NETWORK WORLD NEWSLETTER: DAVE KEARNS ON IDENTITY MANAGEMENT 09/01/04 Today's focus: Two issues with the policy access protocol idea
Dear [EMAIL PROTECTED], In this issue: * Readers identify two areas where a policy access protocol ��might have problems * Links related to Identity Management * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Oracle An Economist Intelligence Unit White Paper: From Grid to Great? Grid computing is breaking out. Familiar mostly to academics, government groups, and scientific researchers, this technology that links together the power of diverse computers to create powerful, fast and flexible systems is beginning to catch on in the corporate world. Included in this white paper, results and interviews from a global survey among Sr Executives, click to download now http://www.fattail.com/redir/redirect.asp?CID=78713 _______________________________________________________________ IS SECURITY RIPE FOR OUTSOURCING? Security demands for online applications such as e-commerce and Web services are prompting more corporate customers to hand off security functions - such as intrusion detection and firewalls - to outside service providers. Find out if security should be outsourced in this Network World article: http://www.fattail.com/redir/redirect.asp?CID=78239 _______________________________________________________________ Today's focus: Two issues with the policy access protocol idea By Dave Kearns A couple of weeks ago I raised the idea of crafting a policy access protocol so that applications and services would be able to standardize the way they create, modify and use policies as part of an implementation of policy-based management. This generated some discussion which quickly resolved to two major issues. The first issue, raised by a number of people, was that the term "Policy Access Protocol" was going to cause confusion. As I said in that newsletter, the Organization for the Advancement of Structured Information Standards has created XACML, the Extensible Access Control Markup Language. I said XACML was a good starting point, but policy management includes more than just access control. As my correspondents pointed out, saying that "policy access" was needed because "access control" wasn't enough was both confusing and placed an emphasis on "access" that made it seem more important than "policy." My protocol suggestion also had an unfortunate acronym, as some mentioned. So I'm thinking the better choice would be Policy Management Protocol (PMP - pronounced "pump," before anyone suggests otherwise). This also broadens the coverage from just access to policies to the whole panoply of events - creation, access, modification and removal - which surround them. That issue was, I think, fairly easily solved. The second could take more time. Fino Napoleone is vice president of technology and services for Blockade Systems, a longtime player in the access control field but relatively new to identity management. Napoleone raised a question which I've mentioned in other contexts, but one which is front and center when we're talking about identity management and a Policy Management Protocol: What exactly do we mean by "policy"? Human resources in particular, but even the IT department, may first think of a loose-leaf binder filled with "dos and don'ts" when the subject of corporate or business policies comes up. No one has yet figured out a way to automate or computerize most of these rules of conduct, such as the "Business Casual Wear Policy" promulgated by CTG Resources, which tries to cover appropriate dress for all possible situations: "The company is going to a business casual wear dress code for the full workweek. This policy is optional and employees may continue to wear regular business clothes as well. In going to business casual wear the Company would like all employees to feel comfortable, but does not want employees to appear less professional. Your attire should not make your co-workers and/or customers feel uncomfortable nor should it be distracting to others." <http://www.nwfusion.com/nldsv548> There are just way too many variables and subjective judgments here. Network policies, on the other hand, are generally seen as a series of "if-then" logical gates that control who, what, when, where and how resources can be accessed. There are also policies associated with regulatory compliance that are mandated by (usually) government legislation. The policy itself is more like the "Business Casual Wear Policy" but its implementation is probably a series of network, access-control, data acquisition and other computer-based if-then policies. I've mentioned more than once that I've learned when interviewing people new to the identity management niche, but with experience in security products, that "policy" is one of the terms we need to define before we start to talk, as we probably have different ideas about its meaning. So here's today's assignment (you don't expect me to do all the work, do you?): let's come up with a definition of "policy" that satisfies our requirements while not being ambiguous and capable of being confused with other uses of the term. Even better, what about a completely different term? Let's hear your suggestions. RELATED EDITORIAL LINKS Calling for a policy access protocol Network World Identity Management Newsletter, 08/18/04 http://www.nwfusion.com/newsletters/dir/2004/0816id2.html Catching up with four ID mgmt. vendors at Catalyst Network World Identity Management Newsletter, 08/09/04 http://www.nwfusion.com/newsletters/dir/2004/0809id1.html _______________________________________________________________ To contact: Dave Kearns Dave Kearns is a writer and consultant in Silicon Valley. He's written a number of books including the (sadly) now out of print "Peter Norton's Complete Guide to Networks." His musings can be found at Virtual Quill <http://www.vquill.com/>. Kearns is the author of three Network World Newsletters: Windows Networking Tips, Novell NetWare Tips, and Identity Management. Comments about these newsletters should be sent to him at these respective addresses: <mailto:[EMAIL PROTECTED]>, <mailto:[EMAIL PROTECTED]>, <mailto:[EMAIL PROTECTED]>. Kearns provides content services to network vendors: books, manuals, white papers, lectures and seminars, marketing, technical marketing and support documents. Virtual Quill provides "words to sell by..." Find out more by e-mail at <mailto:[EMAIL PROTECTED]> _______________________________________________________________ This newsletter is sponsored by Oracle An Economist Intelligence Unit White Paper: From Grid to Great? Grid computing is breaking out. Familiar mostly to academics, government groups, and scientific researchers, this technology that links together the power of diverse computers to create powerful, fast and flexible systems is beginning to catch on in the corporate world. Included in this white paper, results and interviews from a global survey among Sr Executives, click to download now http://www.fattail.com/redir/redirect.asp?CID=78713 _______________________________________________________________ ARCHIVE LINKS Breaking identity management news from Network World, updated daily: http://www.nwfusion.com/topics/directories.html Archive of the Identity Management newsletter: http://www.nwfusion.com/newsletters/dir/index.html _______________________________________________________________ FEATURED READER RESOURCE NW FUSION PARTNERS' SITES NOW AVAILABLE Network World Fusion Partners is a collaborative effort between Network World and sponsoring Partner companies. Each microsite contains best-of-breed information as well as custom content not found anywhere else, including a custom email newsletter and special offers. It is current, top-of-mind information that is readily accessible and bundled into one comprehensive package.. Visit the NWFusion Partner sites to learn about storage solutions, network access solutions, optical networking and more. Visit NWFusion Partners at: <http://www.nwfusion.com/go/nwprr> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED] ------------------------ Yahoo! Groups Sponsor --------------------~--> $9.95 domain names from Yahoo!. Register anything. http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/BCfwlB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/kumpulan/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
