Maximizing the Value of Identity Management
Presentation first suggests as the basis for Identity management value model the usage of Identity transactions. Identity transactions is defined as sum of rights requests + sum of amounts of rights delivered. Additionally, each transaction is given a euro sum value which results into tangible value delivered by IDM.
The presentation next discusses the relevant parts of the role based access management model implementation that bring most value as based on the IDM value model. Discussed elements are e.g. different kind of approval flows, inherited membership approvals, privileges inheritance, delegated management of privilege and role structures, traceability of current permissions/permissions under approval or delivery/historical permissions, inheritance of the membership constraints in the role hierarchy, possibility to reconcile memberships with the target systems in case manual provisioning is used.