The devil`s in the details

1 November 2006

Identity and access management is defined by the vendors that supply such solutions.

Identity and access management is defined by the vendors that supply such solutions. According to Butler Group, end-to-end identity and access management (I&AM) consists of seven key service delivery components.

1 The delivery of identity management services: The infrastructure components of I&AM, including support for operating systems, databases, directories and helpdesks. This relates specifically to the use of directory and meta-directory management facilities, including federated identity management services to support all user identity requirements.

2 The availability and support for appropriate authentication technologies: Authentication tools that provide clear support for single- and multi-factor authentication. Authentication services that provide and support the use of independent hardware devices and appliance-based solutions - authentication products such as fixed and one-time passwords, hardware and software tokens, USB devices, smartcards and identity cards, biometrics, public key infrastructure (PKI) and digital certificates, virtual private network (VPN) services (secure socket layer (SSL) and IPSec), grid, transaction authentication number (TAN) lists, scratch cards, and other paper-based lists, short messaging service (SMS), and radio frequency identification (RFID).

3 Functional password management and systems synchronisation facilities: The use of password frequency and content controls, password structure controls, password self-service change and update capabilities. The management of new users, lost and forgotten passwords, scheduled password changes and redundant users. Automated update capabilities and the delivery of pass-through capabilities.

4 SSO capabilities: This is an important element of I&AM, especially when extended facilities across different networks are being supported. Delivering the correct levels of protection that are required to properly support SSO provides strong business enablement capabilities, but if delivered inappropriately or insecurely, can make the organisation vulnerable to information and other forms of data theft.

5 Access control services: Support for web and enterprise access management and identity-based access to web services, encrypted protection and, where appropriate, supporting the provision of hardened device (hardware secure module (HSM) black box) protection.

6 Integrated provisioning and de-provisioning facilities: Including support for role-based provisioning, individual provisioning, group and departmental provisioning, and appropriate, efficient de-provisioning facilities. This is one of the areas that Butler Group regards as being essential to the efficient delivery of I&AM services.

7 Controllable administration and policy management infrastructures: Including federated and delegated administration facilities that can be linked through to policy and regulatory compliance-based requirements.

Source: Butler Group, courtesy of Marketworks