Definitions

Definition 1

Related Terms

• https://open-measure.atlassian.net/wiki/spaces/DIC/pages/1121878049

• https://open-measure.atlassian.net/wiki/spaces/DIC/pages/1122566173

• https://open-measure.atlassian.net/wiki/spaces/DIC/pages/1122566465

Quotes

When first introduced, entitlement management products were considered appropriate primarily for custom-built applications because source code was accessible to perform the necessary integration. Broader ranges of applications are now considered appropriate candidates because the technology has matured and attitudes have evolved . J2EE application platforms are also a prime candidate for integration with entitlement management systems because vendors have focused on building policy enforcement point (PEP) agents that handle authorization processing with little to no application changes. Web services style applications are also candidates for integration - consuming entitlement management functionality as a service for authorization. Finally, Microsoft SharePoint has emerged as a significant pull to spur demand for entitlement management products to protect SharePoint installations that have outgrown the application 's native authorization capabilities.

2 The Many Definitions of Entitlement Management

In talking with enterprises and vendors during research, Burton Group discovered many different understandings of the entitlement management term. This confusion has persisted in part because the marketplace and the business process both have the same name. Historically, this segment of the IdM market was referred to as "fine-grained authorization" because that was the focus of many early adopters. At this stage, fine-grained authorization is just one of a broader range of capabilities that current entitlement management products can offer. As such, entitlement management technologies and approaches resist a concise definition, but Burton Group uses the following definitions to distinguish between the business process and the market:

• Business Process : The process of (i) collection of information about individuals' job functions, authorities, and resource requirements, (ii) derivation of resource access entitlement information from that metadata, (iii) association of entitlement information to the appropriate people or roles, and (iv) periodic review of the association of entitlements to people or roles.

• Market: Products which implement fine-grained authorization using XACML (or proprietary interfaces) but do NOT implement the entitlement management business process.

According to discussions with enterprises and vendors, the demand for entitlement management technology is spurred primarily by two motivating factors : compliance and security or business agility. Other issues also come into play, including externalizing authorization from business applications and fostering secure collaboration with partners.

Bibliography

See Also