Hans Wierenga recently published in SOA Magazine (Issue XLII: August 2010) a brilliant article analysing the predicament of the Security disciplines. The title itself is ‘to the point’: “Why the Information Security Consultancy Industry Needs a Major Overhaul”   (http://www.soamag.com/I42/0810-1.php ) Wierenga writes: “Unfortunately, the current information security vocabulary - in particular, as embodied in … Continue reading Hans Wierenga on Trust, Respect & Utility

The Identity and Access Management Architecture defines three layers of I&AM processes. These are essentially business processes engineered to provide centralised user management, access control, account lifecycle management and security policy compliance. The three layers are: 1.IDENTITY INTEGRATION: Identity Data Governance, Identity Validation, Role Engineering, Directory Integration and Directory Rationalisation 2.ACCOUNT LIFE-CYCLE MANAGEMENT: Authorisation Workflows, … Continue reading I&AM Programme Layers

I keep quoting John Arnold's 2006 article "Security Services Model - Security Architectures". His work can be read here: https://docs.google.com/Doc?docid=0AexnQiysWyHGZGdwNWRiN2hfNTh2OHJoaGg&hl=en I believe  John's thinking is essential to develop new direction in Security and Identity Management.

The I&AM Reference Architecture must be based on the idea of the "Circle of Trust". I take this notion from a paper published by John Arnold in 2006. In this context, "security" is interpreted as the definition, the establishment, the enforcement and the verification of trust. The I&AM domain is conceived in terms of "establishment … Continue reading I&AM in the “Circle of Trust”

At the core of the I&AM domain we find the architectural principles of Identity Data Management and Identity Data Ownership.  Contrary to appearances and technological trends, I&AM is essentially data management and its correct understanding will lead to the application of both industry and enterprise standards in the sphere of information management. I&AM must be … Continue reading I&AM beyond the “standard approach”

Many times in my career I have been asked "What is Identity and Access Management and how does it work?" Even Security professionals feel unsure about the scope and nature of our discipline. Identity and Access Management --I always say-- is above everything else, a security discipline, but it would be a misunderstanding to interpret … Continue reading I&AM and Organizational Transformation