I've described identity as the binding between a person (or entity) and a business process. It is a one-to-one relationship, and it has a lifecycle. The identity starts when a person initiates a relationship and gets an initial set of rights and privileges. As the relationship grows, rights may be added or subtracted, with preferences and affinity groups modified or removed. Although I've given examples that relate to e-commerce, the concept of identity management is also of importance in controlling and tracking the use of enterprise resources by employees or other authorised agents, such as contractors and approved vendors. Intellectual property accessed and used by employees, including computer systems and network file storage, must be included in your identity management process. For example, when a person joins a company and fills out the necessary forms for payroll, benefits, and other identification information, this normally triggers some activity within human resources, and the person gets an email address. In identity management terms, the person is assigned an identity and granted rights to a mailbox that has a user identification and password assigned. The person is assigned a computer, and added to the identity is the privilege to access the computer system and other network file shares. Once allowed to access the computer system, the person assumes other rights to peruse the intranet and, most likely, the ability to go out through the corporate firewall to the public Internet. The person may be allowed into certain restricted intranet sites, again with another user identification and password. A transfer to a new position or a promotion brings a different set of privileges. Throughout the person's career, the process of addition, subtraction, and modification continues, until the person leaves or retires. Each data source or workflow action adds information to the person's identity. At each point in time, the rights granted allow some measure of access to business applications and services. When and how the rights are assigned, and to what business applications and services, is the process of identity management. On the other side of identity management are the applications and services that must define rules for access. Like any other software, the identity, too, has a lifecycle. And within the growth of additional services, and the pruning of extraneous or outmoded services, it must have its rules of access managed closely to prevent security and information breaches. Does identity management remove operational hurdles?
You can imagine the user identity information as similar to a credit card with a computer chip of memory. By unambiguously proving your identity (authentication), you unlock information about yourself. As you access applications and services, your rights to use that information (authorisation) and your preferences (attributes) provide you with services. Identity management can make this information usable across many different applications in a standard fashion. This would eliminate redundancy of storage, while allowing security policies to be written in a consistent manner and enforced in a general way. The standardisation would force a generic interoperability, saving development time, and with credential formats, authentication protocols, and security policies, ensure the fidelity of information for operation. The standardisation of identity allows you to use a common credential portable across many applications. By doing so, the complexity of the authorisation process is diminished.
