I never liked asking for permission to do things when I was growing up. Especially when I was asking permission for something that probably wasnít a great idea-like asking to sleep over at my friendís house with the (undisclosed) intent of staying up all night and roaming around town after midnight. Being the typical teenager, I wanted to control what I did or didnít do. I certainly didnít want someone else-especially my parents-limiting my options or telling me that I couldnít do something.
Since then, Iíve outgrown the need to stay up all night with friends and other similar acts of teenage rebellion. Iíve also come to appreciate the value of permission and the need for control that exists, not just in our personal lives, but also in business. In fact, the issue of permission-where someone (or something) can or canít do something (or have access to something) is an important part of business applications and IT infrastructure strategy. Itís also a key component in an organizationís identity management strategy and control over whether or not individual users have access (or are prohibited from) applications, servers, databases, or other IT resources.
The idea of identity management has been around for a long time, and itís consistently a top issue on surveys of CIOís concerns. If youíre a CIO, knowing whoís accessing what-especially in these increasingly security conscious times-is taking on a new urgency and level of importance. Identity management solutions typically refer to processes and software that streamline the management of an individualís identification and access to different applications or systems. Single sign-on technologies are one example of identity management solutions. Using single sign-on solutions, a user can log into their corporate portal or application once and then, automatically, be logged into (or have access) to the other appropriate applications and resources. No more having to remember multiple passwords for each different account and application, which is certainly a good thing.
But I believe that thereís a lot more to the identity management story and idea of permission than just using single sign on technologies to enable easier access for users to a variety of different applications. By extending the concept, it can be used to control not only who has access to what application or data, but what group of people have access to what application/data and, more importantly, what applications (or application components) have access to what other applications and data. This idea of managing data exchange and application access through the concept of groups is particularly powerful when the groups have membership that spans multiple organizations, for instance, as you might find when individuals in different government agencies have common interests and shared objectives (like monitoring security issues) and need to share information across those traditional agency or corporate boundaries while still maintaining security.