Venn and the art of Identity Relationship

Management

Using diagrams to save your identity bacon

Robert Lapes

• 30 years experience in I.T.• 10 years of identity program

assurance• Head of IAM Advisory Services• Capgemini UK’s IAM practice• 120,000 staff in 40 countries• 200+ identity specialists worldwide

Agenda

1. IRM context2. Why diagrams?3. What diagrams?– Identity– Relationships– Management

4. Summary and questions

context

IRMis the new

IAM

IRM’s four business pillars

1. CONSUMERS and THINGS over employees2. ADAPTABLE over predictable3. TOP LINE REVENUE over operating

expense4. VELOCITY over process

IRM’s four technical pillars

1. INTERNET SCALE over enterprise scale2. DYNAMIC INTELLIGENCE over static

intelligence3. BORDERLESS over perimeter

4. MODULAR over monolithic

scale complexityadaptable

dynamicbigger faster

connected diverse

decentralisationnon-linearity

IRM

Scale

Complexity

IxMInternet

Why diagrams?

We learn mainly by sight

Sight Hearing Touch Smell Taste0%

10%

20%

30%

40%

50%

60%

70%

80% 75%

13%

6%3% 3%

We can process large amounts of visual data

Writing is a recent invention

identity diagrams

Georg Hegel

PhilosopherNewspaper editorHeadmaster1770 – 1831

Hegelian Dialectic

Georg Hegel

“Identity is the identity of identity and non-identity.”

particularity

universality

individuality

• " CryptographerPrivacy expert

b. 1973 Canada

Inventor of the “Nymity Slider”

Prof. Ian Goldberg

• "“Privacy and national

security are like opposite ends of a

slider,“

• " "Technology is like a magnet that allows

individuals to pull that slider back toward

themselves.“

The Nymity Slider

John Venn

TheologianLogicianCricketer1837 – 1923

Inventor of theVenn diagram

Similar to Euler diagram

Business Partners

Anonymous

CustomersMyAccount

relationship diagrams

Prof. Jiro Kawakita

AnthropologistMountain climberPlant collector1920 – 2009

Inventor of theAffinity diagram

“Let the facts speak for themselves”

•Too many facts or ideas in apparent chaos• Issues are too large and complex to grasp •Group consensus

KJ Method or Affinity diagram

Prof. Peter Chen

Computer scientistInventor of the Entity-Relationship modelb. 1947

“Entities and relationships are a natural way to organize physical things as well as information … “

“… The ER concept is the basic fundamental principle for conceptual modelling. It has been with us since thousands of years ago and will be with us for many years to come.”

Entity–relationship model

2 Registrar5 Attribute Authority

Registers for identity

Issues identifier

Enrols for service

Assur

ance

4 Credential Authority

Asserts access claim

Issues credential

Authe

ntica

tion

Provides service

Circle of Trust

Authorisation

1 Policy 6 Governance

Subject

Identity service

Authentication service

Reliant party

Access service

2 Entity3 Service

or Resource

Prof. Shigeru Mizuno

Quality management guru

Inventor of matrix diagram

Matrix diagram

4

3

2

1

0

Minimal

Minimal

Minimal

Minimal

1

Low

Low

Low

Minimal

2

Moderate

Moderate

Low

Minimal

3

High

Moderate

Low

Minimal

4

Str

ength

of

Regis

trati

on

Strength of Authentication Mechanism

Matrix diagram

Source: Eve Maler

Matrix diagram

SAP Microsoft IBM

Security strong positive strong positive strong positive

Functionality strong positive neutral positive

Integration positive positive positive

Interoperability positive neutral positive

Usability positive neutral neutral

Innovativeness positive neutral positive

Market Position positive strong positive strong positive

Financial Strength

strong positive strong positive strong positive

Ecosystem positive strong positive strong positive

Matrix diagramTOGAF Policy

Entities & Identity

Resources & Assets

Authentication & Credentials

Authorization & Access

Operation & Governance

1 Vision

2Business Architecture

3Information System Architecture

4Technology Architecture

5Opportunities & Solutions

6Migration Planning

7Implementation Governance

8Change Management

9 Requirements

Y-Matrix Diagram

management diagrams

Dr W. Edwards Deming

Father of modernquality control

Quality management

guru

1900 - 1993

“It is not enough to do your best; you must know what to do and then do your

best.”

The Deming Cycle

The Deming Cycle

Do

Check

Act

Plan

PolicyReview

EntityReview

ResourceReview

Authentication

Review

AccessReview

Governance&

OperationalReview

Entityscope

Collection and

consolidation

Verificationand

validation

Reconcile &remediation

Authoritativeentities

Resourcescope

Impact analysis

Resource classificatio

n

Classification

remediation

Authoritative

classification

Enrolment and

authorisation scope

Collection and

consolidation

Mapping andvalidation

Reconcile and

remediation

Authoritativeaccess control

Contextscope

Workflow and event collection

Context analysis

Review and certify

Authoritativecontext

Identifier andcredential

scope

Collection and

consolidation

Mapping andvalidation

Reconcile and

remediation

Authoritative identifiers

and credentials

Policyscope

Collection and

consolidation

Policy review

Policyremediation

Authoritativepolicy

Matthew Henry Phineas Riall Sankey

Engineer 

Introduced the first energy flow diagram

1853 – 1926 Ireland

Internet traffic 2010

summaryand

questions

scale complexityadaptable

dynamicbigger faster

connected diversedecentralisation

non-linearity

IRM is the new IAM

Why diagrams?

• Data can be hard to understand especially in written form.

• Diagrams help us understand complex data and information and identify complex relationships.

• We learn better visually.

These people developed diagrams to make life easier

to understand

Thank you

Contact information

Insert contact picture

Robert LapesIdentity Architectrobert.lapes@capgemini.com

Capgemini UK | Bristol (Toltec)Tel: +44 0 870 194 6658

Insert contact picture

Andrew CritchleyIAM Proposition Lead andrew.critchley @capgemini.com

Capgemini UK | SaleTel: + 44 (0)7891 154281