Reframing of ILM section of IPSIE levels #43
Comments
|
Agree with the above — in particular the onboarding / offboarding / mover (changes) vibe. Once you start calling things IGA, then you encompass ILM and other things like audit of the provisioning (or deprovisioning) actions — something that likely starts at a higher level. (but it fundamental for most enterprise use cases.) |
|
@aaronpk and I spoke about this last week. I have tried to reframe the levels to ensure the focus is on what is supported by the RP/apps, not the IdP / enterprise directory. The changes in #41 (specifically 0df8b82) begin the process of addressing this by framing the orientation of the controls as RP centric. Does this change start to address your concerns @derrumbe and @sbroddy? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
On the IPSIE levels page, the section titled Identity Lifecycle Management [ILM] is rather silent on traditional ILM issues.
For instance, it is silent on issues such as:
User provisioning (including role provisioning) is arguably more appropriately in the Identity Governance and Administration [IGA] wheelhouse. If the ILM section of that levels doc is more targeted towards traditional parts of IGA, shouldn't it be reframed as such?
This also identifies certain gaps in the levels as they stand now, for instance interoperable signaling of a user name change from the IdP to the RP, and expected behaviors of RPs to accommodate the inevitability of non-static user data. Also, related interoperability issues such as primary user identifiers between IdPs and RPs. (e.g. is email address a suitable primary user identifier or not)
The text was updated successfully, but these errors were encountered: