Employees are also customers.

Students are also teachers.

Contractors can serve in many roles.

Some individuals could be all of the above.

Imagine a student, who is a student teacher, who is employed by the university in a work study job in the bursar’s office, and works part-time for a contracted research laboratory.  Each of these roles constitute a separate relationship with the university, and could require separate levels of access to computing resources.

Traditional identity management practices and products could be tailored to effectively grant, manage and remove access associated with each relationship, and potentially even correlate all the access rights back to the same identity.  To accomplish this, an army of consultants may define service catalogs, roles, and custom business processes.  Even after all that, they would likely fail to properly govern the relationships that are associated with this student/teacher/employee/contractor.

To properly govern identities who maintain multiple relationships with your organization, you must also be able to represent multiple sets of relational attributes as well.  This includes multiple titles, employment types, states (active/inactive) and relationships such as manager.

If you are struggling with governing relationships, I’d love to hear more about your use cases.