Lecture Notes: Words of Identity

Introduction

• Identity and Access Management (IAM) is a complex field requiring an understanding of specific jargon.
• The language of IAM lacks formal structure, leading to ambiguity.
• The article serves as a guide for understanding and reducing confusion in IAM terminology.

Key Concepts in Identity and Access

• Identity and Access: Refers to digital representations in IT.
• Industry Challenges: Words have multiple meanings, leading to miscommunication.
• Dialect Differences: Variations exist between organizations.

Important Terms and Their Ambiguity

Access-related Terms

• Access Right, Entitlement, Permission, Privilege, Profile, Role: Often used interchangeably, but can denote different access levels.

Common Terms

• Account: Varies from financial accounts to user accounts in IT.
• Authentication: Proving authenticity; often confused with authorization.
• Authentication Factor: Requires multiple factors; ambiguity in components like identifiers.
• Authorization: Different from authentication; complexity adds confusion.

Hierarchical Terms

• Entitlement: Sometimes used for hierarchical access rights.
• Identification: Related to authentication and authorization but distinct.

Identity and User Distinctions

• Identity: Not synonymous with identifier; refers to digital identity, often representing real persons or IoT entities.
• User: May refer to both actual persons and digital system identifiers; distinction needed.

Ownership and Privilege

• Owner: Concept of digital representation ownership needs clarification.
• Privilege: Synonym for access rights; can mean special access rights.

Miscellaneous Terms

• Profile and Role: Groups access rights or attributes; need for clear context.
• Token: Represents digital identities; requires clear representation.

Causes and Consequences of Ambiguity

• Lack of Formal Vocabulary: Leads to multiple meanings.
• Industry Growth: Faster than standards development.
• Sectoral Divergence: Different needs and interpretations across sectors.

Short-term Solutions

• Awareness: Recognize the confusion in terminology.
• Questioning: Set aside time to clarify meanings.
• Clear Communication: Practice precise language; maintain local glossaries.

Conclusion

• Complex Language: Industry language is complex and contradictory.
• Impact on Recruitment: Complexity deters newcomers.
• Need for Clarity: Short-term awareness can aid understanding.

Author Bio

• Espen Bago: Experienced in IAM, currently Identity Manager for the Norwegian Labour and Welfare Administration. Founding member of IDPro.

References

1. Conversations in IDPro Slack channels.
2. Terminology in the IDPro Body of Knowledge.
3. Microsoft Azure AD documentation.
4. NIST definition of identity.
5. Identity at the Center podcast, episode #167.
6. Prioritizing clarity over convincing.