Geeks With Blogs

Connected Systems Chilled Out Blog Hanging stuff together in a meaningful way with some fun added

Over the last 5 years I have been involved in a lot of different projects where Identity Management or IDM has become more and more important. Any work with local or natinal government now has this as a key element so I thought it might be time to blog a little on the topic...

What is it? Simply put Identity management (ID management) is a broad administrative area that deals with identifying individuals in a system (such as a country, a network, or an enterprise) and controlling their access to resources within that system by associating user rights and restrictions with the established identity. The driver licensing system is a simple example of identity management: drivers are identified by their license numbers and user groups (such as can drive Motor cycles as well as cars) are linked to the identifying number.

Why is it needed? Taking the theme of local governement - I may have a driving license , I may have a local government housing tax account (Council Tax in the UK) and I may even have a leisure club membership in the area but none of them are related to each other. In fact there is no need to relate them in this case but what about when they should be related - local governemnt have over 800 systems running mybe 80 key systems that I as an identity may appear in a handful. But the relationship between them is key. For instance if I was out of work and living off benifits the relationship between my housing benifit and council tax is key. It is a waste of effort to 'chase me' for council tax when the same councils benefit system is actually going to pay it. So knowledege of matching the identities is makes great sense. Another and fast growing need is the desire to give me 'on-line' access to council services. Here it is paramount to that the Identities I posses in the council are all correctly matched up so that when I select my Housing benefit report I do get mine and not someone elses!

Why is it hard? If we have a green field development it isn't....but how often does that happen!Normally data across a number of systems about the same person has or can have a number of critical inaccurcies. Take a simple example - the name Rachel James. Now in the space of 4 systems we can come up with 4 goes:

Rachel James

Rachel Jones

Rachael Jones

Rachael James

And that was with just a simple name....

We haven't even touched on the address, data of birth, telephone numbers ect. In recent years we have coinede the phrase 'One view of the truth' and we aim to get to that Nivanna all the time.

Funnily enough the approach of councils to this is simplistic to say the least (if we let them have their head!) either its:

Just do a data cleanse and all will be OK


Setup up a CRM and start from stratch by populating as and when people contact us!

So far neither have been a great success.

The solution? Well this is normally in governement terms refered to as the 'Virtual Citizen'. What needs to be created is the'one view of the truth' for in our examples case - Rachel James. And more importantly that view needs to be maintained. So when on of our servivce systems changes their view of the person it is validated against the 'Virtual Citizen' view. In some cases, such as change of address, this can be very helpful in allowing our IDM to replicate that change to all other 'feeder' systems. In  the case of a typo or miss heard entry it means that error is picked up quickly and removed.

So what does an IDM look like - well that is a topic for its own blog in the future.

How about an even bigger picture? In the UK we have started or rather the governement has started a project called the government gateway. This is a method of providing each citizen with an authenticated on-line identity to allow them to access multiple services with just on username and password. This coupled with IDM at a local governement level is a very powerful partnership but again on not without its problems.

Part 2 of this blog will continue the story.....  

Posted on Wednesday, June 15, 2005 8:07 AM Architecture , .Net , Non-BTS Dev | Back to top

Comments on this post: Identity Management - Is this difficult?

# re: Identity Management - Is this difficult?
Requesting Gravatar...
Thought your post was interesting. I have been working wih identity management systems for the past few years and thought I could add on to some of the stuff you were talking about.
First off, Identity Management is not only concerned with people. Rather, it is the virtual representation of any entity in the system (such as a router, IDS, etc) For example, if we put a new IDS in the environment, there are certain priviledges that go along with the router group in the environment - it is allowed to dynamically manipulate the firewall tables. How we assign the identity, what previleges it is allowed within our environment and a partner's environment is what composes of identity management.
Hopefully your second installment will contain more details about the specifics of identity management and early failures (passport) looking forward to your next installment.
Left by Rishi on Jun 15, 2005 9:18 PM

Your comment:
 (will show your gravatar)

Copyright © BizTalk Visionary | Powered by: