As business processes become more and more flexible, internal and external parties need to be integrated in a quick but secure way. Therefore, IT systems need a reliable source of identities and their access rights to allow information flow in heterogeneous environments beyond system and company boundaries.
Up to now, monolithic architectures and single-vendor solutions have been typical for IdM implementations. But after having gone through some mergers and acquisitions, many companies are all of a sudden faced with IdM systems from different vendors, in different versions and at different locations. Migrating all of them to a single-vendor solution might be quite expensive or even unfeasible.
This is a real challenge, and at first sight, it seems to be a drawback, as the IdM architecture is no longer centralized: in fact it is typically distributed in several aspects, different in functionality and more difficult to administrate and maintain.
However, if the individual IdM systems are combined and deployed in the right manner, it can also be an advantage to keep them. An obvious reason is the protection of the investment already made in licenses, training etc.. But there are also a number of technical merits of a heterogeneous solution, depending on the architecture chosen, each with its proper pros and cons. These will be analyzed in detail.
Martin Kuppinger will interview Bernd Hohgräfe on how such an infrastructure of combined Identity Management systems in a hierarchical architecture with dedicated subsystems would look like.
The main problems with conventional IDM-Systems are the tremendous amounts of point to point connections and their maintenance. Beyond this there is no clear assignment of responsibilities for the IDM-Operator and the Application Owner in reference to the IDM Interface. Particularly if the IDM System is based on agents.
Therefore we created an SOIDMA strategy for a big German tele-communication provider. The objective was to keep the system responsibility to the Application Owners, to meet compliance needs and to keep the maintenance efforts as low as possible.
With the advent of a necessary transition from an architectural, resource-centric approach to one which is identity-centric, Identity Management needs to be delivered as a set of distributed infrastructure services. In this Panel, Martin Kuppinger will discuss with implementation experts and vendors the capabilities of current Identity Management solutions to work as distributed services.
