Comments for Marks IDM stuff http://identity-focus.com Identity Management in the Real World (and other random stuff) Mon, 21 May 2012 06:32:40 +0000 http://wordpress.org/?v=2.2.1 Comment on OSS IDM System - Some Thoughts by Gavin Henry http://identity-focus.com/2008/03/26/oss-idm-system-some-thoughts/#comment-457 Gavin Henry Fri, 28 Mar 2008 09:33:03 +0000 http://identity-focus.com/2008/03/26/oss-idm-system-some-thoughts/#comment-457 You could search against cn=accesslog using slapo-accesslog. Either way you'd need to write some code ;-) OpenLDAP already has meta directory capabilities (man slapd-meta) You could search against cn=accesslog using slapo-accesslog.

Either way you’d need to write some code ;-)

OpenLDAP already has meta directory capabilities (man slapd-meta)

]]> Comment on OpenSuse 10.2 Network install in 6 easy steps. by mabatche http://identity-focus.com/2007/08/16/opensuse-102-network-install-in-6-easy-steps/#comment-298 mabatche Fri, 15 Feb 2008 14:44:57 +0000 http://identity-focus.com/2007/08/16/opensuse-102-network-install-in-6-easy-steps/#comment-298 Baylink, Your right. Thanks for pointing that out. (been a while since I checked this one). I updated the link to point to the 10.3 miniboot CD. This should work for 10.2 as well. (although to be honest I have not confirmed this). I also just added a link back to the 10.2 CD.. im not sure why they moved it. Mark. Baylink,

Your right. Thanks for pointing that out. (been a while since I checked this one). I updated the link to point to the 10.3 miniboot CD. This should work for 10.2 as well. (although to be honest I have not confirmed this). I also just added a link back to the 10.2 CD.. im not sure why they moved it.

Mark.

]]> Comment on OpenSuse 10.2 Network install in 6 easy steps. by Baylink http://identity-focus.com/2007/08/16/opensuse-102-network-install-in-6-easy-steps/#comment-296 Baylink Fri, 15 Feb 2008 02:00:11 +0000 http://identity-focus.com/2007/08/16/opensuse-102-network-install-in-6-easy-steps/#comment-296 Almost correctly. For logistical reasons tonight, I want to install 10.2 on a machine without a DVD, which won't boot an USB DVD, and I have the 10.2 DVD here. So I need the miniboot iso, and it doesn't seem to be available from the SuSE wiki anymore. Your link to it, alas, is also broken and may, in addition, be stale (I typed all of this while waiting for the download to start :-). Almost correctly. For logistical reasons tonight, I want to install 10.2 on a machine without a DVD, which won’t boot an USB DVD, and I have the 10.2 DVD here.

So I need the miniboot iso, and it doesn’t seem to be available from the SuSE wiki anymore.

Your link to it, alas, is also broken and may, in addition, be stale (I typed all of this while waiting for the download to start :-).

]]> Comment on Role Based Access in the Enterprise by Ron Rymon http://identity-focus.com/2007/10/09/role-based-access-in-the-enterprise/#comment-227 Ron Rymon Fri, 25 Jan 2008 13:54:44 +0000 http://identity-focus.com/2007/10/09/role-based-access-in-the-enterprise/#comment-227 You point to quite a few very important aspects of role modeling, which I obviously agree to. I would like to comment on one of your points re 80-20. It is important that the roles cover 80% of the PRIVILEGES, not of the USERS. In every organization, there are many users that get "trivial" access rights. If you ONLY cover them then you have done nothing for provisioning automation. Unfortunately, in our experience, the 10-20 roles are enough to cover 80% of people, but by no means 80% of the access rights. I would also like to strengthen your point that there is no one-size-fits-all recipe for roles. Hence, you should indeed be suspicious of any vendor that comes and tells you that they can create the roles for you and in a hurry. Consider this: even if two organizations had exactly the same access rights, it may still be beneficial to create different roles structure for them. This is because an effective roles structure depends on the organizational structure, processes, practices, and even culture. Instead, we find it useful to precede role engineering with simulations of 10-20 different combinations of role engineering methodologies. We then see which methods are (a) intuitive to the organization, and (b) result in a good coverage of the privileges. Such simulation, supported by our pattern recognition technology, provides us with very important intelligence that tells us which role engineering approach is likely to be successful for this company. Enjoy... Dr. Ron Rymon Founder Eurekify - Privileges, Roles, and Policies http://www.eurekify.com You point to quite a few very important aspects of role modeling, which I obviously agree to.

I would like to comment on one of your points re 80-20. It is important that the roles cover 80% of the PRIVILEGES, not of the USERS. In every organization, there are many users that get “trivial” access rights. If you ONLY cover them then you have done nothing for provisioning automation. Unfortunately, in our experience, the 10-20 roles are enough to cover 80% of people, but by no means 80% of the access rights.

I would also like to strengthen your point that there is no one-size-fits-all recipe for roles. Hence, you should indeed be suspicious of any vendor that comes and tells you that they can create the roles for you and in a hurry. Consider this: even if two organizations had exactly the same access rights, it may still be beneficial to create different roles structure for them. This is because an effective roles structure depends on the organizational structure, processes, practices, and even culture.

Instead, we find it useful to precede role engineering with simulations of 10-20 different combinations of role engineering methodologies. We then see which methods are (a) intuitive to the organization, and (b) result in a good coverage of the privileges. Such simulation, supported by our pattern recognition technology, provides us with very important intelligence that tells us which role engineering approach is likely to be successful for this company.

Enjoy…

Dr. Ron Rymon
Founder
Eurekify - Privileges, Roles, and Policies
http://www.eurekify.com

]]> Comment on OpenSuse 10.2 Network install in 6 easy steps. by Deb http://identity-focus.com/2007/08/16/opensuse-102-network-install-in-6-easy-steps/#comment-45 Deb Mon, 22 Oct 2007 05:13:20 +0000 http://identity-focus.com/2007/08/16/opensuse-102-network-install-in-6-easy-steps/#comment-45 Thank you SO much. Finally someone has written it simply AND correctly! Thank you SO much.
Finally someone has written it simply AND correctly!

]]> Comment on OpenSuse 10.2 Network install in 6 easy steps. by Maan http://identity-focus.com/2007/08/16/opensuse-102-network-install-in-6-easy-steps/#comment-9 Maan Mon, 20 Aug 2007 14:45:17 +0000 http://identity-focus.com/2007/08/16/opensuse-102-network-install-in-6-easy-steps/#comment-9 about time someone wrote these, thanks mark about time someone wrote these, thanks mark

]]>