Search This Blog

Wednesday, October 19, 2005

Still looking for a definition for 'role'

NETWORK WORLD NEWSLETTER: DAVE KEARNS ON IDENTITY MANAGEMENT
10/19/05
Today's focus: Still looking for a definition for 'role'

Dear security.world@gmail.com,

In this issue:

* Can we get a standard concept for 'role'?
* Links related to Identity Management
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Arbor Networks

Network Perimeter defense has become an industry in of itself.
But what if the danger to your network lurks from within - a
disgruntled employee, misuse of a VPN, 3rd party access,
employee access for personal reasons? In the following report,
Internal Intrusion Prevention, read about this threat and
providing multidimensional protection.
http://www.fattail.com/redir/redirect.asp?CID=117655
_______________________________________________________________
ARE X86 SERVERS THE ANSWER?

Analysts say users want to consolidate x86 systems but don't
want a move that may require a change to operating systems or
modify applications. As a result, they're looking for the
computing muscle and manageability once limited to more
expensive servers. Technology advances are making volume x86
servers more powerful, but are they powerful enough? More:
http://www.fattail.com/redir/redirect.asp?CID=117735
_______________________________________________________________

Today's focus: Still looking for a definition for 'role'

By Dave Kearns

A recurring theme in this newsletter is the search for an
ontology of identity management - finding the right vocabulary
so that we can agree on the terms and their meanings, and talk
about the interesting stuff. Those of you who follow my musings
at either The Virtual Quill <http://vquill.com/> or A Journal of
Identity Management <http://idmjournal.com/> may have noticed a
"discussion" going on recently over the very word "identity" and
its offspring, "digital identity." But that's not the term I
want to talk about today.

Roles and role-based access controls are topics we bring up
frequently. But I was reminded the other day that, perhaps, not
everyone in the discussion has the same concept of "role."

Ed Zou is the vice president of marketing at Bridgestream, which
is (and has been for the last few years) a pioneer in the area
of business roles automation. I met Zou at this year's Catalyst
conference where he was introduced to me as a new technology
partner of Thor Technologies (see "Bridgestream separates
business roles from IT roles"
<http://www.networkworld.com/nldsv6344> ). I ran into Zou again
last week at Thor's Advisory Council meeting where we talked
about - what else? - roles.

Zou reminded me that many of us with histories in network
administration think of roles in terms of groups within the
network directory. But, by their very nature, there are no
relationships between and among groups. As Zou said, these
groups "are typically defined only within directories without
any context." The patchwork created by managing roles and groups
in existing directories and applications often lead to too many
unmanageable roles and groups, what Zou calls "rogue roles."

Now he had me backed up, with no escape and Zou the pedagogue
went into high gear: "The terms 'roles' and 'groups' are used in
different ways throughout the industry and within organizations.
IT organizations use them to describe a class of access
privileges. Business units use them to represent organization
structure, responsibility, span of control and authority. For
example, if Jane in the marketing department reports to the CEO,
supports key sales initiatives at major accounts, manages three
staff members, and participates in the revenue recognition team,
she has four different business roles. Yet, most likely only two
of these roles can be found in the directory: the direct
reporting structure and the formal department that she belongs
to. The other dimensions are difficult for directories to
include and even harder to maintain. Her role changes and thus
must be defined to be sensitive to business context, e.g.,
in-context roles."

I now see why this current discussion of "roles" has spread so
far and wide: There was the initial newsletter outlining
Bridgestream's philosophy
<http://www.networkworld.com/nldsv6344>, another outlining a
definition from Eurekify founder Ron Rymon
<http://www.networkworld.com/nldsv8753> and yet a third view of
"roles" from Symlabs Vice President Felix Gaehtgens
<http://www.networkworld.com/nldsv8754>. The three gentlemen
have differing views of roles, and differing ways to discover,
define and manage roles. If I could just get the three of them
to sit down with me, perhaps over a glass of wine or two, maybe
we could agree on a definition of roles. We'd also need to
create some new terms for those areas that they would decide
fall outside the new definition.

I'll be at the Internet Identity Workshop
<http://www.eclab.byu.edu/workshops/iiw2005/announcement.html>
next week where I hope to begin a dialog about the meanings of
the terms we bandy about so recklessly at times. If you'll be
there, also, perhaps you'll join me in that discussion.

The top 5: Today's most-read stories

1. Cisco finally brings security push to LAN
<http://www.networkworld.com/nldsv9218>
2. Nortel replaces CEO Bill Owens
<http://www.networkworld.com/nldsv9219>
3. Help Desk: When the Windows VPN doesn't work
<http://www.networkworld.com/nldsv9220>
4. Microsoft cuts costs of virtual servers
<http://www.networkworld.com/nldsv9221>
5. WiMAX just around the corner
<http://www.networkworld.com/nldsv9222>

_______________________________________________________________
To contact: Dave Kearns

Dave Kearns is a writer and consultant in Silicon Valley. He's
written a number of books including the (sadly) now out of print
"Peter Norton's Complete Guide to Networks." His musings can be
found at Virtual Quill <http://www.vquill.com/>.

Kearns is the author of three Network World Newsletters: Windows
Networking Tips, Novell NetWare Tips, and Identity Management.
Comments about these newsletters should be sent to him at these

respective addresses: <mailto:windows@vquill.com>,
<mailto:netware@vquill.com>, <mailto:identity@vquill.com>.

Kearns provides content services to network vendors: books,
manuals, white papers, lectures and seminars, marketing,
technical marketing and support documents. Virtual Quill
provides "words to sell by..." Find out more by e-mail at
<mailto:info@vquill.com>
_______________________________________________________________
This newsletter is sponsored by Arbor Networks

Network Perimeter defense has become an industry in of itself.
But what if the danger to your network lurks from within - a
disgruntled employee, misuse of a VPN, 3rd party access,
employee access for personal reasons? In the following report,
Internal Intrusion Prevention, read about this threat and
providing multidimensional protection.
http://www.fattail.com/redir/redirect.asp?CID=117637
_______________________________________________________________
ARCHIVE LINKS

Archive of the Identity Management newsletter:
http://www.networkworld.com/newsletters/dir/index.html
_______________________________________________________________
Webcast - Identify, prevent and adapt. Can your network do that?

Too much security and your business stops. Find out what steps
others are taking to protect information by establishing
standards, setting up policies and processes, and creating
assessment technologies. Learn more.
http://www.fattail.com/redir/redirect.asp?CID=117482
_______________________________________________________________
FEATURED READER RESOURCE

Network World New Data Center: Spotlight on Advanced IP

Piecing Together the Next Generation IT Architecture. This 5th
installment in a 6 part series takes a look at at On-demand
services, automated management, and management technologies.
PLUS, see how two IT Execs are plotting their way to an all
IP-world. This NDC issue has it all, click here to read now:

<http://www.networkworld.com/supp/2005/ndc5/>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)