September 24, 2007 Role Management and eSSO vendors - a call for action Part of a successful Identity Management (IdM) project is a successful role discovery and mapping phase. Many organizations -- after having mapped and optimized their business processes -- turn to role design and management solutions (VAUU RBACx, BHOLD, Oracle's BridgeStream, and others). While these solutions give a great initial insight into the existing role structure, they are not the only source of role interrelationship information. Role design can build
on
many other sources: demographics mined from helpdesk tickets from users requesting access, job descriptions, quality management systems (it certain cases this is wishful thinking...), and increasingly from Enterprise or Desktop eSSO solutions (PassLogix, ActivIdentity, CA). eSSO solutions store multiple login cr男子spaedentials for users to multiple applications. As such, extracting account linkage, mapping and correlating user IDs between user repositories based on
access information built by end-users is much more reliable than an养生馆y artificial role mining logic, usually based on
user repository attributes. This user mapping data could then be used as the车库门 starting point of role discovery - maybe even on
a periodic basis. There is one technical problem today: smart data interchange between role mining and eSSO products does not exist.
This post is a call for action for eSSO and role mining vendors to build these crossroads and help end users' struggles with defining provisioning roles in large organizations.
Posted by Andras Cser at 08:38 AM in Identity and Access Management | Permalink TrackBack TrackBack URL for this entry: http://www.typepad.com/t/trackback/146365/21785431
Listed below are links to weblogs that reference Role Management and eSSO vendors - a call for action: