I've been having a few conversations with colleagues about the absence of an open source solution for automated provisioning (keep an eye out here...something cool to come out soon), and then today, I made my way to the openptk website.
Now, I know that these guys don't have an actual provisioning solution, but rather a toolkit of APIs, web services, HTML taglibs, etc. that plug into existing provisioning solutions. Unfortunately, there isn't alot of info on their site, but its absolutely intriguing. Affiliations aren't hidden - all three contributors are Sun employees, and their site clearly says: "The architecture supports several pluggable back-end services including Sun's Identity Manager, Sun's Access Manager and LDAPv3."...but theoretically, this could plug into any provisioning solution, or am I being too optimistic?
Saturday, July 28, 2007
IdM Processes...Existing vs. Future
Corbin Links put together a thought provoking post the other day on identity management implementations, and how companies are looking for a magic tool that could resolve their identity management woes, when they should primarily be focusing on their processes.
This got me thinking of a conversation I had with a few folks who are part of the professional services arm of an IdM vendor about this (although this may not be what Corbin was hinting at), and the individual was educating me on how they engage a client on an IdM project. His advice: don't waste too much time on their existing processes, because they are going to change anyway.
I suppose this advice works (even then, only partially) for a company that is willing to completely change existing processes based on advice given by a few individuals that probably know little to nothing about their business - which I can't imagine are many.
One notable exception are the companies in the SMB market. My definition for SMB companies from an identity perspective lie between 200 and 2000 (perhaps that's a little generous). There are many companies in this space that have the regulatory pressures, but are typically flexible to change their processes to "template processes".
Nonetheless, for companies that don't fall into this category, regardless of size, the question is - what are the inherent dangers of glossing over existing processes, and focusing most of the attention on future processes? Perhaps missing some of the "must-haves" in new processes, but not necessarily. With that being said, time for a movie...to be continued?
"Don’t start with the tool. Don’t start with even thinking about vendors. Don’t think “gee, now that we have fully committed to Identity and Access Management we will just outsource the whole thing, and a third party will take care of our business process for us.” Instead, make the commitment to work through processes. Don’t worry yet about higher-level tasks such as “role engineering” and “compliance baselining.” If you start there, chances are it will not be worth the paper it’s printed on by the next fiscal quarter. Instead, collect processes. Start with “business snippets” and work up from there."
This got me thinking of a conversation I had with a few folks who are part of the professional services arm of an IdM vendor about this (although this may not be what Corbin was hinting at), and the individual was educating me on how they engage a client on an IdM project. His advice: don't waste too much time on their existing processes, because they are going to change anyway.
I suppose this advice works (even then, only partially) for a company that is willing to completely change existing processes based on advice given by a few individuals that probably know little to nothing about their business - which I can't imagine are many.
One notable exception are the companies in the SMB market. My definition for SMB companies from an identity perspective lie between 200 and 2000 (perhaps that's a little generous). There are many companies in this space that have the regulatory pressures, but are typically flexible to change their processes to "template processes".
Nonetheless, for companies that don't fall into this category, regardless of size, the question is - what are the inherent dangers of glossing over existing processes, and focusing most of the attention on future processes? Perhaps missing some of the "must-haves" in new processes, but not necessarily. With that being said, time for a movie...to be continued?
Monday, July 02, 2007
Apple's New Product (not the iPhone)
Yup...got the iPhone. Love it, but getting used to the keyboard.
So - Apple is already launching new products...take a look.
Am I obsolete already?
So - Apple is already launching new products...take a look.
Am I obsolete already?
Subscribe to:
Posts (Atom)