I would change the title a little to ".. still problematic .." Provisioning, integration, etc and de-versions have always been problematic so nothing new there. And it is too often the technicians mainly carry the task to make it work.
Yes, I would agree the vendor community should pay attention but no tool or toy ever will solve the problems IF the companies / corporations don't have strategies, plans and designs of their own. For many reasons, vendors don't really know your business, vendors solutions are too often product and even version specific, vendor solutions are too often sold by "nice" user interfaces but not much capability or are capable but very difficult and cumbersome to implement / use, and so on.
I'm honestly amazed that even today the role based access (more than, not same as identity federation) is not used more? It was clear even in 70's that role based access was the only sensible way to manage the environment. And today it is much easier than it was back then. After going through a couple of integrations, hundreds of user changes a day, platform integrations, corporate integrations where one day thousands of new users came to a "federated" system, etc I have found that if there is no corporate strategy, design, plans (and option B) they will fail in one way or another - late, too expensive, chaos, people burnout, etc maybe several years.
And there is nothing a technical person can do except trying to keep the infrastructure running and hopping the best. So, yes - the day by day problems are on low level but the solutions can only start from much higher up in business hierarchy.
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
try zivios (www.zivios.org)...
try zivios (www.zivios.org). its an open source identity management system
Zivios, yes but
Zivios is actually a very handy system but only technically and only if more plugins are developed. The problem is not so much technical but understanding the problems and the benefits. Let me explain - in 70's I designed a system for a big, actually global, company where I could turn the CEO's (and/or his secretary's) access to any information down by just a command AND he could do the same to me at any time. Or, because of our roles in company, we could change, turn anyone's access down or transfer it to someone else who had the same role at any time. All the resources and access was moved or canceled at the same time, all was audited AND all the changes and information bound to this person was secured, automatically backed up, the employment relationship, benefits, and so on were automatically changed, etc, blah, blah.
The system was designed the way that our HR usually changed, activated or deactivated the persons role - handy when a developer changed a role or left the company, handy when someone traveled globally to an area which didn't have a secure access, handy when a customer became an employee or an employee became a customer, or we integrated with another company with thousands of users in different roles, often but not always already working but not employed by us, etc.
Once the infrastructure is designed that way, it comes a routine, provisioning gets (kind of - forget the politics!) easy and security goes way up. So - as I said Zivios looks good but without company / corporate strategy and automation (more, many more plugins) it's just one of tools available today.
Post new comment