Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- D4.1: Structured account of approaches on interoperability.
- D4.2: Set of requirements for interoperability of Identity Management Systems.
- D4.4: Survey on Citizen's trust in ID systems and authorities.
- D4.5: A Survey on Citizen’s trust in ID systems and authorities.
- D4.6: Draft best practice guidelines.
- D4.7: Review and classification for a FIDIS identity management model.
- D4.8: Creating the method to incorporate FIDIS research for generic application.
- D4.9: An application of the management method to interoperability within e-Health.
- D4.10: Specification of a portal for interoperability of identity management systems.
- D4.11: eHealth identity management in several types of welfare states in Europe.
- Profiling.
- Forensic Implications.
- HighTechID.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
Business Modelling Domain
Business modelling of the operations is an essential prerequisite before information management can be implemented. Institutions should be able to analyse and anticipate the effects of processes, information flows, document management and enabling technologies, such as e-business, upon their operations.
There are various modelling techniques, which may be applied, some of which are described below, to provide different and comprehensive views of the business activities.
Models should be developed to represent such items as:
Activities and processes of the business application within and between, stakeholders
Information resources and flows
Application of technologies
Processes should be documented for such items as:
Work procedures and tasks
Roles and responsibilities of personnel
Audit and monitoring procedures
Types of models
Business modelling takes many different forms and there are many techniques available. What is important is that fundamental processes should be modelled, and the way that this is done should maximise the generation of value for the institution. For example, analysis of information needs and resources should lead to the development of a corporate information model. In the FIDIS context the generation of value within research activity is important. To this end in later development of the guidelines we would expect to define the objectives, and how we measure them. For instance, the guidelines would have to support: the circulation of information within the Network, the identification and selection of relevant information for ongoing research purposes, the clarification of identity concepts, and certainly innovation itself.
Entity models
Entity models specify the relationships between such entities as people, objects, processes, and information within and between institutions. They are used to brainstorm, or when working from a fresh start, to specify and resolve business issues and to define the related corporate information. An entity model for information management within FIDIS is shown in Figure 4. It is a generic model, which may be applied by each Work Package.
Figure 4
Stakeholder models
Stakeholder models highlight the different stakeholders who are involved in the various activities of identity management throughout the supply chain. Stakeholder models may be created for particular business sectors, such as e-health, and they may be used as a basis for information flows within and between stakeholders. In Figure 5, some of the stakeholders involved with identity management are shown at differing levels of governance:
Figure 5
Process and information flow models
Information flow models show the business processes, how they interact with each other and how information flows between them. They provide a functional overview of the operations and allow personnel to see the functions and processes of a business quite independently of the organizational chart. They may show the essential and supportive processes and provide judgment about the value contributed by these processes to business operations. We can superimpose upon the models such flows as information, intelligence, documents, people and finance to indicate how we, as identity management systems developers or research network actors, drive and control the processes.
Compliance models
A generic compliance model has been developed in order to assess the degree to which institutions are fulfilling their obligations and their effectiveness in applying identity management. The model is shown in Figure 6 and the following statements briefly describe the areas of interest within the model.
Figure 6
The model is divided into three parts:
The top line shows the processes for specifying the Design Criteria for ensuring compliance with the required regulations:
Process and Semantic Models
The process and semantic models that satisfy legal and other requirements.
Select Control & Monitoring Positions
The monitoring positions where relevant information needs to be collected for compliance purposes.
Design Norms & Performance Criteria
The required norms and performance criteria, which need to be addressed for compliance with regulations.
Store Design Data
The store containing all of the information that represents the design criteria.
The bottom line illustrates the processes for the Actual Monitored Data. This data needs to be collected and measured to enable compliance to be achieved:
Compliance Process
The specification of the compliance process to be applied to activities.
Monitoring Techniques
A description of the monitoring techniques being applied at the various audit points.
Collect Monitored Data
A store containing all of the monitored data that is collected during the compliance process.
Interpret Monitored Data
The analysis and interpretation of the monitored data.
The middle line represents the processes that compare and analyse the Actual Monitored Data with those of the Design Criteria:
Compare Designed Data with Monitored Data
The process that compares the actual monitored data with the designed data
Compliance Review of Variance
A compliance review to determine the variance between actual and design data. This gap analysis determines one of three outcomes: satisfactory review, monitoring to be continued or further design and analysis is required.
The audit points should be where particular activities of interest are taking place or where a transfer takes place of information from one person, department or institution to another. Information which needs to be gathered and checked against specified criteria, may include:
Process being audited
Information being processed
Person responsible for performing the work
The rules and norms which need to be satisfied
Transmission and receipt logs
9 / 16 |