Note: This is an out-of-context excerpt from work I am doing elsewhere.
This page is three of a series of three:
- IdEAs Business Architecture – Capabilities
- IdEAs – Production Model for Digital Identity
- IdEAs – Identity Information Management
Identity information management is responsible for the production of identity as a business asset.
It ensures that identity data is accurate, safe, controlled and appropriately available through technical and business services.
It defines the digital identity lifecycle and ensures that digital identity data reliably reflects the currents state of each identity holder’s relationship with the organisation.
Like any production task, once we know the business objects and services we want to produce, we can define Identity Information Management through it’s objectives and activities.
- Privacy compliance.
- Identity data quality.
- civil to digital
- new to existing
- Life-cycle maintenance:
- Security of identity data.
- Identity data services.
- Reconcile identity data from systems of entry.
- Manage exceptions.
- Synchronise identity data to consuming systems.
- Record assurance levels.
- Manage the creation and use of identity attributes.
- Publish identity data services.
- Provide security for identity data.
When can then use a basic production model to plan and organise how we achieve these outcomes.
We can adequately specify the production of digital identities without reference to either specific technologies or problems allocated in other functions.
Tthere is nothing ‘special’ about this function from a technology point of view. All of the production activities for this function can be adequately implemented as a use-case for enterprise information management and integration – without expensive specialised connector technologies.
Generally it is the habit of binding the production of identity to the production of cohorts and access tokens that drives up the cost of identity systems.
If functional partitioning for Identity Information Management were further extended to a system-of-record identity store, factored out of data stores for authentication services, an organisation would simplify the implementation of adaptable access control and heuristic management of cohorts. Likewise it would allow strong separation of concerns at the platform level and better ensure compliance in privacy-sensitive environments.