Tuesday, January 26, 2010

Hire and fire

Managing digital identities is on open field. Some users are more then one identity, others getting a new surname after marriage, and of course some users changing the company. So no mystery, just the life of a human.
But let us have a look as we need it as an corporate manager for the identity management. Our company hires people and often they leave the company after a while. Others a happy and can retire. I see two points in this: 1. People come and go, but 2 persons can have the same name. 2. When they leave what do we do with data and the left digital identities.
1.) E.g. Bob Drake is a new employee with userid bobdr and email bob.drake@org.com. So what will happen when Bob leaves the company and 2 months later another Bob Drake gets hired. Is your identity management ready for this? what will be the userid and email for Bob #2? Do you have an underlying global unique identifier? Is every of your applications ready to see the different identities? Can you deal with that?
2.) In our Org.com we run an PKI system with key recovery as an backup/recovery solution if the primary certificate is lost. When Alice, another employee of the great Org.com, leaves for how long do we keep the data and for how do we keep the certificates for recovery? For example if you have to keep all company papers written by Alice for at least 10 years by law, for how long do you store the certificates?