tag:blogger.com,1999:blog-13465455.post3172042599280477842..comments2024-02-05T03:19:14.204-05:00Comments on Ash's Identity Management Rantings: IAM Failures...Product or Services?Ashraf Motiwalahttp://www.blogger.com/profile/06659523320698728171noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-13465455.post-17091079115526135362010-08-22T17:54:23.155-04:002010-08-22T17:54:23.155-04:00Great point!
Another approach is to establish a go...Great point!<br />Another approach is to establish a governance team that is responsible for laying out policy. No change can happen to the system without going through them first. Here's some details about how such a team could look:<br /><br /><a href="Great%20point!Another%20approach%20is%20to%20establish%20a%20governance%20team%20that%20is%20responsible%20for%20laying%20out%20policy.%20No%20change%20can%20happen%20to%20the%20system%20without%20going%20through%20them%20first.%20Here" rel="nofollow">http://identropy.com/blog/bid/34592/4-Steps-Towards-Taming-your-Identity-Management-Initiative</a>Ashraf Motiwalahttps://www.blogger.com/profile/06659523320698728171noreply@blogger.comtag:blogger.com,1999:blog-13465455.post-37876675585699275872010-08-20T10:00:17.141-04:002010-08-20T10:00:17.141-04:00Just one opinion but . . . our purchased IAM prod...Just one opinion but . . . our purchased IAM product was a little clugy to set up but after 5 years was and still is able to do everything we want. Our implementation vendor was and still is very good at providing guidance when we are stumped technically. Where the heartburn was and still is would be the issue of coordinating the business rules and the technical rules. The 2 most common questions we've experienced over the duration is "why did this account get disabled?" and "why did it get created?" The answer, because the business rules say these criteria cause this action. Then IT learns from the business unit that the business rule was changed. After. If ever. The missing link, for us, is an in-house "account executive" who constantly meets with the business units and translates that back to IT. So I think IAM failures are at least partly precipitated by lack of involvement with all of the business. IAM is not an IT thing, its a whole organization thing.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13465455.post-55750917208635390762010-08-01T16:56:04.464-04:002010-08-01T16:56:04.464-04:00Does your SSO product handle authorization as well...Does your SSO product handle authorization as well? For example, does it make decisions regarding what a user can see/do once they have authenticated to an app? <br /><br />If it does NOT, then you should look towards ESSO products. Gartner has a magic quadrant for ESSO, so take a look at this paper: http://www.gartner.com/DisplayDocument?doc_cd=160413<br /><br />If it does, then you might be interested in web access management products. Gartner also has a magic quadrant for those, here's a link to an older one: http://www.sun.com/software/products/opensso_enterprise/2h07.pdf<br /><br />If you have a gartner subscription, they could get you the latest and greatest. <br /><br />In terms of a methodology for migrating them in an efficient and intelligent way, research papers probably wont be of much help. You need real expertise from specialists who've done this before. The company I work for, <a href='http://www.identropy.com/Services_identity-management-workshops>Identropy</a>, could provide some help/guidance on this matter. You could email them at info at identropy dot com and they'll set up a complimentary session with an Architect.Ashraf Motiwalahttps://www.blogger.com/profile/06659523320698728171noreply@blogger.comtag:blogger.com,1999:blog-13465455.post-40355672002402543712010-08-01T14:10:43.154-04:002010-08-01T14:10:43.154-04:00Ashraf,
I just stumbled upon your blog and found l...Ashraf,<br />I just stumbled upon your blog and found lot of interesting and new things. I work for a large retail organization.We have built our own SSO product based on Java. This product has been serving the business needs for past 10 years but lately we started seeing influx of packaged products with which we are finding it real hard to integrate. The management has made up its mind to replace this homegrown product with an commercial SSO product. The problem here is that we have 450+ application (Java/J2EE) which already use our SSO product. I wanted to understand how easy or difficult it is to migrate to a new solution since our SSO solution is heavily customized to the needs of a retail setup. Do you have any thoughts about thi ?Samplehttps://www.blogger.com/profile/00333048482215855511noreply@blogger.com