NETWORK WORLD NEWSLETTER: DAVE KEARNS ON IDENTITY MANAGEMENT 09/20/04 Today's focus: James Kobielus presents his thoughts on identity
Dear [EMAIL PROTECTED], In this issue: * Burton Group Senior Analyst James Kobielus' thoughts on ��identity and security issues * Links related to Identity Management * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Alterpoint Read the latest analyst report on Network Change and Configuration Management (NCCM) written by EMA's Dennis Drogseth. This report discusses the latest developments in the NCCM market, including an in-depth look at DeviceAuthority Suite, a comprehensive solution for configuring, changing, and controlling today's complex, multi-vendor IT network infrastructures. Download the report today to learn how you can leverage NCCM to reduce the cost and complexity of managing network change. http://www.fattail.com/redir/redirect.asp?CID=81335 _______________________________________________________________ DOWNLOAD THE LATEST SPECIAL REPORTS FROM NETWORK WORLD Focused reports on compelling industry topics, Network World Special Reports are available online at Network World Fusion. Network World Special Reports on Mobility, IP Telephony Security, the State of Wireless LANs and more are currently available. Download any or all of our Special Reports at: http://www.fattail.com/redir/redirect.asp?CID=81366 _______________________________________________________________ Today's focus: James Kobielus presents his thoughts on identity By Dave Kearns Policies, rules, standards, procedures, groups, and roles: we've had a wide-ranging discussion over the past few issues involving your thoughts, dear readers, as well as mine. Today, I'd like to wrap up the major part of the series with the thoughts of one of my Network World colleagues. James Kobielus, like myself, writes a column for Network World. His "Above the Cloud" column ( <http://www.nwfusion.com/columnists/kobielus.html> ) covers many of the same issues as this newsletter, but doesn't appear as often. The overlap isn't surprising, since Kobielus spends most of his time as a senior analyst with the Burton Group, which I think might better be known as ITT - the Identity Think Tank. Kobielus first appeared in this newsletter a couple of years ago when he gently chided me for misusing a term related to Web services. As I said at the time ( <http://www.nwfusion.com/newsletters/dir/2002/01498830.html> ) Jim didn't choose to perform the 'nyah, nyah, look what you did!' dance around my prostrate body while pointing and hooting simultaneously (he does have some dignity, after all). How much dignity, though, was called into question a year later ( <http://www.nwfusion.com/newsletters/dir/2003/0721ds1.html> ) when he next appeared in a review of the 2003 Catalyst conference. At that time I asked what did people have to do to get a string of beads from the IBM Mardi Gras booth, and why did Kobielus have so many? Still, he's always willing to share his well thought out opinion on identity and security issues. This discussion of rules and policies is no different, so here's what Kobielus thinks about the various ideas that have been presented: "I agree with you that the fundamental construct is 'rule,' not 'policy.' "We can conceptualize an information system (centralized, distributed, federated, etc.) as rules of various sorts (security, reliability, orchestration, integration, QoS, management, etc.) that execute on rules engines of various sorts (e.g., application server, proxy, firewall, access management, portal, integration broker) in various deployment roles (departmental, enterprise perimeter, etc.). "We can conceptualize 'policy' as referring to any rule set (i.e., one or more rules) with a well-defined scope, role, engine, administrator, etc. "A 'policy language' is any language for expressing rules with a particular scope (e.g., XACML for access control, WS-BPEL for orchestration, etc.). "We can distinguish between policy enforcement points (PEP), which are rules engines; policy administration points (PAP); and policy storage points (PSP). "Identities (of people, hardware, applications, software components) are the keys to which policies are attached and against which they're administered. "A 'policy access protocol' would be any protocol or interface (e.g., LDAP, DSML, XQuery) for accessing PSPs, PEPs, and/or PEPs, and a 'policy management protocol' would support life-cycle creation, administration, version control, etc of rules/policies on those nodes "No need to create new access protocols to support 'policy access'; I've pointed to the leading current protocols/interfaces that serve that purpose here and now. As regards a 'policy management protocol,' isn't that whatever version/concurrency/workflow controls are built into and/or supported by your PAP/PSP/PEP?" We'll take a break on policy and rules for a bit, now, but please keep sending me your thoughts. In a week or two I'll do a final wrap-up on the issue (at least for this year). I know, by the way, that whenever I use the word "final" it's a certainty that it won't be final. Still, I have to try. RELATED EDITORIAL LINKS Novell set to advance identity mgmt. package Network World, 09/20/04 http://www.nwfusion.com/news/2004/092004novell.html _______________________________________________________________ To contact: Dave Kearns Dave Kearns is a writer and consultant in Silicon Valley. He's written a number of books including the (sadly) now out of print "Peter Norton's Complete Guide to Networks." His musings can be found at Virtual Quill <http://www.vquill.com/>. Kearns is the author of three Network World Newsletters: Windows Networking Tips, Novell NetWare Tips, and Identity Management. Comments about these newsletters should be sent to him at these respective addresses: <mailto:[EMAIL PROTECTED]>, <mailto:[EMAIL PROTECTED]>, <mailto:[EMAIL PROTECTED]>. Kearns provides content services to network vendors: books, manuals, white papers, lectures and seminars, marketing, technical marketing and support documents. Virtual Quill provides "words to sell by..." Find out more by e-mail at <mailto:[EMAIL PROTECTED]> _______________________________________________________________ This newsletter is sponsored by Alterpoint Read the latest analyst report on Network Change and Configuration Management (NCCM) written by EMA's Dennis Drogseth. This report discusses the latest developments in the NCCM market, including an in-depth look at DeviceAuthority Suite, a comprehensive solution for configuring, changing, and controlling today's complex, multi-vendor IT network infrastructures. Download the report today to learn how you can leverage NCCM to reduce the cost and complexity of managing network change. http://www.fattail.com/redir/redirect.asp?CID=81334 _______________________________________________________________ ARCHIVE LINKS Breaking identity management news from Network World, updated daily: http://www.nwfusion.com/topics/directories.html Archive of the Identity Management newsletter: http://www.nwfusion.com/newsletters/dir/index.html _______________________________________________________________ FEATURED READER RESOURCE ACCESS NW'S IN-DEPTH REPORT ON: BLADE SERVERS Available now is Network World's Technology Insider on: Blade Servers. Find out why early adopters of blade server technology say the benefits aren't science fiction, how blade servers differ by vendor, why blade servers are perfectly suited for today's data centers, review our extensive blade server buyer's guide and more. Click here: <http://www.nwfusion.com/nldsv619> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
