Information Technology Reference
In-Depth Information
Introducing LIMA
11
- A Different Architecture
for IAM
Loose Coupling - A Firm Foundation for IAM
We've mentioned before that a major failing of big-name vendor products is
the “tight integration” they feature. While “tight integration” means that
components snap together readily, it could also mean they won't work
without another component from the same vendor being present, or that
they won't talk to third party components at all. These “lock-in” and “lock-
out” consequences are the hidden costs of “tight integration”.
The LIMA approach is consciously the opposite. We look for ways to
decouple functions and retain the bare minimum functional dependency
between them that is justifiable. Loose coupling makes it just as easy to
“snap components together”, but without the “lock-in” and “lock-out”
disadvantages of proprietary interfaces. We have also learnt that
appropriate data design can be a very effective way to achieve such loose
coupling. We don't necessarily need a physical component to act as a
decoupling intermediary.
User Identity
User Identity is the fundamental concept we are dealing with in an IAM
system, and this can itself be treated in a decoupled manner with
appropriate thought and design.
Tip 1
: Identity references should be meaning-free
A major source of conceptual confusion comes from mistaking system
accounts for user identity. A user may have a login account name of 'jbloggs'
on a system, but this is just their identity
on that localised system
. It must
not be conflated with a more global identity for that user. Even the user's
login ID on the SSO server is not their identity, even though this is the
identifier that grants them access to a multitude of systems. Any system-
specific identifier is limiting because its scope is restricted.
11
The “IMA” part of LIMA stands for “Identity Management Architecture” of course,
but you can choose to interpret the “L” as either “Low-cost”, “Lightweight” or
“Loosely-coupled”, depending on whether your interest is economy, agility or
architecture for its own sake.
