http://gircrazyp.friendlinkup.com/ How to Create and Implement Successful Projects en http://gircrazyp.friendlinkup.com/2008/10/01/identity-management-and-federated-ilm.html I had of course heard the term Identity Lifecycle Management, as well as understood that it had something to do with centralizing as well as helping users manage identities across systems as well as all that jazz. Any IT jock or person involved in Technology should understand (and hopefully does) that Identity Management is probably the an estimated all integral part of any system. Hell, even with anonymous systems it still uses a form of identity management because of the fact that these systems must be ‘administered’ by someone as well as that someone has an identity on behalf of utilize with that system. So I decided to look a little more into it, as well as to say I am impressed by the solutions as well as ideas that people have come up with in relation to Identity Lifecycle Management solutions would be definitive understatement. I trust the best term on behalf of how impressed I am by this would be at the ‘totally freaking wicked awesome’ level. I know.. I am excitable, but seriously if you haven’t ever really read about or looked into Identity Management or Identity Lifecycle Management (which shall be referred to as ILM from this point onward in this post) follow in conjunction with me here. The concept of Identity Management is pretty simple. You have an identity. Everyone using any system of any sort uses an identity when they interact with that system. This could be an anonymous user (which uses an anonymous identity) or an identity that has information about who you are. The an estimated all common systems on behalf of this would be forms authentication operational of a user store (let’s say… sql database on behalf of an example) or Active Directory if you are working with Windows, or whatever Linux as well as those other systems utilize on behalf of Identity Management. So what’s the big deal? The fact that everything nowadays requires you to submit your identity. Think of the internet (big I know) as well as how you visit different sites as well as register or login (facebook, myspace are pretty popular so lets utilize them as an example). When you login it uses your profile information in a number of ways, presenting the information you desire to see, who you are, who you might be associated with as well as other things. All of this of course comes down to being associated with your ‘identity’. In a nutshell Identity Management provides you with more cability to manage identities. This can be in the form of policies, provisioning, workflows, or reducing ’sign in’ needs. So what’s cool? The whole federated identity management stuff as well as how far some groups have come with these systems. So what is federated identity management? Exactly what the term sounds like unionizing, or bringing combined these identity management. Let’s take a simple example. Your organization has AD as well as maybe an intranet. You login to the intranet as well as navigate to your benefits area. When you click on a link in the intranet to the benefits area it actually uses federated identity management to communicate who you are as well as (since your already authenticated) does not prompt you. The information it presents you with is based on your identity which has been passed onto as well as associated with the benefits system’s identity store. This isn’t a new concept or anything, but what fascinated me was when I actually played with one of these systems (in my case Microsoft Identity Lifecycle Manager (the new beta)), it was how the interface was set up, as well as how it honestly was like something out of my dreams. I have seen a great numerous different AD’s in my day as well as have wrote applications that integrated with PeopleSoft or other systems on behalf of identity management. Many of them had difficulties as well as issues, weren’t well maintained, or were structured poorly. This causes all sorts of issues when you are trying to implement systems like SharePoint 2007 because of the fact that now you can't rely on having organizational hiearchy (as an example) being available to you on behalf of audience targeting. Take that one step further as well as numerous of the clients I have worked with utilize numerous different user stores, or work directly with groups that have their posses user stores. It’s the way the world works, I evangelize as well as advocate SharePoint, another person sells their custom app as well as so on until there are a plethora of different systems that all utilize different identity stores. With a tool like Microsoft’s Identity Lifecycle Manager it removes so numerous of the issues I would jog into on a regular basis trying to either replace, or integrate the existing systems. That’s not to say you don’t have plenty of alternatives (single sign on is a good one), but seeing numerous systems so well integrated as well as being so easy to manage as well as synchronize made me fully understand the power (and obvious effort) these ISV’s as well as organizations solution’s provide. Looking forward to learning more about the whole ILM marketplace, Richard Harbridge P.S - Here’s some examples of solutions which drop under Identity Management as well as ILM… Management of identities Provisioning/De-provisioning of accounts Workflow automation Delegated administration Password synchronization Self-service password reset Access control Policy-based access control Enterprise/Legacy single sign-on (SSO) Web single sign-on (SeoS) Reduced sign-on Directory services Identity repository (directory services on behalf of the administration of user account attributes) Metadata replication/Synchronization Directory virtualization (Virtual directory) e-Business scale directory systems Next-generation systems - Composite Adaptive Directory Services (CADS) as well as CADS SDP Other categories Role-based access control (RBAC) Federation of user access rights on web applications across otherwise untrusted networks Directory-enabled networking as well as 802.1X EAP Standards initiatives Security Assertion Markup Language (SAML) Liberty Alliance — A consortium promoting federated identity management Shibboleth (Internet2) — Identity standards targeted towards educational environments Abriva — Free mobile identity management framwork References: http://msdn.microsoft.com/en-us/library/ms996532.aspx, http://en.wikipedia.org/wiki/Identity_management, http://www.microsoft.com/windowsserver/ilm2/default.mspx        Wed, 01 Oct 2008 13:57:59 -0400 gircrazyp