Monday, July 24, 2006

fyi Do politics and identity management mix?

All:

Found content:

http://www.networkworld.com/newsletters/dir/2006/0717id2.html

My take:

Dave Kearns writes a great column. This one had all the promise of an even greater column than usual, based on that enticing headline. The intersection between IdM and partisan politics? George W. Bush’s position on SAML? Does Bush or anybody else in Washington politics have even the dimmest awareness or concern for such techno-plumbing?

Nope. Just a discussion of the organizational politics that accompanies a federated IdM, in terms of who controls which authoritative repositories of information under which circumstances. Turf wars. Politics in the usual coalition trench warfare of business life.

Nevertheless. This particular column has a critical IdM insight which, though not mind-blowingly original, put me in mind of something else. Says Kearns: “Turf wars are especially abundant when dealing with identity issues. After all, most identity information is simply data. Although it's organized around particular identifiers it's still simply data. The problem is we're trying to present a unified view of that data that crosses departmental, organizational and jurisdictional lines.”

Of course. IdM is a subdiscipline of master data management (MDM). Sez me, per my recent Current Analysis advisory report on SOA and MDM: “Lacking ubiquitous SOA-based MDM, enterprises cannot achieve the vision of a ‘single version of the truth’ that permeates all business transactions. In a well-architected SOA-based MDM environment, users know they can rely on information that is maintained in their company’s reference data stores—no matter how many repositories there are or where they reside. This is because all that precious content has been transported, consolidated, cleansed, and secured in keeping with official corporate policies, and by a common set of official corporate DM services. As long as the MDM infrastructure (and the broader SOA) enforces a common set of policies across the data-governance life cycle, master data can be reused over and over with high assurance that it is current and accurate.”

IdM is MDM in the governance of identity data (and, usually, employee data, to enable authentication, authorization, etc.). MDM comes in many varieties, based on the sorts of master reference data that’s being controlled. Customer data integration (CDI) is one type of MDM. Product information management (PIM) is another. Supplier information management is yet another.

In the world of MDM, there’s the distinction between “physical MDM” (i.e., a “data warehouse” (DW) a single master governance repository of some data set) vs. “virtual MDM” (i.e., enterprise information integration (EII) based on distributed repositories of master reference data and the need for federated governance/query/update across them).

That’s exactly equivalent to the IdM distinction between master directories (i.e., identity warehouses) and multimaster directories (i.e., identity federations).

To sum up: Identity isn’t just data. It’s master reference data. Control over that data, in an identity MDM environment, is inevitably political. In federated MDM, all the ownership turf wars apply full force.

Just wanted to point that out.

Jim