Manager, Role Management, Burton Group

May I introduce myself and present my business card, please?

As a an addendum to yesterday’s post, here is an electronic copy of my business card.  Another nice feature of the Scan2Contacts personal scanner is that a .jpg copy of the business card image is added to the Outlook contact record. Fun stuff!

Technorati Tags: Business card, Scanner

Last week, a minor miracle occurred.  When I returned home from the Digital ID World conference, I already had all the contact information from business cards I had received entered into MS Outlook, where I maintain my extensive personal address book.

How did I do it? I used my new Scan2Contacts personal scanner to scan in each business card and create a new contact record in my Outlook application data store.  What a time saver!  It’s not 100% accurate on all cards, but it is close enough to make a big jump forward in personal productivity.  I like jumps like that.

Technorati Tags: Business card, Scanner, DIDW, MS Outlook

For some reason, Guanghwa Ho couldn’t post a comment to my recent post about his Sun Spot / Project Destination architecture diagram.  He sent me the following and asked that I share this with you:

There are many possible SunSpot-enabled applications I can think of. In
general, the sensor network is well suited for on-going environmental
monitoring and control. Home is nearest and most important environment
to all of us. Service providers can bundle sensor services as a rider to
their triple-play offerings. The thought is to have SunSpot based home
surveillance system connecting to Project Destination. It is managed and
control by a Carrier Home Surveillance Server (see diagram).

– User subscribes Home Surveillance Service and obtains a SunSPOT kit.
The service charge is based on the number of Spots installed and the
service level.

– Project Destination Service Manager places an entry in the service
plan. New subscription and spotIDs are added to the user profile. So we
know which sensor ‘spots’ something peculiar, and notify the user thru
pre-determined channels – cellphone, email, SMS.

– Multiple J2ME applications running on the SPOT can be enable/disable,
upgraded, downloaded via OTA from Carrier data-center (Project Destination).

– Using a cellphone or a remote PC, the user may change SunSPOT
settings, turn on/off an application on a particular spot, control home
electronics, entertainment system and appliances.

– All traffic to/from a user and data read from each Spot can be
collected, if so desired.

Some example applications:

– We can use a SPOT in each room to control lights and cooling/heating
system. There temperature sensing capabilities comes in handy to
automatically adjust the cooling/heating system for the required
temperature.

– Use a motion detector enabled SPOT on your front gate, connect it with
a camera and you would know who is approaching the gate without going
all the way over there and can open the gate with a push of a button, or
triggers MP3. Similarly, the garage door can also be automated.  The
outdoor SPOT can report the outside temperature

– A SPOT can be used as a remote control of the house. The host
application can provide a graphical user interface and take inputs from
the user. This remote can be used for TV, DVD player, Audio system, etc.

– We can make a settop the host system which has a built-in
base-station. An spot-enabled OCAP application can run on the TV.

Make your imagination fly and have fun.

Guanghwa also offered a note of caution:

Another, I will not use the grandmother example you have on
http://blogs.sun.com/identity/entry/sensor_triggered_personalized_services.
Because the falling of an elder lady is not a free fall. The speed is
not fast enough to trigger a not so sensitive SunSpot. It is not a good
idea to use sensors on the human body, particularly elders – too much
liability.

Thanks, Guanghwa, for all your great thought on this subject.

After reading my recent post about Sensor-triggered Personalize Services, my colleague Guanghwa Ho sent me the following diagram to illustrate how the basic architecture Louie Pfortmiller had demonstrated could be applied to a variety of applications in the home, including entertainment, appliances and security.  Being able to use your mobile phone or remote desktop to access and interact with a wide variety of functions in your sensor-equipped home opens up a plethora of possibilities.  Let your mind run wild!

Technorati Tags: Sun Microsystems, Identity, Identity Management, Digital Identity, Sun Spots, Sensor, Personalization, Project Destination

My colleague Louie Pfortmiller showed me a great demo today. The Sun Spot wireless sensor shown on the left of this photo is equipped with an accelerometer and wireless transceiver. In Louie’s demo, shaking the device triggered an event management workflow process in Sun’s Identity-enabled service orchestration architecture to send a personalized SMS message to a cell phone.

A simple demo (and terrible photo), but the concept is rife with possible applications. Suppose the sensor was really a bracelet on your elderly grandmother’s arm. If she fell, you and your chosen medical provider could be automatically notified.

A pedometer/exercise meter could measure and transmit your personal workout detail to your fitness database and allow you to view results on your mobile phone or television screen.

Detected intrusion in your home could alert you and allow you to monitor your house via web cam to your phone.

And these are just a few use cases. Project Destination, an initiative I lead for Sun, is all about providing the infrastructure to deliver highly personalized, context-aware, blended services to online users across the “screens of your life.” When you couple sensor technologies with Identity, personalization and service orchestration techniques, you can get some powerful results.

Technorati Tags: Sun Microsystems, Identity, Identity Management, Digital Identity, Sun Spots, Sensor, Personalization, Project Destination

Eve Maler’s latest Venn diagram highlights a crucial characteristic common to the disciplines of Digital Identity Management, Social Networking and VRM – that “differentiated app behavior” depends on “special aspects of you.”

Although Eve mentions personalization only with regards to Digital Identity Management, I propose that the Venn intersection indeed represents personalization for all three disciplines – making the functionality and performance of network applications highly personalized – responsive to and adapted to individual attributes, context, preference and permission.

Technorati Tags: Identity, Identity Management, Digital Identity, Social Networking, VRM, Eve Maler

As the Identity Management market matures, the wealth of experience gained from successful implementation and operation of Identity Management systems should progressively yield sets of Best Practices, which outline how to successfully implement and operate these complex systems.

However, our friend Dilbert expresses a different point of view:

You can have Dilbert’s daily wisdom drop into your email box by subscribing at dilbert.com.

Technorati Tags: Identity, Identity Management, Digital Identity, Best Practices

As the mobile Internet arrives, Identity becomes paramount, points out Andrew Jaquity, Security Program Manager, Yankee Group, in a compelling article in last Friday’s RCR Wireless News. A few of his statements impressed me:

“As the mobile Internet becomes a reality, it will pull identity issues along with it. Users will take their identities (user names and passwords, personal attributes, location) with them on their phones. Vendors can significantly ease user pain by working together.”

“Mobile operators should add identity management features to give users more control. “

“Security-software vendors should ally themselves with trusted parties, rather than compete with them.”

Technorati Tags: Identity, Identity Management, Digital Identity, Mobility

When I was growing up, AT&T was affectionately (or disparagingly, depending on your point of view) called “Ma Bell.” Over the past several years, it has been interesting to see the court-supervised breakup of Ma Bell into the “Baby Bells”, followed progressively by recombination of several of these entitites, along with some new business units, into the “new” AT&T. Perhaps Stephen Colbert explains it best in this video from http://schomer.vox.com/:

Note 1: Sorry, but this video seems to have disappeared from cyberspace. I’m still looking. Perhaps AT&T didn’t like the publicity! 🙂

Note 2: I found a YouTube link that seems to work. However embedding has been disabled “by request.”

Technorati Tags: Telecommunications, AT&T, Ma Bell, Stephen Colbert