These slippery people.
For me, it’s all about identity and access management these days.
How to disambiguate users without relying too heavily on the classic “identity theft” data.
How to handle ad hoc registration and secure communication with hundreds of thousands of transient users.
How to make sense of business rules to build them into approval chains in user provisioning. (This is the sticky part. There are always unwritten rules that bubble to the surface. “All users have to be approved for access to that data, so that data owner needs to sign off on it.“ “What about the developer writing the application? Does he have to get approval too?“ “Oh no, he can create as many test accounts as he wants.“)
How to consolidate management of access to ALL the platforms, and no, I don’t just mean single sign-on through Citrix. Is a system administrator going to go through Citrix to log in to the console of a misbehaving Linux box? I don’t think so. Are you going to get your third-party financial application to log in to a local system account through Citrix? Nuh-uh. Please don’t tell me there’s a silver-bullet single-signon solution out there that handles ALL access control, because it’s still only modeled on the Windows-using non-IT employee.
I’m probably going to be spending the next two years solving this problem, and some of my choices are going to be made for me midstream, because I’m dealing with an imminent outsourcing as well.
All in all, I think I’d rather be doing my taxes.
Posted by shrdlu on Sunday, November 05, 2006
(2) Comments • Permalink •
