Case Study

Corralling Identity Management

  • By Dian Schaffhauser
  • 08/22/08
The University of Texas Health Science Center at Houston recently reconstituted its IT organization to include a new team focused solely on identity management. In the course of its work the team may end up becoming a model for how identity management can help deliver business value beyond standard IT duties, such as adding new users to the network.

William Schneider, identity management team lead, said the purpose of his group is to manage the identity and access infrastructure, which consists of multiple ID management systems, many of the enterprise directories, and the Center's public key infrastructure.

Individuals within the HSC community, which includes about 3,775 students and a staff and faculty of nearly 4,440 in eight different schools, may go through multiple roles during their time with the Center. A student, for example, may achieve an MD, then transition into a residency and perhaps eventually become a member of the faculty. Often the same person may be an employee, faculty member, and student simultaneously.

"The identity management system ties all that together," said Schneider. "It makes it such that you could have the same e-mail, password, and inbox throughout that entire lifecycle."

The Center has five "systems of record": the human resources system, which resides in PeopleSoft; the student information system, maintained in a DB2 database running a mainframe emulator on the front end; a resident system, called Graduate Medical Education Information System (GMEIS), basically, an HR system that does evaluations, duty hours, and rotations and scheduling; an HR system for the Faculty Practice Plan for the Center's physicians; and a guest database for anybody not in any of the other four categories.

A First Attempt at Identity Management
In the past, that wealth of data from multiple sources posed several challenges. There was no simple way to know which data store to use when a person was maintained in more than one. Likewise, it was hard to reconcile those five systems in order to do a match to determine if an individual in one was the same as the individual in another.

Comments

Wed, Dec 31, 2008 Will Schneider

As noted in the article, that evaluation took place about 5 years ago when product suites were different. My comments are intended to, at a very high level, clarify why we made our product choice at that point in time. While it is prudent to periodically review other technology, there has been nothing missing from the Novell suite that would compel us to switch to another vendor. Their products continue to lead the pact in most independent reviews of IdM suites.

Tue, Dec 30, 2008 Phil Hotaling Denver, CO

This article does not accurately represent Sun’s product or capability. As a premier business partner with Sun Microsystems, we have successfully implemented over 45 IdM implementations at Higher Ed institutions around the country. We are Identity Management experts and well versed in Sun’s product suite as it is the only product we implement. The article quotes Mr. Schneider saying “The Sun product required that "you had to write Java classes to do anything, and it was based on a virtual directory structure. You wouldn't actually synchronize the data," he said. "We wanted these directories to stand on their own if something got knocked off in between." To the contrary: 1)Sun Identity Manager does not require writing Java classes to configure 2)A virtual directory is not required 3)Sun Identity Manager can & does synchronize data across multiple systems and is programmed according to the customer’s need In summary, Mr. Schneider and/or his colleagues are misinformed about the Sun IdM product’s functionality and capability. I would respectfully ask that you contact me or anyone at AegisUSA to learn and understand more about the Sun product in the future. We would be happy to demonstrate the functionality and clear up any misunderstanding that exists. Phil Hotaling Director of Business Development phil.hotaling@aegisusa.net 303-222-1208 Office 303-596-9422 Cell www.AegisUSA.com We are the Identity Company

Add your Comment

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above