Interoperability Frameworks for Identity#

Interoperability frameworks (IF) are nothing more than listings of accepted standards, both external and internal, that an organization uses. An IF is an essential prerequisite to enabling decentralized identity infrastructures that nonetheless work together to achieve the organization's goals and objectives. A good IF complements policies and provides a foundation on which they can be more effectively created and enforced.

An IF is created in accordance with the same governance procedures. This chapter will discuss the properties and content of a good interoperability framework.

Principles of a Good IF#

An interoperability framework is a working document that systems architects, software developers, and others can use to guide their work. There are several significant principles that a good IF should follow.

Derived from current practice#

A good IF is never created in a vacuum. Your organization is using particular standards and technology right now, and that's what you should start with when developing your IF. Even though the first draft may begin as a ragtag collection of disconnected and conflicting standards, over time, the list can be refined and pruned. We'll see later in this chapter how to use status designations in the IF to accomplish this goal.

Enforced#

A good IF will guide the engineering of the identity infrastructure. Just as with policy, this goal is achieved only if the organization is willing to enforce the IF. As with any standard or policy, a process should be put in place for exceptions and approving deviations from the IF. Nevertheless, adherence to the IF should be expected within the organization, and the governing organization must have ways of bringing projects into compliance.

One way to do that is by controlling purchasing. The IF should guide purchasing decisions. In a large organization, this might be enforced through the purchasing department. Even in smaller organization, procedures can usually be put in place to reinforce the IF. For example, in a small organization, a single person typically has final signature authority on hardware and software purchases and thus can guide the infrastructure toward certain standards .

Understandable#

Technical and business management must understand the IF. Most important is that management understands the need for standards and why certain standards have been placed on the list and others have been left off. If management does not understand the motivation behind choices in the IF, you will have a tough time getting cooperative compliance.

Complete#

The IF should take into account the full context of the organization. When you create the IF, include every standard currently used by the organization. Make sure to review those and identify any gaps where there is no standard, de facto or otherwise.

Flexible#

Ensure that the IF is subject to a governance process that can rapidly adapt or respond to changing business needs. The idea is not to create a straightjacket that keeps the organization from doing anything, but to channel activity into paths that lead to the interoperability of decentralized systems.

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-2) was last changed on 24-May-2008 13:29 by -jim