Creating an IMA requires the help and cooperation of multiple people from many different organizations within the enterprise. In order to coordinate their actions and create an atmosphere where the results will be accepted and used, the process for creating the IMA, approving it, and enforcing its provisions, must be clearly delineated.
Figure 14-2 shows a sample governance model for creating an IMA. This figure does not show a new organization, but rather a relationship between roles that will be assumed by people already in the organization. We'll see how these roles interact in detail in this chapter.
The governance model presented here is certainly not the only one that will work, and it will need to be tailored to your organization. The objectives of the model are the following:
Create the identity management architecture.
Ensure that every organization in the enterprise that will be affected by the IMA has an opportunity to participate in its creation.
Yield a result consistent with the strategic goals of the organization.
Yield a result that will drive the goals and tactical implementation plans of all organizations within the enterprise as they relate to identity.
As you read the following description of roles and processes, keep these objectives in mind. That will help you determine how best to map this model onto your own organization.
At first, the information that follows may seem like overkill. The temptation will be strong to just get a few trusted people together and tell them to determine a strategy and then sell, or even announce, the new strategy to the rest of the organization. In some organizations, it may even work. Before you do that, carefully read and understand this chapter. I think you'll find that it's not as complicated as it appears at first, and the various roles and procedures serve useful purposes that are worthwhile.