NETWORK WORLD NEWSLETTER: DAVE KEARNS ON IDENTITY MANAGEMENT 11/15/04 Today's focus: The case for a provisioning management information base
Dear [EMAIL PROTECTED], In this issue: * Letter from Thor Technologies' Ranjeet Vidwans * Links related to Identity Management * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Veritas IDC White Paper, Distributed Applications Performance Management Performance management of distributed applications continues to grow in complexity, keeping pace with this constantly changing environment is a challenge for IT and performance management software vendors alike. Learn how the Veritas i3 Approach can be the foundation for your organization's Application Performance Management strategy. Download this IDC White Paper now http://www.fattail.com/redir/redirect.asp?CID=88399 _______________________________________________________________ IT SECURITY JOBS TO EXPLODE With an annual compound rate of nearly 14% from now until 2008, information security jobs are far outpacing IT jobs in general. For more results from this recent survey conducted by IDC of full-time security pros in 80 counties worldwide, click here: http://www.fattail.com/redir/redirect.asp?CID=88267 _______________________________________________________________ Today's focus: The case for a provisioning management information base By Dave Kearns In this newsletter a couple of weeks ago, I asked whether we are looking for network management for identity. Today, I'll share the responses I received, and examine a possibility for monitoring offered by an existing technology that most of us are very familiar with. One of the first responses in my inbox was from Ranjeet Vidwans, Thor Technologies director of product management. Sometimes, though, I think his title should be "director of Dave Kearns management" since he seems to spend an inordinate amount of time reading (and commenting on) my writings. Nevertheless, his thoughts were appropriate even though he began by saying: "This is something a few of us have actually mulled over a couple of times (typically over the last glass of wine after a good meal)." Vidwans goes on, "Most of the clients and prospects that I've worked with have already made significant investment in monitoring solutions, typically from HP or IBM. In parallel, sensitive target systems (such as Siebel, SAP, or PeopleSoft) already have rich entitlements and permission models that are optimized for those systems." He seems to be leading to the conclusion that the connector between these two is where audit log monitoring could occur. Specifically, he thinks that provisioning vendors (and we all know what Thor's Xellerate product does, don't we?) are best positioned to solve this problem. As Vidwans puts it: "I believe that provisioning solutions have the ability to serve as the integration point that allows these firms to maximize the benefits they derive out of these existing investments (the very point you were discussing in your column). However, rather than the conceptual model that you were outlining in the column, I think there's a much more literal approach that actually leverages SNMP." Hmm, you say, SNMP and identity management all wrapped up together? Do tell, Ranjeet, how will we do that? He explains: "As we've discussed in the past, Xellerate [as well as other provisioning systems - Dave] is optimized to automate how users are provisioned to resources, even at the fine-grained entitlements level. Our adapters for systems such as SAP, Siebel, and PeopleSoft (among many others) are calibrated to allow clients to leverage the rich and unique entitlements models that each of those vendors have defined for their systems. More importantly, we reconcile the changes that are made to user privileges directly in the target systems. "For instance, assume that user dkearns is initially provisioned to an application (App1) with certain entitlements (E1). Now an administrator directly uses the App1 administration interface to bump the user's entitlement to E2. Xellerate reconciles this change back into the system and any reporting done on this individual's provisioning history will reflect that he has E2, not E1 level of access in App1. In addition, Xellerate allows system admins to define policies that can calculate whether or not dkearns should have E1 vs. E2 access (or no access at all) to App1 - We can also surface reports that show the delta between the user's 'as-is' vs. 'ought-to-be' provisioning state. This is all available today." Vidwans continues: "What if I were to publish a MIB [Management Information Base] for Xellerate - one that would allow me to leverage the same concepts (traps, alerts, threshold exceptions, congestion conditions) that make SNMP such an invaluable protocol for NetMon purposes? I could update monitoring stations on the following kinds of changes or situations: inappropriate privilege levels detected; high degree of provisioning activity in sensitive systems; license (number of deployed seats) for an expensive system; approaching license threshold; and there are many more. Can you imagine a world where auditors and InfoSec personnel would have monitoring windows on their portal or desktop and would get real-time alerts based on policy violations (or roll-ups of policy violations if we want to leverage another SNMP concept)? "In this model, neither the native target applications, nor the monitoring infrastructure need to be aware of new standard or protocols. They don't even need to entertain feature enhancement requests to support this kind of capability. The 'only' thing needed would be to define what an error condition (or exception condition or anything that would be considered 'actionable') means to me, and publish the appropriate MIB. It sounds a bit far-fetched, but much more grounded in reality than many of the ideas we tend to throw around." A provisioning MIB, why didn't I think of that? Why didn't you? Tell me what you think about this possibility. Next issue, we'll examine another monitoring possibility, one directly connected to both standards bodies and audit logs. Hurry back. RELATED EDITORIAL LINKS Are we looking for network management for identity? Network World Identity Management Newsletter, 11/03/04 http://www.nwfusion.com/newsletters/dir/2004/1101id2.html The Extended Enterprise Issue Network World, 11/15/04 http://www.nwfusion.com/ee/2004/ _______________________________________________________________ To contact: Dave Kearns Dave Kearns is a writer and consultant in Silicon Valley. He's written a number of books including the (sadly) now out of print "Peter Norton's Complete Guide to Networks." His musings can be found at Virtual Quill <http://www.vquill.com/>. Kearns is the author of three Network World Newsletters: Windows Networking Tips, Novell NetWare Tips, and Identity Management. Comments about these newsletters should be sent to him at these respective addresses: <mailto:[EMAIL PROTECTED]>, <mailto:[EMAIL PROTECTED]>, <mailto:[EMAIL PROTECTED]>. Kearns provides content services to network vendors: books, manuals, white papers, lectures and seminars, marketing, technical marketing and support documents. Virtual Quill provides "words to sell by..." Find out more by e-mail at <mailto:[EMAIL PROTECTED]> _______________________________________________________________ This newsletter is sponsored by Veritas IDC White Paper, Distributed Applications Performance Management Performance management of distributed applications continues to grow in complexity, keeping pace with this constantly changing environment is a challenge for IT and performance management software vendors alike. Learn how the Veritas i3 Approach can be the foundation for your organization's Application Performance Management strategy. Download this IDC White Paper now http://www.fattail.com/redir/redirect.asp?CID=88398 _______________________________________________________________ ARCHIVE LINKS Breaking identity management news from Network World, updated daily: http://www.nwfusion.com/topics/directories.html Archive of the Identity Management newsletter: http://www.nwfusion.com/newsletters/dir/index.html _______________________________________________________________ Mission critical-application security Tune in to learn how to protect your enterprise applications from direct targeted web attacks, targeted attacks, direct database breaches, and worm infections, both internally and externally. Watch this new webcast "Defending Your Business with Application Security"now. http://www.fattail.com/redir/redirect.asp?CID=88452 _______________________________________________________________ FEATURED READER RESOURCE NEW! Website dedicated to Networking for Small Business now available The editors of NW Fusion and PC World have combined all their expert advice, authority, and know-how into a powerful new tool for small businesses, the new Networking for Small Business website. Get news, how-to's, product reviews, and expert advice specifically tailored to your small business needs. Find help with Security, Broadband, Networking, Hardware, Software, and Wireless & Mobile technology at: <http://www.networkingsmallbusiness.com/> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
