Identity Management Architectures and Digital Identityby Phil Windley, author of Digital Identity
After some analysis, you've decided that your company needs to beef up its digital identity infrastructure. You've read some white papers from vendors and even considered buying an enterprise package that you've been promised will solve your single-sign-on problems. Still, you're uncomfortable. You should be.
The problem is that a digital identity infrastructure isn't something you buy from a vendor, any more than you bought your file, print, and desktop infrastructure. Likely, you built that--from various components you bought--in accordance with goals and requirements specific to your company. Your digital identity infrastructure is no different.
The problem is that such an infrastructure is quite a bit more complicated than your desktops and corporate LAN, and there's not as much collective wisdom in the IT community on how to go about it. A bigger problem is that identity management is as much about politics and economics as it is about technology--maybe more.
Identity Management Architectures
To succeed, you need a strategy, one that takes into account not only the technology, but the politics and economics surrounding digital identity. I call such a strategy an identity management architecture, or IMA.
An IMA is like a city plan. We've all seen cities that don't quite seem to have a sense of place, where the zoning didn't yield a coherent set of uses or designs, and things just seem thrown together. This results from a lack of planning. Imagine the difficulty and danger of living in a place where there were few standards for building, multiple electrical voltages and phone systems, and roads were placed willy-nilly.
This is the situation in which most enterprises find themselves with their digital identity infrastructure. The systems are thrown into place with little thought to standards or interoperability. Solving the problem of the day, week, or month takes precedence over long-term goals. The end result is a tangled mess of systems that are brittle and unreliable. Heroic efforts are required to make small changes or even keep the systems running from day to day.
In the same way that city planning creates a set of standards and rules for buildings to ensure that the overall area is consistent and workable, an IMA is a collection of policies, rules, and standards that provides the context for creating a flexible digital identity infrastructure.
IMAs and System Architecture
If identity management architectures are like city plans, then system architectures are more like the plans for single buildings. The plans for a building are made within the context and scope of a city plan that not only defines roads and lots, but also sets standards for sidewalks, setbacks, and so forth. Furthermore, the city plan has adopted building codes that define how the buildings will be implemented and sets out best practices.
Identity management architectures likewise define a context for system architecture. A well-defined identity management architecture will make demands on system architectures in order to meet certain ends. Like a good city plan, a large part of the effort is in establishing governance procedures that create and maintain the plan, as well as the inspection and quality assurance processes that ensure that it's followed correctly. Also, like a good city plan, conforming to the identity management architecture will be neither convenient nor cheap, and there will be considerable pushback if your organization is not committed to the process.