Wednesday, November 26, 2008

Identity management at a university

There are a few unique aspects to doing an identity management project at a university. Well, if not unique, then certainly more pronounced or common than in a typical enterprise...

One challenge is the decentralized nature of the university. The number of individual organizations -- departments, schools, libraries, etc. -- is higher than that of a typical corporate environment. And more importantly, each group has traditionally created its own processes and support mechanisms for their own end-users. It will be important, as the project progresses, to build the identity framework in a flexible way that allows different organizations to feel like they are still in control of their data, but in turn, make that data (or subsets of that data) available to the University community at large. Corporate deployments would usually have the luxury of having complete control of the environment, and typically has a central IT department. This isn't always the situation, such as in the case of acquisitions, but usually IdM projects have the ability to set policy for the corporate-wide computing resources.

The other aspect that makes an IdM project at a university different than within a corporate environment is the number of different relationships people may have to the organization. First, identify the various relationships a person can have with the university and medical center (undergrad, grad student, alumnus/alumna, faculty, staff, contractor, patient). And what commonly occurs is that a person has more than one relationship with the University (employees are also graduate students, students are doing work-study programs, etc). Understanding these relationships, and documenting the process by which all the different types of users get added into the system(s) will be job number one for the project.