2018-12-19

Identity Process Utopia


A light-hearted view at some idiosyncrasies of naming processes in Identity & Access



A few of you may know that process definition in general and Identity & Access processes in particular are the special object of study for me since several years already. As a tiny indication how serious I took this self-imposed duty the formation of the standardisation initiative GenericIAM.org may be taken.

But before I will impertinently demand of you to confront the insights and results of more than a decennium of intellectual efforts, a more light-weight menu awaits you here.

It all started, when I stumbled across a process designated the “Rejoiner Process”.

With utter dismay I already had to experience the surging popularity of the Joiner, Mover- and Lever-Processes during the recent years.

Processes should be named according to their essential property. This is trivial at first and easily accepted. Essential business processes transform an initial state into a target state, a source material into a desired result, maintain (create, change or eliminate) an object - in computer science an information object.

Consequently, they should carry exactly that essence in their name: "Achieve target state", " Create result" or "Maintain object" - i.e. a verb that characterizes the transformation and a noun that designates the object to be transformed or which emerges from the transformation. This is how canonical process designations are created.

Designations like Joiner, Mover & Leaver more hint at the actors who perform the activities, than to the activity itself. Moreover, the complete process chain which encompasses the ‘onboarding’ of an individual to a corporation pertains to typical traditional HR-processes. While the mere notion of ‘Human Resources’ is so yesterday and an approach addressing a corporations’, total workforce would be more appropriate, we anyway have to accept, that Identity Management usually start after old-fashioned HR-processes had their lengthy run. And Access Processes only start thereafter. So, a closer look anyway reveals a more complex picture.

Nevertheless, despite all fruitless complaining, the Joiner, Mover & Leaver found their way into process reality. I fear, we henceforth have to live with them. Realising this undeniable truth, I finally found my peace of mind.

But then the Rejoiner suddenly popped up in a low profile and low quality conceptual corporate paper. The rationale behind that game-changing invention was to give new hire in one of the groups companies, who once were employed (or had some other relationship) by another or the same of the group’s members, should be given a special treatment to reflect this continuity – as if this pre-employment / pre-relationship-check shouldn’t be part of the regular onboarding anyway.

Driven by strong inventive spirit and unlimited creativity the team soon gave birth to a zoo of more exciting process variants. Yes, they come in all shapes, flavours and colours.

Among the artefacts which sprung from of the mad scientist minds were: The Multiple Joiner, the first Mover, the final Leaver, the Releaver (or reliever?). Obviously, the Believer would be welcome. And what about the Rejoicer? In times of mass layoffs certainly the Remover Process would make ultimate sense.

In the end - and after sustainably sobering out - we came the common conclusion that it would be best to better hit the undo-button and rollback to the state we were in prior to the creative explosion and after passing through the ages of the great process extinction and purge the Identity & Access process Utopia - the Rejoiner included.

To diffidently voice my very personal concern: the spirit may have left the bottle irreversibly however.

Take this short story as a hint to stay tuned as more about the results of the longstanding GenericIAM-effort will soon be presented here. Unfortunately, however it will represent heavier stuff that this tiny contribution.

Meanwhile all of you may enjoy the coming year end festivities.