6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Maria Semmelrock-Picej et al.<br />
3. Application case identity federations<br />
3.1 User requirements<br />
Prior to the introduction of the Identity Management System (IDMS) in 2005, access information on<br />
file shares, computers and accounts was distributed to several systems like Active Directory, SunOne<br />
and other applications. Those systems worked independently and there was no mechanism available<br />
to guarantee consistent data (e.g. departments, cost center, phone numbers and names of persons),<br />
based on the delivery from designated master systems, throughout the different systems deployed in<br />
the company. Thus, helpdesk support was required frequently.<br />
Therefore Infineon introduced the IDMS to have a mechanism at hand to collect data from different<br />
master systems, combining the necessary data to digital identities and distribute and enforce this<br />
identity information consequently throughout different directory services and applications. In order to<br />
improve the IDMS and to save the ROI, an automatic user provisioning system and RBAC has to be<br />
set up in a next step.<br />
The major function of provisioning is once a new identity enters the IDMS from the global HR system,<br />
an automatic workflow is triggered to its manager based on certain attributes (like location and<br />
manager information). The respective manager chooses the respective roles for the new employee<br />
and dependent on the request the necessary access to resources (accounts, groups, group<br />
memberships) is set by the IDMS (mostly no human interaction is necessary anymore). Thus, during<br />
the life cycle of the identity roles are added and removed and once an employee leaves the company<br />
access to his resources will be disabled completely. The last case is also called de-provisioning. A<br />
basic approach for provisioning (without a portal- and workflow solution) was developed and<br />
implemented at Infineon in 2007. The results are shown in (Obiltschnig 2007).<br />
Another issue which cannot be tackled exclusively by a centrally-organized IDMS is the collaboration<br />
with external partners. This topic has been deeply researched for more than two decades. Already<br />
started in the mid of the 1980s, research in this area is still ongoing. Wellknown and representative<br />
terms used for enterprise collaboration (alliances) are Virtual Organizations (Skyrme 2007),<br />
Networked Organizations (Lipnack and Stamps 1994) and Collaborative Innovation Networks [GL06].<br />
The so-called Virtual Team represents another well-known expression on the micro-level (Lipnack<br />
and Stamps 1997).<br />
A common sense of the mentioned concepts can be summarized by the following aspects (Lipnack<br />
and Stamps 1997):<br />
Independent people and groups act as independent nodes in a network,<br />
Are linked across conventional boundaries (e.g. departments and geographies)<br />
And work together for a common purpose.<br />
A collaboration has multiple leaders, lots of voluntary links and interacting levels,<br />
Is based on mutual responsibility, i.e. there is no hierarchical management structure but the<br />
involved individuals act as equal partners,<br />
And teams are readjusted or disbanded as needed.<br />
A successful collaboration requires the fulfillment of the following principles (Skyrme 2007):<br />
Each partner must contribute some distinctive added value for the corporation.<br />
Members must develop high degree of mutual trust and understanding. Thus, similar groups or<br />
even the same people will work together again and again.<br />
Projects or whole services should be the focus of the cooperation.<br />
In the run-up of a collaboration one has to define general rules of engagement in terms of inputs<br />
to the cooperation and rewards expected, though the momentum is lost if these are too formalized<br />
too soon.<br />
Members of the cooperation should recognize the need for coordination roles and either commit<br />
time to develop and nurture these roles or pay one of the members to undertake the coordination<br />
roles on behalf of them.<br />
244