Building an IMA involves creating a series of interrelated components. This figure shows a schematic diagram of these components.
The following paragraphs describe these components briefly. For detailed information on how each of them are created and how they work together, see my book, Digital Identity. An IMA is created within a governance framework that lays the ground rules and a business context that lays out long-term business goals, principles, and objectives. Governance is one of the most political parts of the entire process, and hence, it can be the messiest. The number one rule for establishing governance for your IMA effort is to be inclusive. Everyone who will be affected, from the business managers who will pay for and use it to the technologists who build it, needs to have a way to participate and understand the process.
Closely aligned with the governance process is the process of gathering information about the business so that the IMA reflects the needs and structure of the organization. This isn't as complicated as it sounds and can be useful for more than just the IMA, including other IT project planning.
The process architecture describes how your business accomplishes identity tasks now and how they should be accomplished in the future. Identity processes are evaluated and improved using a maturity model for identity management that gives clear direction on how processes should be changed to improve your identity infrastructure.
The data architecture is a model of the identity data in your organization. Building an identity data architecture involves determining what data you have and then standardizing data practices in three important areas: categorizing, exchanging, and structuring data. Data usually gets the short end of the stick in any IT project. By linking the identity data to the business processes that use it (from the process architecture), you'll be able to create and justify projects to normalize and document data.
Identity policies are a crucial way for your organization to set direction, communicate standards, and create an environment in which interoperable systems can be designed and built. An identity interoperability framework is a set of standards that your organization has committed to using. These two pieces form the backbone of the IMA and are informed and used by the other components.
Identity-related policies have traditionally been all mixed up in security policy. I'm a firm believer that identity policies are more fundamental, and thus form a foundation for traditional security policies. You'll find a set of policy templates for identity policies at www.windley.com/identity-policy.
The technical reference architecture provides implementation guidance to system architects. Reference architectures tell system architects how to create systems that work with the enterprise identity infrastructure and each other. The technical reference architecture contains not only an overall blueprint for the digital identity infrastructure you're creating, but also recommended architectures for the various system types that will use it.