Identity and Access Management (IAM)

By Raul Bernardino

Introduction:

Identity and Access Management (IAM) is a framework which is consisting of the technical, policy, and governance components or a framework for business processes that facilitates the management of the electronic identities. The framework is including technology and to support management of the identities. This framework can allow an organization to:

·     identify individuals

·     link identities with roles, responsibilities and affiliations

·     assign privileges, access, and entitlements based on identity and associations

This IAM is certifying data stewards and service providers to control access to the information and/or services, according to an individual's identity, roles and responsibilities.

IAM is covered of four main areas as follows:

·     Credential (assignment of an unique token to an entity needing access to resources)

·     Authentication (act of validating proof of identity)

·     Authorization (act of affording access to only appropriate resources and functions)

·     Accountability (ensuring against illegitimate utilization of an entity’s authority…flows from the first 3 functions)

Below is IAM diagram:

Mosaic Integration

The inclination of individual project teams to address integration concerns on a case-by-case basis is natural. The effort involved in many “one-off”, or “point-to-point”, integration scenarios may seem trivial at first, especially when compared to the effort involved in defining and managing an integration infrastructure (after all,

I can set-up that FTP transfer in a couple lines of Perl (or PHP, or whatever)). Only when looking at the “big picture” can we truly appreciate what a tangled mess these “point-to-point” integrations engender. The metadata concerning “what's connecting to what”, the inconsistent security models, and the tight-coupling of service interfaces with implementations, all contribute to the sort of “brittle” environments discussed above.

Developing a coherent integration infrastructure must be a collaborative effort. In order for this collaboration to be productive, recognition and respect of roles, expertise and “spheres of influence” must be maintained. The SIA team recognizes that the technical leads of the various Mosaic Project initiatives will be responsible for identifying integration concerns, application and business-driven technical requirements. These may include, but are not limited to:

·        data consistency and periodicity of synchronization

·        specification of integration points

·        definition of service interfaces/business objects

·        definition of technical capabilities/limitations within the application environment (e.g., the ability to expose a service via SOAP)

The value that the SIA team brings to the Mosaic project lies in the definition of the infrastructural framework, integration patterns, governance and best practices which can be applied to the aforementioned concerns and requirements. The recognition and support of this “domain expertise” on the part of the Mosaic project teams will be paramount in developing and maintaining a “cross-initiative” integration perspective—substantially reducing the likelihood of falling into the traditional traps of point-to-point integration while bolstering the potential for standardization, optimization and reuse of integration resources.

References List:

Rouse M. (n:n:), Identity Management (ID management), [On-line]. Available from: http://searchunifiedcommunications.techtarget.com/definition/identity-management (Accessed: 13 October 2014)

AN. (11-12 April 2011), Requirements for a Global Identity Management Service, [On-line]. Available from:  http://www.w3.org/2001/03/WSWS-popa/paper57 (Accessed: 13 October 2014)