By Jim Webber & Ian Robinson, Chief Scientist & Senior Engineer | November 2, 2015 Identity and access management (IAM) solutions store information about parties (e.g., administrators, business units, end-users) and resources (e.g., files, shares, network devices, products, agreements), along with the rules governing access to those resources.
Identity management solutions then apply these rules to determine who can or can’t access or manipulate a resource.
Traditionally, identity and access management has been implemented either by using directory services or by building a custom solution inside an application’s backend.
Hierarchical directory structures, however, can’t cope with the complex dependency structures found in multi-party distributed supply chains. And custom solutions that use non-graph databases to store identity and access data become slow and unresponsive as their datasets grow in size.
That’s why today’s enterprises turn to graph database technology to run their mission-critical identity and access management solutions.
In this “Graph Databases in the Enterprise” series, we’ll explore the most impactful and profitable use cases of graph database technologies at the world’s leading organizations. In past weeks, we’ve examined fraud detection, real-time recommendation engines, master data management and network and IT operations.
This week, we’ll take a closer look at identity and access management (IAM).
The Key Challenges in Identity & Access Management:
Today’s enterprise data professionals face greater challenges than ever before when it comes to storing and managing user identities and authorization. Not only must data architects deal with user access fraud, but they also must manage all of these changing relationships in real time. Here are some of their biggest challenges:
- Highly interconnected identity and access permissions data To verify an accurate identity and its access permissions, the system needs to traverse through a highly interconnected dataset that is growing in size and complexity.
- Productivity and customer satisfaction As users, products and permissions grow, traditional systems no longer deliver responsive query performance, resulting in diminished user experience and frustration for users.
- Dynamic structure and environment With rapid growth in the size of users and their associated metadata, your application needs to accommodate both current and future identity management requirements.
Why Use a Graph Database for Storing Identity and Access Data?
A graph database can store complex, densely connected access control structures spanning billions of parties and resources.
Its richly and variably structured data model supports both hierarchical and non-hierarchical structures, while its extensible property model allows for capturing rich metadata regarding every element in the system.
With a query engine that can traverse millions of relationships per second, graph database access lookups over large, complex structures execute in milliseconds not minutes or hours.
As with network and IT operations, a graph database access control solution allows for both top-down and bottom-up queries:
- Which resources – company structures, products, services, agreements and end users – can a particular administrator manage? (Top-down)
- Given a particular resource, who can modify its access settings? (Bottom-up)
- Which resource can an end-user access?
Access control and authorization solutions powered by graph databases are particularly applicable in the areas of content management, federated authorization services, social networking preferences and software as a service (SaaS) offerings – where they realize minutes-to-milliseconds increases in performance over their relational database predecessors.
Example: Telenor Norway
Telenor Norway is an international communications services company. For several years, it has offered its largest business customers the ability to self-service their accounts.
Using a browser-based application, administrators within each of these customer organizations can add and remove services on behalf of their employees.
To ensure users and administrators see and change only those parts of the organization and the services they are entitled to manage, the application employs a complex identity and access management system which assigns privileges to millions of users across tens of millions of product and service instances.
Below is an example of Telenor’s data model.
A sample of Telenor Norway’s data model showing their identity and access management application.Due to performance and responsiveness issues, Telenor decided to replace its existing IAM system with a graph database solution.
Their original system used a relational database, which used recursive JOINs to model complex organizational structures and product hierarchies. Because of the join-intensive model, their most important queries were unacceptably slow.
In contrast, once they implemented a graph database solution, Telenor realized the performance, scalability and adaptiveness necessary for handling their identity and access management needs, reducing queries that once took many minutes to milliseconds.
For your enterprise organization, managing multiple changing roles, groups, products and authorizations is an increasingly complex task.
Relational databases simply aren’t up to the task of managing your identity and access needs as queries are far too slow and unresponsive.
Using a graph database, you seamlessly track all of your identity and access relationships real-time results, connecting your data along intuitive relationships. With an interconnected view of your data, you have better insights and controls than ever before.
Download your copy of this white paper, The Top 5 Use Cases of Graph Databases, and discover how to tap into the power of connected data at your enterprise.
Catch up with the rest of the “Graph Databases in the Enterprise” series:
About the Author
Jim Webber & Ian Robinson, Chief Scientist & Senior Engineer
Jim Webber is Chief Scientist at Neo Technology working on next-generation solutions for massively scaling graph data. Prior to joining Neo Technology, Jim was a Professional Services Director with ThoughtWorks where he worked on large-scale computing systems in finance and telecoms. Jim has a Ph.D. in Computing Science from the Newcastle University, UK.
Ian Robinson is an Senior Engineer at Neo Technology. He is a co-author of ‘REST in Practice’ (O’Reilly) and a contributor to the forthcoming books ‘REST: From Research to Practice’ (Springer) and ‘Service Design Patterns’ (Addison-Wesley). He presents at conferences worldwide on the big Web graph of REST, and the awesome graph capabilities of Neo4j.
From the CEO
Have a Graph Question?
Reach out and connect with the Neo4j staff.Stackoverflow
Share your Graph Story?
Email us: firstname.lastname@example.org