Identity Risk Management Leader Jumpstarts Industry Initiative to Standardize Role Exchange

AUSTIN, Texas, June 18, 2008 – SailPoint Technologies today issued an open call for the development of a new standard that addresses the need to integrate roles and role models between tools and systems. The goal of this initiative is to bring the identity management community together to define role interoperability standards that will solve difficult integration problems and simplify role-based governance across diverse identity infrastructures. An interactive forum has been created at www.openroleexchange.org to organize the industry effort and to facilitate the collaboration needed to define the model and foster adoption of the new standard.

In order to address the need for role-based governance today, organizations must invest significant time and money building and deploying custom integration between the various role models throughout the enterprise, including provisioning, entitlement management, network access control and business applications. The result is an expensive, brittle, and complex role model system that is difficult to deploy and hard to maintain. If a standard model for role exchange were available, organizations could avoid custom integration and immediately benefit from effective oversight and policy enforcement based on a centralized role management.

Mike Neuenschwander, general manager of Mycroft Inc.’s strategy practice, puts it this way: “Large organizations need to leverage roles across their vast, diverse, and complex IT infrastructures. But today, the concept of ‘roles’ is contextual and nuanced. Organizations grapple with applying policy to organizational roles, business roles, functional roles, IT provisioning roles, resource roles, etc. If roles are to be applicable at a broad scale and across business boundaries, some forum needs to take up the difficult discussion around role interoperability.”

“Role interoperability is a pervasive issue for companies addressing identity governance,” said Darran Rolls, SailPoint’s CTO. “As an identity management community, I believe it’s our responsibility to define a standardized operational exchange model for roles. This effort will reduce the need for custom integration and will lower the cost and complexity of deploying and maintaining integrated role-based systems.” Rolls is a identity management standards veteran, having served as the chair of the OASIS Provisioning Services Technical Committee where he led a two-year industry effort to develop the Service Provisioning Markup Language (SPML) specification.

To foster collaboration around the call for role exchange standards, SailPoint is encouraging live debate at the Burton Catalyst Conference June 23-27 in San Diego, and will host an interactive webcast on July 16th. Companies and individuals interested in participating can go to www.openroleexchange.org, an open forum designed to facilitate an interactive dialogue. The forum also features technical information on the need for a role exchange standard, and will provide updates on the effort moving forward.

The Open Role Exchange seeks to provide a forum to discuss the requirements for role interoperability and to identify areas where new standardization is needed. In an open letter to the industry, Rolls suggests that the industry should begin by addressing five key requirements for role interoperability:

  • A Common Exchange Format to describe the role-based access control (RBAC) structure and control rules between systems;
  • Query and Exchange Operations so that structure, allocation and usage requests can flow between systems;
  • Change Control and Delegated Administration to determine how systems can extend or modify a shared model;
  • A Role Mapping and Resource Referencing scheme; and
  • A Common State Model for shared RBAC systems.