Tuesday, November 20, 2007

A white paper on "Role Engineering"

This blog has also been set up to pass along supporting documents from people working at Engiweb Security, to send news and get feedback from the IAM community. So.....

My colleague Alessandro Colantonio has just released a white paper entitled “Cost-driven approach to role engineering”. You can download a copy here.
"Cost-driven" is the philosophy that inspires Engiweb Security's “Role Constructor” module.

In general most proposed methodologies lack a formal metric to capture the “interest” or “quality” of proposed roles. To address this problem, Engiweb Security's role discovery tool can identify a role-set that minimizes the administration cost, by measuring and evaluating cost advantages during the entire role-set definition process.

Various elements can influence the administration “cost”:

  • Number of roles, role-to-user assignment, role-to-permission assignment and hierarchical relationships;
  • Business process and activity modeling;
  • SoD constraints, Temporal constraints, Cardinality constraints, etc.;
  • User attributes (organizational unit, business function, physical location, etc.);
  • Actual usage frequency of IT resources, …….

Furthermore, the developed algorithm can easily be scaled to manage huge RBAC role engineering tasks, such as those usually encountered during a large Identity and Access Management projects.

Alessandro will better describe our approach, speaking at the “The 23rd ACM Symposium on Applied Computing” to be held in Fortaleza, CearĂ¡, Brazil, March 16 – 20, 2008.

2 comments:

doppiafila said...

Hi Gregory, very nice initiative! I´ll be following this space. Regards, Doppiafila

control valves said...

I believe construction of such projects requires knowledge of engineering and management principles and business procedures, economics, and human behavior.