WordPress taunts me every time I log in with the draft of a post I’ve been meaning to complete for quite some time that explains the general concepts around Identity Management, provisioning, role mining and so on. It’s intended to be a precursor to further more in-depth posts on various aspects of the topic. I never seem to manage enough time to finish it, so until then, a video!
At work we’re almost done with our first deployment of Sun Identity Manager. Personally, I’ve found it a good product to work with. I like Sun’s approach to deployment – the base system deploys as a Java WAR file that installs into Tomcat, Glassfish, etc, and it’s pretty easy to connect it to your first set of resources for provisioning. The workflow and forms design are a bit more of a challenge, using an XML-based functional language, XPRESS, and that takes a bit of getting used to, but is amazingly customisable.
Some while ago I was invited to a Sun technical day, at which I saw a demo of some SunRay thin-client appliances that link to the Sun Secure Global Desktop (SGD) product. If you’re familiar with Windows Remote Desktop, it works like this from a user’s point of view, except a bit more powerful. Stick your smartcard in the SunRay and connect to your desktop (Windows, Linux, whatever) running on a VM in a data centre. Go home from work, visit a web-based version and fire up the same desktop.
A couple of guys at Sun have put together a demo of how SGD, OpenSSO and Identity Manager can work together, dynamically creating whole new instances of desktops at a user’s request and giving the appropriate access, then killing it all off again when HR deactivate your account.
I think it’s a pretty cool explanation of how these sort of systems can hang together – for many organisations this could represent a huge saving in user administration, desktop provisioning, and even hardware.