OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

id-cloud message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [id-cloud] Just In Time User Account Management

As you'll see from my use cases I've not directly addressed any of the 
specifics of JIT provisioning.  To be honest, I'm not so concerned with 
how JIT-P gets done, I'm a lot more concerned with being able to monitor 
and understand what got created when its finished...

 From an Identity Governance perspective, I'd certainly like to get a 
notification when JIT-P happens at a managed service point.  I'd also 
want to be able to understand the rules that permit/enable any form of 
dynamic entitlement assignment during the automated process.

Really it all comes down to being able to answer the question "who 
should have access to what" and "who does have access to what" and any 
given time.  I'll add something to my use case doc post today's meeting.

Darran



On 11/29/10 11:47 AM, Anil Saldhana wrote:
> I see that Darran broaches this topic of Account Management in his use 
> case submission.
>
> On 11/29/2010 09:06 AM, Anil Saldhana wrote:
>> Patrick/Darran,
>>   do we have any further text on the challenges in JIT Account Mgmt?
>>
>> Regards,
>> Anil
>>
>> On 10/01/2010 09:38 AM, Anil Saldhana wrote:
>>>  Hi All,
>>>   I think it makes sense to open this discussion on a broader sense 
>>> to incorporate all aspects of Provisioning - Push/Pull, JIT etc.
>>>
>>> I invite Darran Rolls and Robert Cope to participate in this thread 
>>> (along with Patrick). Others interested in the topic of provisioning 
>>> are welcome to share experiences/thoughts.
>>>
>>> Regards,
>>> Anil
>>>
>>> On 07/27/2010 03:01 PM, Anil Saldhana wrote:
>>>>  Hi All,
>>>>   yesterday, during the TC meeting, there was some discussion on 
>>>> "Just In Time" User Account Management.  Patrick Harding (Ping 
>>>> Identity) did not want to call it "Provisioning" but said it is 
>>>> "JIT" account management.
>>>>
>>>> One other mention of this JIT in practice is found in Chuck 
>>>> Mortimore (Security, Salesforce.com)'s presentation
>>>> http://theoddbit.com/me/presos/cis2010/
>>>>
>>>> Sorry you have to go through the entire presentation to get to the 
>>>> slide with JIT information.
>>>>
>>>> I hope Patrick and MattR (IBM) can carry this discussion on this 
>>>> email thread. :)
>>>>
>>>> Regards,
>>>> Anil
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]