I was contracted to set up a managed PKI site for a client. We choose VeriSign Managed PKI. All in all VeriSign works well and is easy to set up. I was conducting some tests and hit a couple snags. I thought others would benefit if I documented them and provided a solution:
VeriSign Managed PKI - Enrolling for a Cert
After you have successfully generated a CSR (Certificate Signing Request); I used IIS to create the CSR and the enrollment process to create a certificate on VeriSign's website is straight forward. The questions that are asked are what you would expect.
The one catch -- like a misdirection in a crossword puzzle - I received an error message that read "Error 950b - Invalid State". Hmmm, I start thinking like a computer science guy -- is this an information processing state, a compatible state, or maybe something related to the state of the server?
Then in dawns on me -- oh, a state like in the United States!! I get it. I used the abbreviation for the state of Connecticut (CT) when I created my CSR and that is what VeriSign did not like; you have to spell it out -- so remember no abbreviations for the state in the CSR.
IIS - Installing the Certificate
After I figured out my "state" error and successfully submitted the certificate request, VeriSign then sent the certificate. Installation of the certificate was also somewhat straight forward except for a hiccup with IIS. In IIS, once you have the certificate from the CA you install it by selecting the "Complete Certificate Request" link.
However, in IIS 7.0 when you point to the file name provided by VeriSign you get an error of "Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created." Like any good MS developer, I took this in stride and tried again and got the error message "ASN1 bad tag value". At which point I was stuck. I happened to press F5 refreshing the screen and the server certificate was then presnted in the list box. This should be fixed in subsequent versions of IIS.
I hope this can help others when dealing with VeriSign mPKI and IIS.
-npv
Tuesday, August 18, 2009
Wednesday, June 24, 2009
Can Silverlight be This Cumbersome?
First off a confession - I am not a front end GUI designer kind of guy. I have traditionally left that to others on my projects but I have done some UI design in my career. Furthermore I am familiar with Flash development so when MS came out with Silverlight (SL) I was intrigued but did not pursue it in detail until recently. I was asked by a client, a Microsoft based enterprise, to do an evaluation of Silverlight for some rich web content development they had in mind. The goal was to determine how easily Silverlight was to work with and how well SL would integrate into their overall application architecture.
Silverlight 2.0 Set-up
No issues here. I am using VS 2008 on Vista and had no issues downloading or installing SL packages. I then created a a Silverlight project with the intent of creating a basic Silverlight page or two... then the fun began.
Silverlight Issues:
I open up the VS toolbox and attempt to drag a button onto the page and designer does not support that; come again?? I must have done something wrong.... check settings, scratch head, try again... no luck. OK, I am a real man but I will read the manual anyway.... everyone is having this problem -- no drag and drop.
To get the button on the screen you have to hand code the XAML. So I hand coded the button and a text box with of course the corresponding properties.
I did get this small app to work and developed a few more complicated examples as a Proof of Concept for my client.
Microsoft is also offering a free hosting solution for Silverlight applications as a way to test your SL apps. You can sign up for this by visiting: http://silverlight.live.com/. This site worked very well and I had my SL applications up and running for demo in no time.
My next attempt to deal with the cumbersome process of hand coding XAML was to try and port my project to MS Expression Blend with the hope that I could eliminate some of the issues faced in VS 2008.... but no. Expression Blend found all kinds of "errors" in the XAML that VS was fine with. I have since found other reports on the web that indicate that the XAML created in VS is not compatible across Microsoft products.
Navigation
Transitioning from page to page in a Silverlight application should be straightforward, after all we have been doing this with MS tools for a long time. Surprisingly, MS did not supply any built in navigational capabilities within Silverlight. Multiple user controls can be added to a SL application but there is no automated way to transition from one to another. SL does provide a HyperlinkButton control, its purpose is to link between HTML pages. If the user clicks on the HyperlinkButton control then the Silverlight application is unloaded and the user is directed to a new URL. If this new application is a SL app then a new instance of SL is started all over again. While this is cumbersome to code it's undoubtedly a performance problem as well.
A nice feature of Silverlight development is you do not require a separate design tool or different programming language for RIA development. Furthermore, the calling of server-side .Net code is much easier with SL than with Flash.
To address the XAML issues I am told to purchase VS Team Edition and things will work better.... oh well, maybe I will wait for the next version of Silverlight and in the mean time I will stay with CSS and Ajax.
Silverlight 2.0 Set-up
No issues here. I am using VS 2008 on Vista and had no issues downloading or installing SL packages. I then created a a Silverlight project with the intent of creating a basic Silverlight page or two... then the fun began.
Silverlight Issues:
I open up the VS toolbox and attempt to drag a button onto the page and designer does not support that; come again?? I must have done something wrong.... check settings, scratch head, try again... no luck. OK, I am a real man but I will read the manual anyway.... everyone is having this problem -- no drag and drop.
To get the button on the screen you have to hand code the XAML. So I hand coded the button and a text box with of course the corresponding properties.
I did get this small app to work and developed a few more complicated examples as a Proof of Concept for my client.
Microsoft is also offering a free hosting solution for Silverlight applications as a way to test your SL apps. You can sign up for this by visiting: http://silverlight.live.com/. This site worked very well and I had my SL applications up and running for demo in no time.
My next attempt to deal with the cumbersome process of hand coding XAML was to try and port my project to MS Expression Blend with the hope that I could eliminate some of the issues faced in VS 2008.... but no. Expression Blend found all kinds of "errors" in the XAML that VS was fine with. I have since found other reports on the web that indicate that the XAML created in VS is not compatible across Microsoft products.
Navigation
Transitioning from page to page in a Silverlight application should be straightforward, after all we have been doing this with MS tools for a long time. Surprisingly, MS did not supply any built in navigational capabilities within Silverlight. Multiple user controls can be added to a SL application but there is no automated way to transition from one to another. SL does provide a HyperlinkButton control, its purpose is to link between HTML pages. If the user clicks on the HyperlinkButton control then the Silverlight application is unloaded and the user is directed to a new URL. If this new application is a SL app then a new instance of SL is started all over again. While this is cumbersome to code it's undoubtedly a performance problem as well.
A nice feature of Silverlight development is you do not require a separate design tool or different programming language for RIA development. Furthermore, the calling of server-side .Net code is much easier with SL than with Flash.
To address the XAML issues I am told to purchase VS Team Edition and things will work better.... oh well, maybe I will wait for the next version of Silverlight and in the mean time I will stay with CSS and Ajax.
Wednesday, May 6, 2009
TrackMeNot - Obfuscation and Security
Our Searches Define Us
The Atlantic Monthly magazine recently published an article about Internet search privacy -- Atlantic Monthly May 2009; "Without a Trace" (http://www.theatlantic.com/doc/200905/web-tracking). This article got me thinking that it has become a fairly hot topic -- Internet search companies (Yahoo!, Google, MSN etc...) storing our search data, potentially correlating it with our identity, and using it to sell us stuff or handing it over to the government to determine if we have been thinking about doing something illegal. Back in 2006 the NY Times reported that it was fairly trivial task to tie a particular user to their searches that were saved and published by AOL. In the same article the DOJ (Department of Justice) is accused of coercing search companies into handing over search data.
TrackMeNot
Concern over the privacy of searches has lead to tools that will hide search results. TrackMeNot (TMN) is a software Add-on for Firefox that generates a series of fake queries to obfuscate the users real search intentions. TMN was created by Daniel Howe and Helen Nissenbaum both affiliated with New York University. From the TMN site, it is defined as:
The Atlantic Monthly magazine recently published an article about Internet search privacy -- Atlantic Monthly May 2009; "Without a Trace" (http://www.theatlantic.com/doc/200905/web-tracking). This article got me thinking that it has become a fairly hot topic -- Internet search companies (Yahoo!, Google, MSN etc...) storing our search data, potentially correlating it with our identity, and using it to sell us stuff or handing it over to the government to determine if we have been thinking about doing something illegal. Back in 2006 the NY Times reported that it was fairly trivial task to tie a particular user to their searches that were saved and published by AOL. In the same article the DOJ (Department of Justice) is accused of coercing search companies into handing over search data.
TrackMeNot
Concern over the privacy of searches has lead to tools that will hide search results. TrackMeNot (TMN) is a software Add-on for Firefox that generates a series of fake queries to obfuscate the users real search intentions. TMN was created by Daniel Howe and Helen Nissenbaum both affiliated with New York University. From the TMN site, it is defined as:
"TrackMeNot is a lightweight browser extension that helps protect web searchers from surveillance and data-profiling by search engines. It does so not by means of concealment or encryption (i.e. covering one's tracks), but instead, paradoxically, by the opposite strategy: noise and obfuscation. With TrackMeNot, actual web searches, lost in a cloud of false leads, are essentially hidden in plain view. User-installed TrackMeNot works with the Firefox Browser and popular search engines (AOL, Yahoo!, Google, and MSN) and requires no 3rd-party servers or services." http://mrl.nyu.ed/~dhowe/trackmenot/
Will TMN Work?
Creating noise in the communication channel would make the data mining problem more difficult but would it really stop someone from determining if you were doing something they needed to pay attention to; I don't think so.
Let's say you were interested in researching some illegal activity, such as car theft. In doing your research you used Google to search for something like -- "hot wiring cars", "easiest auto to steal". Now suppose TMN adds hundreds of innocuous false searches like "bird watching", "movie reviews" etc. This noise might bog down an analyst researching these queries using paper and pencil but would it stop a computer program analyzing millions of searches? No it wouldn't. Additionally, it wouldn't matter how many false queries were in the mix if I only cared about hits on "interesting" subjects like automobile theft.
Obfuscation is not Computer Security
Users who are serious about privacy will use an anonymization software product -- products such as: Tor, JonDo, or Anonymizer.
Will TMN Work?
Creating noise in the communication channel would make the data mining problem more difficult but would it really stop someone from determining if you were doing something they needed to pay attention to; I don't think so.
Let's say you were interested in researching some illegal activity, such as car theft. In doing your research you used Google to search for something like -- "hot wiring cars", "easiest auto to steal". Now suppose TMN adds hundreds of innocuous false searches like "bird watching", "movie reviews" etc. This noise might bog down an analyst researching these queries using paper and pencil but would it stop a computer program analyzing millions of searches? No it wouldn't. Additionally, it wouldn't matter how many false queries were in the mix if I only cared about hits on "interesting" subjects like automobile theft.
Obfuscation is not Computer Security
Users who are serious about privacy will use an anonymization software product -- products such as: Tor, JonDo, or Anonymizer.
Saturday, April 4, 2009
ASP.Net - Model View Conrtoller (MVC) Framework
Microsoft Download
Microsoft is providing a very useful download for creating MVC applications using ASP.Net 3.5 run time. The install is very straight forward and I did not experience any issues. I am using VS 2008 Professional Edition on Vista.
Get the download from Microsoft:
http://www.microsoft.com/downloads/details.aspx?FamilyID=53289097-73ce-43bf-b6a6-35e00103cb4b&displaylang=en
Model View Controller Pattern
The MVC framework has been used for a long time now. It was first defined in the late 70's but came into its own in the 1990's and is widely used today. It's a great way to separate business logic from the user interface. Do a quick web search should you need to convince yourself of the utlity of this pattern.
Using the Framework
ASP.Net MVC 1.0 -- with this framework Visual Studio will generate the inital code for the models, views, and controllers. Much of the code framework is in place for you and your job is to expand on that code.
I used the framework to quickly create a intranet application that a client needed to query a dB, retrieve rows, and allow the client to update that data. In very short order I had a well designed application -- becasue we all know a customer asks for a very quick thing and it then can take on a life of its own and pretty soon you have a large application that is around for many years -- that could be built upon later if need be.
Getting Started:
I would highly recommend checking out this site:
http://www.asp.net/learn/MVC/tutorial-21-vb.aspx.
It is an ASP.Net tutorial that takes you step by step through using the MVC framework. I had no problems setting up and using the framework. One thing I did change with this tutorial is I used SQL Server Enterprise Edition not Express because that was easier for me. The steps for using EE are pretty much the same as if you were to use Express.
Give it a try....
-npv
Microsoft is providing a very useful download for creating MVC applications using ASP.Net 3.5 run time. The install is very straight forward and I did not experience any issues. I am using VS 2008 Professional Edition on Vista.
Get the download from Microsoft:
http://www.microsoft.com/downloads/details.aspx?FamilyID=53289097-73ce-43bf-b6a6-35e00103cb4b&displaylang=en
Model View Controller Pattern
The MVC framework has been used for a long time now. It was first defined in the late 70's but came into its own in the 1990's and is widely used today. It's a great way to separate business logic from the user interface. Do a quick web search should you need to convince yourself of the utlity of this pattern.
Using the Framework
ASP.Net MVC 1.0 -- with this framework Visual Studio will generate the inital code for the models, views, and controllers. Much of the code framework is in place for you and your job is to expand on that code.
I used the framework to quickly create a intranet application that a client needed to query a dB, retrieve rows, and allow the client to update that data. In very short order I had a well designed application -- becasue we all know a customer asks for a very quick thing and it then can take on a life of its own and pretty soon you have a large application that is around for many years -- that could be built upon later if need be.
Getting Started:
I would highly recommend checking out this site:
http://www.asp.net/learn/MVC/tutorial-21-vb.aspx.
It is an ASP.Net tutorial that takes you step by step through using the MVC framework. I had no problems setting up and using the framework. One thing I did change with this tutorial is I used SQL Server Enterprise Edition not Express because that was easier for me. The steps for using EE are pretty much the same as if you were to use Express.
Give it a try....
-npv
Friday, January 9, 2009
Microsoft Data Access -- It's Getting Confusing
Well in actuality Microsoft data access has always been confusing due to too many choices. A decision theory paradox is that too many options causes decision paralysis and that has been the case with Microsoft data access methods for a very long time -- many will recall RDO, ADO, ODBC, and now we have LINQ, ADO.Net Core, ADO.Net Data Services Framework, ADO.Net Entity Framework .... Add to this that Microsoft and some other who may be just stirring the pot have published that LINQ may not be a strategic dirction for the Redmond Gods... What is an architect or development lead to do... ??
I have always found it difficult to read the tea leaves regarding technology direction. It would see that the best an architect can do is follow the advice provided by Microsoft in their Application Architecture Guide. This is part of the Pocket Guide Series collection. The use case based advice they provide is:
ADO.NET Core
Consider using ADO.NET Core if you:
• Need to use low level API for full control over data access your application.
• Want to leverage the existing investment made into ADO.NET providers.
• Are using traditional data access logic against the database.
• Do not need the additional functionality offered by the other data access technologies.
• Are building an application that needs to support disconnected data access experience.
ADO.NET Data Services Framework
Consider using ADO.NET Data Services Framework if you:
• Are developing a Silverlight application and want to access data through a data centric
service interface.
• Are developing a rich client application and want to access data through a data centric
service interface.
• Are developing N-tier application and want to access data through data centric service
interface.
ADO.NET Entity Framework
Consider using ADO.NET Entity Framework (EF) if you:
• Need to share a conceptual model across applications and services.
• Need to map a single class to multiple tables via Inheritance.
• Need to query relational stores other than the Microsoft SQL Server family of products.
• Have an object model that you must map to a relational model using a flexible schema.
• Need the flexibility of separating the mapping schema from the object model.
ADO.NET Sync Services
Consider using ADO.NET Sync Services if you:
• Need to build an application that supports occasionally connected scenarios.
• Need collaboration between databases.
LINQ to Data Services
Consider using LINQ to Data Services if you:
• Are using data returned from ADO.NET Data Services in a client.
• Want to execute queries against client-side data using LINQ syntax.
• Want to execute queries against REST data using LINQ syntax.
LINQ to DataSets
Consider using LINQ to DataSets if you:
• Want to execute queries against a Dataset, including queries that join tables.
• Want to use a common query language instead of writing iterative code.
LINQ to Entities
Consider using LINQ to Entities if you:
• Are using the ADO.NET Entity Framework
• Need to execute queries over strongly-typed entities.
• Want to execute queries against relational data using LINQ syntax.
LINQ to Objects
Consider using LINQ to Objects if you:
• Need to execute queries against a collection.
• Want to execute queries against file directories.
• Want to execute queries against in-memory objects using LINQ syntax.
LINQ to XML
Consider using LINQ to XML if you:
• Are using XML data in your application.
• Want to execute queries against XML data using LINQ syntax.
LINQ to SQL Considerations
LINQ to Entities is the recommended solution for LINQ to relational database scenarios. LINQ to SQL will continue to be supported but will not be a primary focus for innovation or
improvement. If you are already relying upon LINQ to SQL you can continue using it. For new
Rich Internet Application Architecture solutions, consider using LINQ to Entities instead. At the time of this writing, this is the product group position:
“We will continue make some investments in LINQ to SQL based on customer feedback.
This post was about making our intentions for future innovation clear and to call out the fact that as of .NET 4.0, LINQ to Entities will be the recommended data access solution for LINQ to
relational scenarios.”
Keep reading and keep watching...
'
I have always found it difficult to read the tea leaves regarding technology direction. It would see that the best an architect can do is follow the advice provided by Microsoft in their Application Architecture Guide. This is part of the Pocket Guide Series collection. The use case based advice they provide is:
ADO.NET Core
Consider using ADO.NET Core if you:
• Need to use low level API for full control over data access your application.
• Want to leverage the existing investment made into ADO.NET providers.
• Are using traditional data access logic against the database.
• Do not need the additional functionality offered by the other data access technologies.
• Are building an application that needs to support disconnected data access experience.
ADO.NET Data Services Framework
Consider using ADO.NET Data Services Framework if you:
• Are developing a Silverlight application and want to access data through a data centric
service interface.
• Are developing a rich client application and want to access data through a data centric
service interface.
• Are developing N-tier application and want to access data through data centric service
interface.
ADO.NET Entity Framework
Consider using ADO.NET Entity Framework (EF) if you:
• Need to share a conceptual model across applications and services.
• Need to map a single class to multiple tables via Inheritance.
• Need to query relational stores other than the Microsoft SQL Server family of products.
• Have an object model that you must map to a relational model using a flexible schema.
• Need the flexibility of separating the mapping schema from the object model.
ADO.NET Sync Services
Consider using ADO.NET Sync Services if you:
• Need to build an application that supports occasionally connected scenarios.
• Need collaboration between databases.
LINQ to Data Services
Consider using LINQ to Data Services if you:
• Are using data returned from ADO.NET Data Services in a client.
• Want to execute queries against client-side data using LINQ syntax.
• Want to execute queries against REST data using LINQ syntax.
LINQ to DataSets
Consider using LINQ to DataSets if you:
• Want to execute queries against a Dataset, including queries that join tables.
• Want to use a common query language instead of writing iterative code.
LINQ to Entities
Consider using LINQ to Entities if you:
• Are using the ADO.NET Entity Framework
• Need to execute queries over strongly-typed entities.
• Want to execute queries against relational data using LINQ syntax.
LINQ to Objects
Consider using LINQ to Objects if you:
• Need to execute queries against a collection.
• Want to execute queries against file directories.
• Want to execute queries against in-memory objects using LINQ syntax.
LINQ to XML
Consider using LINQ to XML if you:
• Are using XML data in your application.
• Want to execute queries against XML data using LINQ syntax.
LINQ to SQL Considerations
LINQ to Entities is the recommended solution for LINQ to relational database scenarios. LINQ to SQL will continue to be supported but will not be a primary focus for innovation or
improvement. If you are already relying upon LINQ to SQL you can continue using it. For new
Rich Internet Application Architecture solutions, consider using LINQ to Entities instead. At the time of this writing, this is the product group position:
“We will continue make some investments in LINQ to SQL based on customer feedback.
This post was about making our intentions for future innovation clear and to call out the fact that as of .NET 4.0, LINQ to Entities will be the recommended data access solution for LINQ to
relational scenarios.”
Keep reading and keep watching...
'
Wednesday, December 10, 2008
The Missing LINQ
I recently returned from a Microsoft training session for the data access technology called -- LINQ (Language Integrated Query). In short, I am impressed.
Ever since graduate school I have been thinking about and working through the issue commonly known as impedance mismatch. In software engineering impedance mismatch is the difficulties that arise between a programming language and the relational database system used to persist data. In an OO language there is disconnect between the language and the dB constructs. This mismatch occurs at various levels -- data structure, data types, data models, and the way in which the engineer programs in an OO language vs. SQL. This mismatch is exacerbated when you add additional data stores -- how we access a RDBMS is different than how we access LDAP, which is different from how we access XML, and they are all different from the language that we are programming in, VB.net for example.
The Missing LINQ
LINQ is not a new programming language. LINQ is integrated into the .net languages -- VB.net, C#. The beauty of LINQ is that once you learn its syntax and concepts the methods by which you access data are the same (or at least very similar) across data sources. This has two key benefits -- one, the language that you access the data source with is the same as the language you are programming in and two, disparate data sources are accessed using very similar syntax.
The diagram below provides an overview of the LINQ architecture. Click on image for clearer view.
Support in multiple .net languages integrate with LINQ.
LINQ engine provides interface between the programming language and the LINQ providers.
LINQ providers support multiple data sources so the developer can use the same concepts and syntax to access data stored in different formats.
Closer language integration means easier coding and testing.
Will LINQ Fly
As a technology LINQ is fabulous and will only get better. Will LINQ take hold with developers and IT departments? If you were developing a system from scratch you would be much more likely to use the technology, however the "L" word (Legacy Code) is bound to be an issue. As companies add LINQ to their technology toolbox their will be a point that adding another technology for data access will be just too painful. I would hope that architects and designers begin to steer their companies towards this compelling technology. I have a few customers that have dabbled with LINQ but as of yet I have not seen a big push to the technology... Time will tell.
Some books I have found helpful when learning LINQ are:
Programming Microsoft LINQ by Paolo Pialorsi and Marco Russo
http://www.amazon.com/Programming-Microsoft%C2%AE-PRO-Developer-Paolo-Pialorsi/dp/0735624003/ref=pd_bbs_sr_3?ie=UTF8&s=books&qid=1228942086&sr=8-3
ProLINQ: Language Integrated Query in C# by Joseph Rattz Jr.
http://www.amazon.com/Pro-LINQ-Language-Integrated-Windows-Net/dp/1590597893/ref=pd_bbs_sr_1_s9_rk?ie=UTF8&s=books&s9r=8a02b541179b7cc00117aa39be1302e0&itemPosition=1&qid=1228942086&sr=8-1
As more of my clients begin to use LINQ I will share my experiences.
Ever since graduate school I have been thinking about and working through the issue commonly known as impedance mismatch. In software engineering impedance mismatch is the difficulties that arise between a programming language and the relational database system used to persist data. In an OO language there is disconnect between the language and the dB constructs. This mismatch occurs at various levels -- data structure, data types, data models, and the way in which the engineer programs in an OO language vs. SQL. This mismatch is exacerbated when you add additional data stores -- how we access a RDBMS is different than how we access LDAP, which is different from how we access XML, and they are all different from the language that we are programming in, VB.net for example.
The Missing LINQ
LINQ is not a new programming language. LINQ is integrated into the .net languages -- VB.net, C#. The beauty of LINQ is that once you learn its syntax and concepts the methods by which you access data are the same (or at least very similar) across data sources. This has two key benefits -- one, the language that you access the data source with is the same as the language you are programming in and two, disparate data sources are accessed using very similar syntax.
The diagram below provides an overview of the LINQ architecture. Click on image for clearer view.
Support in multiple .net languages integrate with LINQ.
LINQ engine provides interface between the programming language and the LINQ providers.
LINQ providers support multiple data sources so the developer can use the same concepts and syntax to access data stored in different formats.
Closer language integration means easier coding and testing.
Will LINQ Fly
As a technology LINQ is fabulous and will only get better. Will LINQ take hold with developers and IT departments? If you were developing a system from scratch you would be much more likely to use the technology, however the "L" word (Legacy Code) is bound to be an issue. As companies add LINQ to their technology toolbox their will be a point that adding another technology for data access will be just too painful. I would hope that architects and designers begin to steer their companies towards this compelling technology. I have a few customers that have dabbled with LINQ but as of yet I have not seen a big push to the technology... Time will tell.
Some books I have found helpful when learning LINQ are:
Programming Microsoft LINQ by Paolo Pialorsi and Marco Russo
http://www.amazon.com/Programming-Microsoft%C2%AE-PRO-Developer-Paolo-Pialorsi/dp/0735624003/ref=pd_bbs_sr_3?ie=UTF8&s=books&qid=1228942086&sr=8-3
ProLINQ: Language Integrated Query in C# by Joseph Rattz Jr.
http://www.amazon.com/Pro-LINQ-Language-Integrated-Windows-Net/dp/1590597893/ref=pd_bbs_sr_1_s9_rk?ie=UTF8&s=books&s9r=8a02b541179b7cc00117aa39be1302e0&itemPosition=1&qid=1228942086&sr=8-1
As more of my clients begin to use LINQ I will share my experiences.
Wednesday, November 26, 2008
Roles Management or Identity Management – What comes first?
“What do we implement first, a roles management system or an Identity Management system?” I get asked this question frequently by clients contemplating a project to put order to their roles management and provisioning process. Unfortunately, like a lot of things in life the answer depends -- and it depends on a number of factors, some of which are:
A critical point to consider when choosing a direction is the trade off between a best of breed solution or a one vendor solution. Purchasing an IdM and Roles Management solution separately and integrating has some downside risks, such as integration costs and gottchs tend to rise.
Most companies look to a one vendor solution if they are in a green field situation. Some obvious one vendor solutions are SUN – use SUN Identity Manager and you get their newly acquired Vaau system for roles management. There is a similar solution option with Oracle and their
acquisition of BridgeStream.
Once you choose a vendor(s) direction the next critical question will be identity mapping process and which package (IdM or Roles Management) will become the reconciliation hub for identities and entitlements across the enterprise. My experience has been that this integration can be done in either tool but if you are planning to implement both IdM and Roles Management with separate packages I would architect the IdM act as the enterprise identity vault and be the source of record for the collected data.
These are a few of the items to consider in your IdM and Roles Management acquisition process.
- Your current situation – do you have some sort of system(s) in place already, what tools are you currently using and how well will with integrate with an IdM or roles solutions.
- Where are the current pain points – I have had clients starting out wanting an IdM solution only to change gears as analysis reveals that the current pain point is around roles.
- Green field – no systems online to perform these tasks – well this is a nice place to be and you have some choices (see below for standalone IdM vs. combined IdM and Roles Management).
- Budge Size: Poor Man’s IdM – I have had clients use a roles management system and make some integration enhancements to create a low end provisioning solution.
A critical point to consider when choosing a direction is the trade off between a best of breed solution or a one vendor solution. Purchasing an IdM and Roles Management solution separately and integrating has some downside risks, such as integration costs and gottchs tend to rise.
Most companies look to a one vendor solution if they are in a green field situation. Some obvious one vendor solutions are SUN – use SUN Identity Manager and you get their newly acquired Vaau system for roles management. There is a similar solution option with Oracle and their
acquisition of BridgeStream.
Once you choose a vendor(s) direction the next critical question will be identity mapping process and which package (IdM or Roles Management) will become the reconciliation hub for identities and entitlements across the enterprise. My experience has been that this integration can be done in either tool but if you are planning to implement both IdM and Roles Management with separate packages I would architect the IdM act as the enterprise identity vault and be the source of record for the collected data.
These are a few of the items to consider in your IdM and Roles Management acquisition process.
Subscribe to:
Posts (Atom)
