The Second Hard Problem in Identity Management

Подробнее о видео

The Second Hard Problem for Identity Management
A Bit of Security for July 24, 2024
As for roles, consider the experience of organizations that have tried to apply full detailed roles (and the same happens with rules, too, by the way). At MIT there was a pool of about 9,000 grad students, administrators, and research faculty. After analyzing the access patterns, the organization ended up developing 14,000 roles, and the average user had about eight. Note that if the problem is 9,000, the solution should not look like 14,000. Roles do work when they are broad and general, and can be superseded by effective detailed permissions. For instance, a retail bank might have a large number of tellers, all of whom have similar permissions. A junior teller has access to certain applications, and after a trial period may get access to more. But once you get outside the domain of very well-defined jobs, roles only get in the way. What is the proper role for a middle manager in a small enterprise who handles production one day, sets in on a marketing meeting the next, and gets call from a customer executive on the way to the meeting? Excessive role infrastructure only gets in the way. Six or seven should do it.
Why is this so hard? We have a nomenclature problem. What we do isn’t computer science (what scientific principles have we revealed)? And it isn’t software engineering (what engineering rubrics have we developed over the past fifty years?). Peter Naur preferred to call our field Datology – the logic of data processing. I want to build on that notion.
Identity management is the third order of computing. Initially we used computers for numerical calculations – and numbers are dimensionless. Twenty years later, we started using computers to handle physical parts. It was called Bill of Materials Processing. Parts have a lot of metadata around them – manufacturing date, maintenance history, serial number, etc. Identity management deals with people. People are more complex than parts – we change our characteristics over time: we move, learn things, get promotions, get married or divorced, enter new careers. This multidimensional and non-deterministic behavior means people demand more from computers than we have ever asked before.

A Bit of Security for July 24, 2024
The second hard problem for identity management begins with roles but leads us to a deeper issue: How we incorporate new forms of computation into our businesses and social lives. Identity Management is the third generation of computing.
Listen to this -
Let me know what you think in the comments below or at wjmalik@noc.social
#cybersecuritytips #IDM #RBAC #RBOC #AI #computing #datology #BitofSec