Thursday, December 11, 2008

Contacts at other Universities

As things start to pick up speed here after the holidays, it would be nice to talk with people out there in Academia who have undertaken similar efforts at their own institutions. This wouldn't have to be anything terribly formal, but it might involve an hour-long phone call with some of the members of our project team, or, depending on your proximity to upstate New York, we might even be able to arrange a trip out to your school for a face-to-face meeting.

Basically, we'd be looking for any of the roadblocks you overcame in your Identity Management project, understand the choices you made in your implementation, and any words of wisdom you might have for our team as we begin to delve deeper and deeper into our project.

If you and your project team would be interested in talking to us, you can contact me via the LinkedIn button on the right hand menu. I look forward to hearing from you!

Thursday, December 4, 2008

Put one foot in front of the other

So as I was watching "Santa Claus is Coming to Town" with my son the other night, I realized how many different things the song "Put One Foot in Front of The Other" could apply to, including Identity Management projects!
Put one foot in front of the other
And soon you'll be walkin' 'cross the flo-o-or
Put one foot in front of the other
And soon you'll be walkin' out the door.

Many times, people involved with large-scale IdM rollouts become overwhelmed with where to even begin. But taking things one step at a time not only makes the work more manageable, it also gives you some tangible benefits along the way. The first thing to do is understand what you've already got -- meaning, map out current processes, understand the various systems involved, and figure out who the key players are in each process.

Once all of your processes have been identified and documented, start with one or two of them. With your new understanding of these processes, it will be easier to decide on a vendor or product that will suit your needs. And if the product has already been decided/implemented, you can begin work on incorporating those business processes into the software.

If those first two steps seem too difficult, break them down into smaller steps. At a university, maybe instead of tackling all the various user populations, start with only students. Or even only undergraduates. Whatever seems manageable in your environment. The key is to tackle tasks in a way that allows you to complete them in a reasonable amount of time and effort -- this provides not only concrete results, but gives team members a sense of accomplishment along the way. A 2 year project without any sort of tangible results will certainly cause some burnout on your project team. So...

You never will get where you're goin', if you never get up on your feet! Come on! There's a good tail wind blowin' A fast walkin' man is hard to beat!

Sunday, November 30, 2008

IAM Success Tips

I just finished reading Corbin Links' IAM Success Tips, Volume 1 and really think it would be a great resource for any new IdM initiative your organization might be starting. I know that I will try to implement many of the suggestions in the book as we move forward with our project. Many of the "bad" examples in the book -- the things not to do -- brought back some memories for me... I hope that this project at the U of R can avoid many of those common pitfalls. Things like not understanding your current environment, and expecting a vendor's software package to solve all the IdM problems that have grown out of bad business processes.

I look forward to the imminent release of Volume 2 (which, according to this post, is slated for tomorrow!)

Wednesday, November 26, 2008

Identity management at a university

There are a few unique aspects to doing an identity management project at a university. Well, if not unique, then certainly more pronounced or common than in a typical enterprise...

One challenge is the decentralized nature of the university. The number of individual organizations -- departments, schools, libraries, etc. -- is higher than that of a typical corporate environment. And more importantly, each group has traditionally created its own processes and support mechanisms for their own end-users. It will be important, as the project progresses, to build the identity framework in a flexible way that allows different organizations to feel like they are still in control of their data, but in turn, make that data (or subsets of that data) available to the University community at large. Corporate deployments would usually have the luxury of having complete control of the environment, and typically has a central IT department. This isn't always the situation, such as in the case of acquisitions, but usually IdM projects have the ability to set policy for the corporate-wide computing resources.

The other aspect that makes an IdM project at a university different than within a corporate environment is the number of different relationships people may have to the organization. First, identify the various relationships a person can have with the university and medical center (undergrad, grad student, alumnus/alumna, faculty, staff, contractor, patient). And what commonly occurs is that a person has more than one relationship with the University (employees are also graduate students, students are doing work-study programs, etc). Understanding these relationships, and documenting the process by which all the different types of users get added into the system(s) will be job number one for the project.

Friday, November 21, 2008

A few more random identity managment thoughts

Just wanted to say a quick thank you to Ash for the workshop on Monday... And add a few other thoughts:

Ash's Identity Management Rantings: It's About the Business...

  • "Identity management" as a goal in and of itself doesn't mean a lot. Concrete business requirements are necessary in order to have a project succeed.
  • It doesn't matter what you do on the back-end -- if the end users (and project sponsors) can't see tangible results that affect their day-to-day activities, all the process re-engineering and data clean-up in the world is going to go unnoticed and unappreciated.
  • For whatever reason, hearing the exact same thing come from an outside consultant actually sinks in with management, but this never seems to happen for internal people :)

Thursday, November 20, 2008

The beginning

Hi! Glad you stopped by...

A little about me: I have been designing and supporting identity management infrastructures long before there was a fancy name for them (like "identity management infrastructures"...) This includes directory servers, Web access management systems, as well as the rest of the software stack that goes along with that (web servers, Java app servers, etc). Currently, I work at the University of Rochester, where I am part of the team that will be developing the identity management strategy here, and implementing all the supporting technology.

"Identity Management Lessons" seemed like an appropriate title for the site, seeing as this current project will be taking place at a university. The articles will be focused on the overall process we're undertaking, the problems encountered (and hopefully some solutions to go along with them), unique concerns of rolling out identity management at a university and medical center, and general thoughts about the various technologies involved.