• A Technical Paper »
• The FAQ »
• The Podcast »
• Live Webcast: July 16, 2008 »

Discover the Open Role Exchange

The Open Role Exchange Forum was created to help organize an industry-wide effort to address the need for role interoperability standards. The goal of this initiative is to bring the identity management community together to focus on initiating standards development around role model exchange.

The Challenge
When an enterprise embarks on an RBAC initiative, many collaborative system components must make use of common control directives from a centralized authority. Often a centralized RBAC model definition is used to provide a description or schema for these directives. The role model, its structure and its definition become the embodiment of complex enterprise policies such as entitlement description, user allocation and intricate business policies like separation-of-duty and delegated service assignment.

The role model structure is used to promote a common governance framework for managed identity across the identity management infrastructure and into line of business systems. The shared RBAC model is used to capture important identity governance policies that span system boundaries and solution domains. Management systems like enterprise provisioning, centralized access control, SIEM, privileged user management and content personalization must then all share in a global control model that focuses on the identity and uses the role-entitlement relationships to guide systems access.

As more and more organizations use roles as a common governance model for identity, the need to describe and exchange roles in an open, standards-based way becomes more critical. Today, in order to deploy enterprise role management across the entire infrastructure, organizations must invest significant time and money building and deploying custom integration between enterprise role management, provisioning, entitlement management, and business applications.

The result is an expensive, brittle, and complex role model system that is difficult to deploy and hard to maintain. With the adoption of a standard model for role exchange, organizations can avoid the need to build custom integration and can instead focus on meeting compliance and governance requirements through effective oversight and policy enforcement based on a centralized role management system.

This forum aims to bring together requirements and use cases for the development of a standards-based role exchange model.

A Starting Point
This group has been formed to help define the scope, requirements and use cases for open role exchange. To help guide this process, we have identified the following five key topic areas for discussion and focused use case development.

• Common Exchange Format: a common format to describe the RBAC structure and control rules between systems.
• Query and Exchange Operations: a well-defined set of query and exchange operations so that structure, allocation and usage requests can flow between systems.
• Change Control and Delegated Administration: rules for determining how systems can extend or modify a shared model.
• Role Mapping and Resource Referencing: a common role mapping and resource-referencing scheme between systems.
• A Common State Model:a common state model for shared RBAC systems.

Help us define and refine these topic areas by commenting and posting ideas on the discussion forum.