Click here to receive your FREE subscription to Campus Technology
Opinion
The Case for Identity Management
7/20/2006
Developing a successful, cost-effective IdM system takes more than a reactionary response to the latest hacker scare.
WHAT IS YOUR SCHOOL’S identity management (IdM)
strategy? Do you really need one? IdM is a cornerstone
both for cyber security and for privacy compliance (now a
particularly hot issue in health information management as
institutions struggle to comply with HIPAA regulations)—
so the answer to the latter question should be a big yes.
But understanding the elements that comprise IdM—and
finding a long-term way to balance IdM’s costs with its benefits—
can be a challenge.
Months ago in this column (“Trend Report: Identity Management,” November 2005), I identified four underlying components of IdM: identification, authentication, authorization, and directory services. I then elaborated on the first two. This month, we focus on the remaining two components— authorization and directory services—as well as how to sell the need for an IdM strategy to your campus.
Authorization
Authorization is the process that determines what networkbased resources a user is allowed to access. For example, a student may be allowed to access his or her own student records, but not those of another student. The information that specifies what individuals are authorized to access may be stored in multiple databases maintained by different administrative units.
While the process is conceptually simple, it is complex to execute. Defining authorization on a case-by-case basis is extraordinarily time-consuming. Other schemas, based upon an individual’s role, organizational structure, or policy, are fraught with exceptions. The need to translate complex policies into automated combinations of more basic attributes is an area that is rapidly evolving, and campuses will benefit from following the activities and guidelines of national organizations (see “IdM Resources You Should Know”).
Authorization information or its location is typically consolidated in a “directory,” normally spanning a single campus or enterprise. Which brings us to the next component of IdM: directory services.
Directory Services
Directory services were once viewed as little more than online enterprise or network “white pages,” containing network user information such as a person’s name, title, location, network ID, e-mail address, and phone number(s). Now, directory services are becoming the central point for creating, storing, and maintaining user identities and privileges, and for management of network and application access. As the number of shared enterprise applications increases, directory services have become the answer to integrating and managing this complex online environment. This solution also reduces dependence on manual or disconnected directory maintenance processes, streamlines access, and minimizes risks to associated resources.
Recommended Reading
- Emerging Tech Challenges
- Interesting Developments
New projector technologies and features offer improved picture quality, reductions in operation and installation costs, and challenge our ideas about where and how projectors can be used.
- 'N' is for Now!
With final approval of the emerging 802.11n standard tantalizingly close, forward-looking colleges and universities are deploying wireless "n" networks. Here's what you'll need to know for your own "n" initiative.
- Put It Online
- The Argument for Open
Is open source business intelligence software ready for prime time? Our feature contributor offers BI watchers the open source ammunition they've been waiting for.
- CT Briefs
