Role-Based Access Control (RBAC) has been around for decades. It is both loved and hated. Over the years many newer access control models tried to improve on RBAC. Many of these developments focus on making the model more flexible. Attribute-Based Access Control (ABAC) is perhaps the most prominent model in this category. Quite recently there Read more about RBAC and ABAC[…]
Yet another year is over. 2016 was an incredibly busy year for midPoint. Lots of new midPoint deployments and projects. But most importantly the midPoint itself has significantly evolved. MidPoint is firmly based in the identity governance now. First half of 2016 produced midPoint 3.4 “Heisenberg”. Heisenberg includes a lot of new features. But one Read more about midPoint in 2016[…]
Identity management is both art and science. It may look completely deterministic. But too often there are cases that cannot be completely automated and encoded by rules. Sometimes there are cases that nobody expected. Good identity management system should be able to handle even those situations. […]
Evolveum midPoint is a very comprehensive system. It can manage identities, roles and organizational structures. Simply speaking it can manage anything that is at least marginally related to the concept of identity. Yet until quite recently support for one broad area was missing and it was added in midPoint 3.4. Now midPoint can also manage Read more about Services and Things[…]
Sun Identity Manager a.k.a. Oracle Waveset is a software product at the end of its lifecycle. Yet many organizations still operate Sun IDM solution because they haven’t found any reasonable migration path. But now there is a migration path that leads to the most comprehensive open source IDM solution: Evolveum midPoint. In the previous two posts I have described the obstacles and motivation of Sun IDM migration. It is quite clear that major migration obstacles are the cost and the risk. However, we have successfully addressed both of these obstacles. The cost is addressed by the unprecedented deployment efficiency of Evolveum midPoint. Yet it is the risk that is usually the worst issue for any migration of any software system. But due to the flexibility of Evolveum midPoint we have managed to keep migration risk at a very acceptable level. And this post describes the details of our solution. […]
Sun Identity Manager is a king that has fallen. It is now called Oracle Waveset and it is as good as dead. Yet there are still many Sun IDM installations that hesitate with the migration. One of the major concern is the cost of the migration project. But as I have written in the first Read more about From Waveset to midPoint, Part 2[…]
Back in 2000s the Sun Identity Manager was the king. It was the best IDM product pursuant to Gartner. It had a good market share. And according to my experience it was actually the only practical IDM system on the market. Sun Identity Manager is now dead. It died in 2010 when Sun Microsystems was acquired by Oracle. Sun IDM was renamed to Oracle Waveset and the development of the product has been immediately stopped. But Sun IDM is a tough one. Even though it was killed 6 years ago it still survives in a creepy half-life form to this day. Oracle obviously tried to migrate all the Sun IDM installations to Oracle Identity Manager. But many customers refused to migrate. We can only speculate about the reasons, although anyone that had any hands-on experience with Oracle IDM will certainly have an opinion about that. Anyway, the future was not entirely bright for those who still maintain Sun IDM installation. But now there is a new hope. […]
MidPoint 3.4 code-named “Heisenberg” was released a few days ago. This is the sixteenth midPoint release since the project started all these long years ago. MidPoint went a very long way since then.
The Heisenberg release is the best midPoint release yet. We have finished access certification functionality, which makes midPoint the very first open source product to enter the identity governance and compliance playing field. We have also improved midPoint internals to better handle inconsistencies of resource data and we have also made many small internal improvements to increase robustness. This was one of the inspirations for the code-name. Similarly to Heisenberg’s uncertainty principle midPoint accepts that there is a degree of uncertainty when it comes to processing of the identity data. It may not be practically possible to always base the decisions on authoritative data. Practical identity management system needs to accept that the identity data are always in a state of flux – and midPoint does just that. And it manages the data reliably even in situations where other systems fail miserably. […]
It isn’t. That’s how it is. Why? Take any study describing potential information security threats. What do you see among the top threats there? Take another study. What do you see there? Yes. That’s the one. It is consistently marked as one of the most serious threats in vast majority of studies published for (at least) last couple of decades. Yet it looks like nobody really knows what to do about this threat. So, who is this supervillain? He’s right under your nose. It is the insider. […]
Test-Driven Development (TDD) tells us to write the tests first and only then develop the code. It may seem like a good idea. Like a way how to force lazy developers to write tests. How to make sure that the code is good and does what it should do. But there’s the problem. If you are doing something new, something innovative, how the hell are you supposed to know what the code should do? […]