What’s it about (under construction)
Why IAM73?
It’s not my age, nor my year of birth, but IAM is my main focus and 73 is just a nice palindrome. In BINARY quotation 73 is like 1001001, it does not matter if you read it from right to left of vice versa. Also in OCTAL, 73 is a palindrome, 111 OCTAL is 73 DECIMAL. 73 is the 21st prime number. Its mirror (37) is the 12th and its mirror (21) is the product of multiplying 7 and 3.
Nice, isn’t it.
So, that is why I called it IAM73.
IAM is a discipline that consist of actual two things; Identity Management and Access Management. Other abbreviations shown in this realm are IAG, Identity Access Governance, and many others. Management of identities, which are digital representations of natural persons or devices (which almost always include a person) starts with the administration of either employees or customers. Although a slight distinction exit between these two groups of users, setting up a sound repository is key.
The difference between these two populations has been nicely shown by one of my guru’s; Ian Glazer. He showed a picture of the good old Eagles album; Hotel California and stated; ‘you can check out any time you want, but you can never leave‘ as that is actual the case with Customer IAM, or CIAM for short. Companies that sell goods or services to customers, or consumers will try to keep you for as long as possible in their repository.
In the employee realm more action is to be seen in the so-called JWL; or Join, Work Leave process. Employees will move from one department to another, and probably leave companies sooner than customers at a web shop.
This Join, Work, Leave process is one of the most important processes in the IAM realm, joining is about getting onboard of a company as a employee or as a customer at a service provider or web shop. The actual identity, the natural person will get a digital representation in a repository (database or directory service) and one could say, its digital journey commences. By deploying so-called identity managers (systems), the digital identities can be provisioned to other systems if needed.
To enable Access, so-called Access managers need deployment. These systems can arbitrate, based on roles, rules or attributes if an identity has access to a (target) system or not. Furthermore, it will make a decision on what level of access will be granted to the identity in the target system. However, all depends on the ability of the applications which must be aware and understand these rules provided.
In this JWL process, most labour will be in the Work cycle. Identities will gain other access or be declined access based or their level in the workforces. Known methods of granting access is by use of ‘roles’, which are actually just common groups in the identity repository. This method is actually becoming obsolete and will be partly replaced by attributes of an identity.