Thursday, February 05, 2009

Self-service de-provisioning

The always intriguing Pam Dingle has come up with what I believe is an entirely new feature for IdM systems - self-service deprovisioning!

In a typical self-service system, a user's accounts, authorizations, applications, etc. are pre-configured and are installed/activated the first time the user signs in. But in a post called Federated De-provisioning, Pamela extends this capability of self-service to the de-provisioning event. She describes it as:

"There is no reason why an authority could not return a set of claims at the time a terminated user attempts to authenticate to the Relying Party that says (a) do not authenticate, and (b) de-provision immediately. If the authority is set up to do so, the Relying Party is home free! The urgent use case has been taken care of (ie abuse), and the non-urgent cases can be dealt with at leisure, because the associated risk is dealt with. Who cares if it takes a month to actually delete the account, if you can guarantee that should the terminated user attempt to access the resource during that time, a real-time status check will occur and the termination will be discovered?"


Let's see who's first to market with this...

Labels: , ,

Comments: Post a Comment

© 2003-2006 The Virtual Quill, All Rights Reserved


[Powered by Blogger]