Let's turn our attention to administering identity management life cycles. What they look like, how operate, and what they are. We'll be talking about identity management, and the phases in the life cycle, authorization, proofing, provisioning, maintenance, and entitlement. And that's what we're going to spend some time talking about as we get started with identity management. Overall, the idea of identity management is really this idea that we have on the screen here. The task or task involve in controlling information about users on a computer. This is what identity management is all about. When we think about setting up access to a system, we have to manage the user identities that will be use to access the system, and this is the process we go through. The goal is to improve overall productivity and security. To do so, I'll try to lower overall costs in association of activity. The amount of time it takes, the amount of energy it takes to manage users and provisioning them for access into a system. It could take a lot of time, it could take a lot of resources, it could become very expensive and indeed very time consuming to be able to do this on a large scale. When we have five or ten users, probably not a big deal. When we have 5,000, 10,000, 50,000 and 100,000 users, it's going to take a lot more resources to be able to get system access to set up, to provision user accounts, create them, modify permissions as needed. You need a dedicated team of users and resources doing nothing but this. So, Identity Management can become a very important aspect of how it control system access. When we think about the moving parts, we think about authorization, the idea and we talk about this already extensively on our prior conversations. Authorization allows us to determine whether a user is permitted to access a particular resources. And if so, under what conditions will that be and then what permissions we will give them as a result of that authorization will be something to think about as well. Performed as it usually is by checking the resource access request against whatever authorization policies maybe stored. So we talk about in the identity access management system restore, the policy store, the IAM or the Identity Access Management System. Maybe the active directory inside of Windows, the ADDS. It will be any LDAP driven solution that we would traditionally connect to. That would then give users the rights and the capabilities to access resources once they have gone through the process of authenticating successfully. The authorization stage is handled there. Authorization is really all about what permissions will we give the user, and then allow that user or that group of users to execute those permissions. If you remember when we went back and we took a look at earlier, the thought process of just accessing a directory inside of a Windows desktop somewhere, just like the one that I have here. And going to Security and looking at the fact that authorized, or authenticated users in this case, have the modify, read, and execute list folder, read and write, and read write permissions. They don't have the special permissions, they don't have full control. When we look at this group of five permissions they're given, any member of the authenticated users group will be authorized to do those things. And that's what authorization would represent to us where the administrators, you can see, has more permissions and the administrator group has full control added to their permission list. So they've got one additional permission that the members of the authenticated users group would not get. And this is the idea of authorization and this is what authorization represents. It's that ability to figure out what resource access we grant to an individual user or a group of users. And then rolling that forward, allow that to be used to ensure that people are able to execute and do the things they need to do within the system in an ongoing way. We speak about proofing, identity-proofing, specifically is the idea of verifying people's identities before we issue them accounts or credentials. When you apply for a job and you go in, you go through an interview, you go through the entire process. And let just assume you're successful and you get hired at company ABC.com. When ABC hires you, part of the process before they actually put you into their system, create you as a user, assign resource access to you, all that stuff, will be that they're going to go through, whoever they are, somebody in the organization, either in security, or in HR or perhaps along the way in various places. And validate who you are, validate your references, validate the stuff you put in your resume, validate the stuff you put on the job application. You really are John Smith, you really do live at 123 Circle Lane, right. And you are going to have been employed by these companies for this long and you did this kind of work and these references are accurate. In other words we want to prove who you are and not just take you at your word, trust but verify. As I said earlier in some of our prior conversations, this is the idea of proofing, right. We go through,we understand who you are and where you are coming from to the extend that we can. Obviously not everything could be validated, not every claim you make can easily be authenticated. But we try to proof as many of them as possible to make sure we are dealing with a known quantity and we're not inadvertently letting in a bad actor. This is all about the idea of screening as much as possible out on the front ends of these systems to imply that only the people that are successful, that make it through, should be trusted to the extent that we can extend trust in a system. This is one of the ideas behind identity proofing. So we just want to make sure we're aware of that
