Interoperability Frameworks for Identity#
Interoperability frameworks (IF) are nothing more than listings of accepted standards, both external and internal, that an organization uses. An IF is an essential prerequisite to enabling decentralized identity infrastructures that nonetheless work together to achieve the organization's goals and objectives. A good IF complements policies and provides a foundation on which they can be more effectively created and enforced.
An IF is created in accordance with the same governance procedures. This chapter will discuss the properties and content of a good interoperability framework.
Principles of a Good IF#
An interoperability framework is a working document that systems architects, software developers, and others can use to guide their work. There are several significant principles that a good IF should follow.
Derived from current practice#A good IF is never created in a vacuum. Your organization is using particular standards and technology right now, and that's what you should start with when developing your IF. Even though the first draft may begin as a ragtag collection of disconnected and conflicting standards, over time, the list can be refined and pruned. We'll see later in this chapter how to use status designations in the IF to accomplish this goal.
Enforced#A good IF will guide the engineering of the identity infrastructure. Just as with policy, this goal is achieved only if the organization is willing to enforce the IF. As with any standard or policy, a process should be put in place for exceptions and approving deviations from the IF. Nevertheless, adherence to the IF should be expected within the organization, and the governing organization must have ways of bringing projects into compliance.
One way to do that is by controlling purchasing. The IF should guide purchasing decisions. In a large organization, this might be enforced through the purchasing department. Even in smaller organization, procedures can usually be put in place to reinforce the IF. For example, in a small organization, a single person typically has final signature authority on hardware and software purchases and thus can guide the infrastructure toward certain standards .