Identity management for the multi-tier IT infrastructure of today's enterprise
Definitions
Digital identity comprises the electronic records that represent the principal objects on IT networks. The records include people, machines, devices, applications and services.
Identity management (IdM) comprises the set of business processes, together with a supporting infrastructure, for the creation, maintenance and use of digital identities within a legal and policy framework.
The components of an Identity Management infrastructure include directory services, authentication, access management and user management facilities such as provisioning, delegated administration and self-service administration.
Find out more about Identity Management on the COSuser web site
Application of Identity Management components
In the typical enterprise, however, IdM is fragmented across multiple domains of applications, operating systems and services. Until recently, enterprises have applied point solutions to the problem although some have taken the first step toward a more complete solution by implementing enterprise directories. While directory projects give enterprises a head start on IdM, most organizations are still trying to overcome the large-scale integration problems IdM poses.
In the long-term, federated identity standards, which are closely related to and make use of the Web services framework, promise to solve large-scale integration problems by means of loosely coupled architectures. Federation techniques will allow organizations to work securely with autonomous internal business units, external business partners and third-party identity services.
Organizations must be sure to match the technology with well-designed processes and the market needs a business-oriented solution that is more than technology alone. IdM business drivers include both threats and incentives. One one hand, financial services, health care and pharmaceutical organizations all face stiff regulations that demand IdM. On the other, reductions in password-related help-desk calls and portal deployments are the most common ways of showing returns on an IdM investment.
The ability to use and manage digital identity – at the same time as balancing legal, regulatory, privacy and security concerns – is a prerequisite for managing the virtual enterprise and making it more secure. In addition, IdM is critical to scaling e-business relationships across larger populations as well as enabling distributed applications to interoperate using secure Web services.
While deployment is challenging, enterprises will experience valuable rewards. Enterprise IdM will ultimately influence the use of digital identity in society as a whole.
COSuser for identity management
As an aid to product positioning, we can simplify the description of IdM as comprising three main components, being:
The provision and application of directory services
User provisioning
Web access control and security
Of these three, our product COSuser is designed to provide both extensive user provisioning facilities and inter-operability with directory services. OSM is also working with suppliers of Web access control products with the intention of contributing to the availability of a unified IdM solution.
An example of integration that has already been completed is with Microsoft Corp's Identity Integration Server (MIIS). The integration extends the capabilities of MIIS to include: the provisioning of user accounts on UNIX, Linux, and other operating systems; the provisioning of user accounts on applications authenticating against those operating systems; web browser based workflow; enterprise-wide password synchronization and strength control; and complementary provisioning of the Microsoft estate.