What is identity management? That is a loaded question. Ask a dozen identity management professionals and you will get a dozen different answers.
I define it as such:
Identity is who you are, what you can do and what you can see. Identity management is what the organization knows about you, what applications and resources you can use, and how you access them.
I put this question to all of our customer facing staff, figuring that they are talking about this topic all day long from dozens of different perspectives. Two things immediately became clear, all of their definitions revolved around our solution AND that they all mentioned the word person (or people).
I am new at The Dot Net Factory, so EmpowerID's greatness hasn't yet biased my definition but it does give a real warning as you, the IT and identity professional, veer down the path of managing identities. Don't let the vendor define identity management for you. Think about what your needs are, what your business problems are, and get a solution that is right for you.
Which brings us to the second point: people. I always joke that a person is a person until they are hired, then they become an employee; once IT gets ahold of them they become a user; and then IT never deprovisions them and they are a user for life. Kind of dehumanizing.
But you cannot manage a user's identity. Because each person is multiple users. They are a user of Salesforce.com, a user of Exchange, a user of quickbooks, et cetera. A user has a department, a title, and a role; but each application they use, gives them a different role, has different identity information about them. Somehow you have to take all of those users and recompile them into a person.
I can't even say employee because you also care about the identities of your partners, customers, alumni, etc. Do not forget the person in identity management.
This is why you get a dozen disparate answers from a dozen different professionals. Because they have a dozen different definitions of a person and a dozen ways to compile that person.
Back to vendor bias, EmpowerID does it with a metadirectory and an RBAC and ABAC hybrid model. Our metadirectory creates a person object that is a compilation of all user accounts (even multiple AD accounts), allowing you to understand a person's identity and apply dynamic roles for access and authorization. Schedule a demo (once you have your own IdM definition! ).
Or take a look at our whitepaper on the RBAC / ABAC hybrid approach to enterprise authorization (what you can do based on who you are!).