Sunday, August 24, 2014

Identity Touch Points - Applications Architecture Perspective

Identity Management is a mature IT concept and is the foundation of good security and solid regulatory compliance. Today, with the paradigm shift in cloud computing and mobility era, businesses need to understand and prepare their IT organizations to enable or associate user's identity and entitlements, and extend access privileges beyond the traditional corporate perimeters. This change is introducing new risks and it is also prompting new questions about ownership and control of digitized information.

However, what do the services/applications consider to be the attributes that define user/businesses unique identity? From a technology standpoint, I see identity products to be broadly classified into 3 pillars based on their feature offerings/solutions:


1) Identity Governance
User/Entitlement provisioning, Password/Profile management, Self-service Access/Roles catalog management

2) Access Management
Single sign-on, Authorization, Authentication

3) Identity Platform Services
Policy Compliance and Enforcement, Security Stores, Replication, Synchronization

Mapping these core identity functions/features into the enterprise application architecture space is quite challenging. In reality, our understanding of a business entity (person/tenant/business) identity is built upon an incomplete set of attributes that the application/service architecture deems sufficient to differentiate one entity from another. But this attribute set is generally far from complete and  a wide range of perceptions exist regarding what is considered acceptable to uniquely define an entity's identity in the application/service domain. Application architecture must accept a level of risk and be willing to offer service on the basis that a business/user's identity definition is "good enough" for the purpose of which the application/service is going to use it.

Here is my attempt at capturing the high-level identity touch points that matter to the application-architecture design across the enterprise technology domain.