A light-hearted view at some idiosyncrasies of naming processes in Identity & Access
A few of
you may know that process definition in general and Identity & Access
processes in particular are the special object of study for me since several
years already. As a tiny indication how serious I took this self-imposed duty
the formation of the standardisation initiative GenericIAM.org may be taken.
But before
I will impertinently demand of you to confront the insights and results of more
than a decennium of intellectual efforts, a more light-weight menu awaits you
here.
With utter
dismay I already had to experience the surging popularity of the Joiner, Mover-
and Lever-Processes during the recent years.
Processes
should be named according to their essential property. This is trivial at first
and easily accepted. Essential business processes transform an initial state
into a target state, a source material into a desired result, maintain (create,
change or eliminate) an object - in computer science an information object.
Consequently,
they should carry exactly that essence in their name: "Achieve target
state", " Create result" or "Maintain object" - i.e. a
verb that characterizes the transformation and a noun that designates the
object to be transformed or which emerges from the transformation. This is how
canonical process designations are created.
Designations
like Joiner, Mover & Leaver more hint at the actors who perform the
activities, than to the activity itself. Moreover, the complete process chain
which encompasses the ‘onboarding’ of an individual to a corporation pertains
to typical traditional HR-processes. While the mere notion of ‘Human Resources’
is so yesterday and an approach addressing a corporations’, total workforce
would be more appropriate, we anyway have to accept, that Identity Management
usually start after old-fashioned HR-processes had their lengthy run. And
Access Processes only start thereafter. So, a closer look anyway reveals a more
complex picture.
Nevertheless,
despite all fruitless complaining, the Joiner, Mover & Leaver found their
way into process reality. I fear, we henceforth have to live with them.
Realising this undeniable truth, I finally found my peace of mind.
But then
the Rejoiner suddenly popped up in a low profile and low quality conceptual
corporate paper. The rationale behind that game-changing invention was to give
new hire in one of the groups companies, who once were employed (or had some
other relationship) by another or the same of the group’s members, should be
given a special treatment to reflect this continuity – as if this pre-employment
/ pre-relationship-check shouldn’t be part of the regular onboarding anyway.
Driven by
strong inventive spirit and unlimited creativity the team soon gave birth to a
zoo of more exciting process variants. Yes, they come in all shapes, flavours
and colours.
Among the
artefacts which sprung from of the mad scientist minds were: The Multiple Joiner,
the first Mover, the final Leaver, the Releaver (or reliever?). Obviously, the
Believer would be welcome. And what about the Rejoicer? In times of mass
layoffs certainly the Remover Process would make ultimate sense.
In the end
- and after sustainably sobering out - we came the common conclusion that it
would be best to better hit the undo-button and rollback to the state we were
in prior to the creative explosion and after passing through the ages of the
great process extinction and purge the Identity & Access process Utopia - the
Rejoiner included.
To
diffidently voice my very personal concern: the spirit may have left the bottle
irreversibly however.
Take this
short story as a hint to stay tuned as more about the results of the
longstanding GenericIAM-effort will soon be presented here. Unfortunately,
however it will represent heavier stuff that this tiny contribution.
Meanwhile
all of you may enjoy the coming year end festivities.