Click here to receive your FREE subscription to Campus Technology
Opinion
The Case for Identity Management
7/20/2006
Developing a successful, cost-effective IdM system takes more than a reactionary response to the latest hacker scare.
WHAT IS YOUR SCHOOL’S identity management (IdM)
strategy? Do you really need one? IdM is a cornerstone
both for cyber security and for privacy compliance (now a
particularly hot issue in health information management as
institutions struggle to comply with HIPAA regulations)—
so the answer to the latter question should be a big yes.
But understanding the elements that comprise IdM—and
finding a long-term way to balance IdM’s costs with its benefits—
can be a challenge.
Months ago in this column (“Trend Report: Identity Management,” November 2005), I identified four underlying components of IdM: identification, authentication, authorization, and directory services. I then elaborated on the first two. This month, we focus on the remaining two components— authorization and directory services—as well as how to sell the need for an IdM strategy to your campus.
Authorization
Authorization is the process that determines what networkbased resources a user is allowed to access. For example, a student may be allowed to access his or her own student records, but not those of another student. The information that specifies what individuals are authorized to access may be stored in multiple databases maintained by different administrative units.
While the process is conceptually simple, it is complex to execute. Defining authorization on a case-by-case basis is extraordinarily time-consuming. Other schemas, based upon an individual’s role, organizational structure, or policy, are fraught with exceptions. The need to translate complex policies into automated combinations of more basic attributes is an area that is rapidly evolving, and campuses will benefit from following the activities and guidelines of national organizations (see “IdM Resources You Should Know”).
Authorization information or its location is typically consolidated in a “directory,” normally spanning a single campus or enterprise. Which brings us to the next component of IdM: directory services.
Directory Services
Directory services were once viewed as little more than online enterprise or network “white pages,” containing network user information such as a person’s name, title, location, network ID, e-mail address, and phone number(s). Now, directory services are becoming the central point for creating, storing, and maintaining user identities and privileges, and for management of network and application access. As the number of shared enterprise applications increases, directory services have become the answer to integrating and managing this complex online environment. This solution also reduces dependence on manual or disconnected directory maintenance processes, streamlines access, and minimizes risks to associated resources.
Recommended Reading
- CT Industry
- eProcurement Success!
Today, it's clear to almost every campus executive that moving an institution from the traditional purchasing model to a strategic eProcurement program can greatly increase staff efficiency and save the institution money. Because eProcurement automates so many purchasing processes, it eliminates reams of paperwork and allows procurement staff to refocus their efforts on cutting costs and improving strategic partnerships.
- How to Be a Super Tech Leader
Mary Jo Gorney-Moreno didn't start out in IT. She joined San Jose State University (CA) in 1981 as an assistant professor in the school of nursing. But somewhere along the way, she realized her energy was focused on academic technology, and how it could help a variety of learners gain knowledge.
- James Morris
- Products :: Data Security
- Products :: Physical Security
