Previous PDF

swipe to navigate


Policy-based provisioning is a business process with a set of supporting technologies. It classifies users based on their position in an organization, and supporting attributes that describe users. It defines roles as collections of pre-defined kinds of access to information systems and other I.T. infrastructure. Policies are designed to automatically attach users to roles based on their dynamic classification.

This document illustrates why policy-based provisioning, though appealing in theory, is impractical to implement in enterprise-sized organizations. It then describes alternate solutions that can be successfully deployed in such organizations.

The remainder of this document is organized as follows:

  • Policy-Based Provisioning:

    A description of the basic process and technology of policy-based provisioning.

  • Theory and reality:

    Practical considerations that limit the scalability and deployability of policy-based provisioning processes and tools.

  • Where Policy-Based Provisioning Does Work:

    Scenarios where policy-based provisioning can be made to work.

  • Role-based access control:

    How the difficulty of deploying a policy-based provisioning solution impacts the ability to implement role-based access control in a heterogeneous environment.

  • Simplified provisioning solutions:

    How simpler provisioning technologies deliver more useful results (i.e., are scalable and deployable) by solving a more tractable problem.

  • Conclusions:

    A summary of this paper.

  • References:

    Supporting materials.

Previous PDF

Comment via LinkedIn