An Access Control Solution For The Inter-Organizational Use Of ITIL Federated Configuration Management Databases

Governance, Risk, and Compliance (GRC) Management is on the edge of becoming one of the most important business activities for enterprises. Consequently, IT departments and IT service providers must sharpen their alignment to business processes and demands. Fulfilling these new requirements is supplemented by best practice frameworks, such as ITIL, which define a complete set of IT Service Management (ITSM) processes. Many ITSM processes rely on accurate information which is provided by the Configuration Management (CM) process and stored in a database called CMDB. As it is next to impossible to store all the necessary data in a single huge database, the distributed storage of so-called configuration items and their relationships has become rather wide-spread and is termed CMDB federation (CMDBf). In this paper, we first present the need of inter-organizational-CMDBf usage, e. g. in outsourcing scenarios, by means of a real-world scenario. Based on this requirement, we introduce our concept of an ioCMDBf, discuss how it can be used by the ITSM processes of all involved organizations, and present a policy-based access control architecture for the ioCMDBf which makes use of state-of-the-art identity federation technology. 1 Motivation and problem statement The alignment of IT services to business goals, processes, and requirements has become one of the most critical success factors for enterprises of any size. IT Service Management (ITSM) frameworks such as the IT Infrastructure Library (ITIL) provide guidance for this challenge by sharing best practice solutions for ITSM processes that cover the whole service life cycle. One vital process within these frameworks is, in ITIL terms, Configuration Management (CM). It is essential because all the other ITSM processes rely on P ub lis he d in P ro ce ed in gs o f t he 1 5 A nn ua l W or ks ho p of H P S of tw ar e U ni ve rs ity A ss oc ia tio n (H P -S U A ), 20 08 P ub lis he d in P ro ce ed in gs o f t he 1 5 A nn ua l W or ks ho p of H P S of tw ar e U ni ve rs ity A ss oc ia tio n (H P -S U A ), 20 08 P ub lis he d in P ro ce ed in gs o f t he 1 5 A nn ua l W or ks ho p of H P S of tw ar e U ni ve rs ity A ss oc ia tio n (H P -S U A ), 20 08 P ub lis he d in P ro ce ed in gs o f t he 1 5 A nn ua l W or ks ho p of H P S of tw ar e U ni ve rs ity A ss oc ia tio n (H P -S U A ), 20 08 P ub lis he d in P ro ce ed in gs o f t he 1 5 A nn ua l W or ks ho p of H P S of tw ar e U ni ve rs ity A ss oc ia tio n (H P -S U A ), 20 08 P ub lis he d in P ro ce ed in gs o f t he 1 5 A nn ua l W or ks ho p of H P S of tw ar e U ni ve rs ity A ss oc ia tio n (H P -S U A ), 20 08