Harcey's Identity: Derrick Harcey's Weblog

I talk to a lot of people regarding Identity Management solutions in my position at Sun. Inevitably, during conversations there are terms which it becomes clear are not mutually understood by both parties as the same meaning. Usually when this happens, some time is spent describing "what do you mean by" xxxxx. Here are a few examples of some terminology overloading just in the Sun Identity Product portfolio (Sun Java System Directory Server, Sun Java System Access Manager, and Sun Java System Identity Manager): Role, Policy, Schema. This list is by no means comprehensive. There are of course many more terms, but these terms seem to be the ones which cause contention the most often.

The purpose of this entry is simply to demonstrate that seemingly simple terms can have different meaning in different contexts. A quick search on Wikipedia reveals a commonly accepted definition of these terms. Below I attempt a simple correlation to the Wikiepedia term and it's context in the Sun Identity products.:

Policy

Wikipedia Entry: A policy is a plan of action to guide decisions and actions. The term may apply to government, private sector organizations and groups, and individuals. The policy process includes the identification of different alternatives, such as programs or spending priorities, and choosing among them on the basis of the impact they will have. Policies in short can be understood as political, management, financial, and administrative mechanisms arranged to reach explicit goals.

Sun Product Use of this term:

• Sun Java System Access Manager: A policy defines rules that specify access privileges to an organization’s protected resources. A URL Policy is defined as a collection subject(s) (who, user, role, organization, etc.), resource(s) (what, URL, etc.), condition(s) (constraints like time of day or authentication level).
• Sun Java System Directory Server: A password policy defines things like password length, how often to require a user changes their password, when to notify a user that their password is about to expire, etc.
• Sun Java System Identity Manager: Account Policy, Password Policy, Dictionary Policy - Identity Manager policies set limitations for Identity Manager users by establishing constraints for Identity Manager account ID, login, and password characteristics.
• Sun Java System Identity Manager: An Audit Policy is the definition of account limits for a set of users of one or more resources.

Role

Wikipedia Entry: A role (sometimes spelled rôle) or a social role is a set of connected behaviours, rights and obligations as conceptualised by actors in a social situation. It is mostly defined as an expected behaviour in a given individual social status and social position.

Sun Product Use of this term:

• Sun Java System Access Manager: Access Manager Role (static or filtered) - A filtered role is a dynamic role created through the use of an LDAP filter.
• Sun Java System Directory Server: Directory Server Role - Roles are defined and administered like groups, but they provide more efficient grouping mechanisms for applications. Roles can be used in ACIs to control access to data.
• Sun Java System Identity Manager: Provisioning Role: A grouping of users which is primarily used to determine indirect provisioning operations. This includes which accounts to create for a user as well as what role based attributes to provision for the user. This includes the ability to create accounts in a specific order, and assign role approvers during provisioning
• Sun Java System Identity Manager: Administrative Role: A grouping of users which is used to assign delegated administration capabilities (what a administrator can do, ex: reset password) to an administrative user of the provisioning system.

Schema

Wikipedia Entry: A schema in general is a specific, well-documented, and consistent plan. The related word, scheme means a loosely described plan. The word schema comes from the Greek word "σχήμα" (skhēma), which means shape or more generally plan.

Sun Product Use of this term:

• XML schema: XML Schemas express shared vocabularies and allow machines to carry out rules made by people. This pertains to all 3 products in various places
• Sun Java System Access Manager
• Sun Java System Directory Server: An LDAP directory server uses schema to describe the object models which is used to store entries. Objectclasses are defined which include attributes (required and allowed). The type (string, integer, whether it can be multi-valued, etc.) of each attribute is also stored in the schema.
• Sun Java System Identity Manager: Database Schema - Identity Manager uses a database repository as part of installing the product the database schema must be imported.
• Sun Java System Identity Manager: Identity Manager uses agentless Resource Adapters to provision user accounts. Each Resource Adapter uses a schema to map attributes associated with a user to attributes which the provisioning system understands
• Sun Java System Identity Manager: Service Provisioning Markup Language (SPML) Schema - SPML uses a schema to map incoming SPML attributes (typically associated with a user) to attributes which the provisioning system understands