Overview#

IMA Interoperability Framework are nothing more than listings of accepted standards, both external and internal, that an organizational Entity uses.

An IMA Interoperability Framework is an essential prerequisite to enabling decentralized Digital Identity infrastructures that nonetheless work together to achieve the organization's goals and objectives. A good Digital Identity Framework complements policies and provides a foundation on which they can be more effectively created and enforced.

An IF is created in accordance with the same governance procedures. This chapter will discuss the properties and content of a good interoperability framework.

Principles of a Good IF#

An interoperability framework is a working document that systems architects, software developers, and others can use to guide their work. There are several significant principles that a good IF should follow.

Derived from current practice#

A good IMA Interoperability Framework is never created in a vacuum. Your organization is using particular standards and technology right now, and that's what you should start with when developing your IF. Even though the first draft may begin as a ragtag collection of disconnected and conflicting standards, over time, the list can be refined and pruned. We'll see later in this chapter how to use status designations in the IF to accomplish this goal.

Enforced#

A good IMA Interoperability Framework will guide the engineering of the identity infrastructure. Just as with policy, this goal is achieved only if the organization is willing to enforce the IF. As with any standard or policy, a process should be put in place for exceptions and approving deviations from the IF. Nevertheless, adherence to the IF should be expected within the organization, and the governing organization must have ways of bringing projects into compliance.

One way to do that is by controlling purchasing. The IF should guide purchasing decisions. In a large organization, this might be enforced through the purchasing department. Even in smaller organization, procedures can usually be put in place to reinforce the IF. For example, in a small organization, a single person typically has final signature authority on hardware and software purchases and thus can guide the infrastructure toward certain standards .

Understandable#

Technical and business management must understand the IF. Most important is that management understands the need for standards and why certain standards have been placed on the list and others have been left off. If management does not understand the motivation behind choices in the IF, you will have a tough time getting cooperative compliance.

Complete#

The IF should take into account the full context of the organization. When you create the IF, include every standard currently used by the organization. Make sure to review those and identify any gaps where there is no standard, de facto or otherwise.

Flexible#

Ensure that the IF is subject to a governance process that can rapidly adapt or respond to changing business needs. The idea is not to create a straightjacket that keeps the organization from doing anything, but to channel activity into paths that lead to the interoperability of decentralized systems.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-6) was last changed on 25-Aug-2017 12:48 by jim