I agree with Gartner when they say ” IAM (Identity & Access management) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons.” This practice area is crucial to the maturity of an enterprise’s security posture.
Here are six Identity and Access Management Terms, that in my career I have come across more often than not, being mis-used. To help you be more clear and accurate, I will define the terms here, then you too, can listen for where these terms are misused in away that makes them seem interchangeable.
Identity – The means by which an Entity can consistently and comprehensively be identified as unique.
Identifier – The means by which an Identity can cryptographically asserted, usually using public-key technology.
Entity – Discrete types that will have identity, these are users, devices, code, organizations and agents.
Entitlement – The process of mapping privileges (access to an application or its data) to identities and the related attributes.
Persona – Identity plus the particular attributes that provide context to the environment the entity is operating within.
Attributes – Facets of an Identity.