Developer Issues with Identity#

When creating an application, whether it is for internal if authentication or compliance is required then the developer has some difficult issues to deal with:
  • How do I deal with authentication?
  • Where do I get the user’s identity information from?
  • What identity information do I need based on the problems I have to solve?
  • How do I make sure it is correct?
  • Where do I store the information?
  • How do I protect the information?
  • How do can we audit and show compliance for the Application?

Not the Primary Objective#

These are difficult questions and are not the primary objective of the application team, usually these are the least of the application teams concern. Usually the application team will use what the method that they are most comfortable with to and own identity infrastructure. Database developers create user tables, login screens and processes, permission and authorization modules, account registration procedures, and profile management tools.

And they do it again and again. #

The outcome is what is common in almost every organization that we look at today. Many, many data-stores with identity and privacy information spread all over the organization. A large insurance company admitted they found more than 400 applications that contained identity information. This presents the following issues for organizations to deal with:
  • No methodology for consistent, centralized enforcement of enterprise-wide policies
  • Users with passwords in many different data-stores each with:
    • Different passwords
    • No common method to synchronize passwords
    • Multiple password enforcement policies
    • Multiple data-stores that require updates (all via different methodologies) on termination or other user profile changes
  • The list goes on and on.

Easy Sell#

Needless to say Identity Management should be an easy sell to any developer team.

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-1) was last changed on 24-May-2008 13:26 by -jim