Terms
For the purposes of this topic (and the referenced documents) the following terms are defined:
Governance
Policy
Stakeholder
Overview (problem description)
While Identity Management has always had an underlying need for a governance body to make decisions on policy around who should have accounts, how often to force a password change or what resources or applications can be accessed by an authenticated user, IAM Governance has become much more "critical" in the last few years as the scope of this field has expanded to include "Access Management". Centralized authorization capability or at least the value-added feature(s) of assigning roles, groups and entitlements to subjects has pretty much required that institutions form groups of stakeholders to decide what "roles" are defined or how affiliates are classified, and subsequently what services these different populations get access to. Even though the decision of who/what gets access is usually left up to the resource owner, the decision is more frequently being based on attributes provided by an Identity and Access Management System (IAMS).
This site will highlight how some universities have implemented IAM Governance to provide guidance and support (Policies) to the technology implementors of IAM components and systems, in an effort to provide a framework and tools (presentations, peer institution examples, etc.) to assist those institutions struggling with implementing their own IAM Governance.
*** See Notes from ACAMP 2010 - IAM Governance session
Use Cases (examples)
Policy & Regulations
Requirements
Standards
What type of standards apply?