IDENTITY MANAGEMENT and role-based access management have traditionally required several separate software tools, but now, IBM is blurring that line. They’ve just announced the release of the latest version of Tivoli Identity Manager, which includes an integrated role management system and embedded provisioning system. The question is: Is this really an improvement?
IBM is releasing a new version of its Tivoli Identity Manager (ITIM) which consolidates several capabilities that have required multiple tools in the past. The identity and access management (I&AM) compliance goal is to centralize policy-based controls and audit trails across key information systems, no matter the flavor. Of course, you also need to be able to create a myriad of phone book sized reports to validate that these controls are effective.
In general, I&AM toolsets interact directly with users and with two external types of systems: identity sources and access control mechanisms. The identity systems deliver authoritative information about users that need accounts and the access control mechanisms used to enforce compliance at any of the OSI Reference Model layers.
IBM reports that the new version of ITIM features an embedded provisioning system. This allows ITIM to communicate directly with access control systems to create accounts, supply user information and passwords, and define the entitlements of an account.
Significantly, Tivoli Identity Manager now includes a fully-functioning role management engine. Role and rule-based access management enables grouping of users according to business needs and delegation of administrative privileges along organizational and
geographical boundaries. IBM is touting this a major improvement to the offering.
The integration of role management with provisioning is the industry direction; CA does it, now IBM does too, and soon Oracle will. However the value of role management to provisioning is a tiny part of the overall value brought to the enterprise by roles; hence these tight integrations may actually constraining role management in to a low value niche.
By integrating role management and provisioning you are limiting the usefulness to the last capability, and sadly that is the direction all the major industry players are heading.S|A