Controlled Disclosure


ID-Archive can be used to dynamically reassign IT responsibilities:

Access Control

Dynamic Workflow

Concurrency

  • In most cases, authorized users can immediately display passwords.
  • Privilege model:
    • Users
    • User groups
    • Resource groups
    • Resources
  • Make anyone ``admin for the day,'' as required.
  • Any user can ask for any password.
    • Policy can limit requests.
  • Resource owners must approve disclosure:
    • Parallel approvals.
    • N of M.
    • Auto-reminders.
    • Escalation.
    • Delegation.
  • Admin staff should be aware of each-others' actions:
    • Prevent conflicts.
    • Coordinate changes.
  • ID-Archive can limit number of simultaneous admins
    • Can be more than 1.
    • Tell each admin about the others.