I reread an article posted a few months ago by Mark Diodati titled "Rethinking Identity Management: Time to Erase the Tape?" and definitely suggest taking a look yourselves. The author posits that many of the common notions of the identity management do not fit into today's environment, especially with the relatively new issues of managing identity and access in cloud based applications.
This rethinking is necessary but will have consequences for those who have invested big dollars in IDM solutions or vendors who aren't adapting. Diodati asks four main questions that are still incredibly relevant and worth restating here:
- How do we provide identity attributes to applications when (and only when) they need them?
- How do we enable users to prove their identities while addressing privacy concerns and without needless repetition?
- How do we ensure that users have appropriate access to sensitive information and how do we prove it?
- How do we do these things in an agile, cost-effective manner?
So, with these questions in mind, how are you rethinking your identity management strategy?
Information on Tools4ever's approach to today's identity management issues can be found here: http://www.tools4ever.com/products/user-management-resource-administrator/features/