And we also have to think about identity access management and identity life cycles. We have to think about this concept of entitlement. Entitlement is you could see on the screen in front of you, is defined as a set of rules, defined through or by the resource owner, very important concept. For managing access to a resource and for whatever purpose that access is granted. So, the resource owner, the entity, the subject that is the owner or the organization or whatever it may be. That is the owner of that particular resource, right, typically an object that we are trying to access or an organization we want to gain access into or some sort of software that we want to use. Right, all these different entities whatever they may be. An owner of that entity is going to specify what the rule or rules are that will define how access is to be granted under what conditions and for what purpose. This is important because the concept of entitlement is the concept of actually granting access on the conditions used to do so. And so when we think about entitlement, again, we can come back to this idea that I keep pulling off as a visual to go back into one or more of this folders. In this case, we just keep coming back to the scripts folder here. And if I'm the creator, owner of the script's directory on this Windows machine, and I own that folder, it's mine. As the owner, I am entitled to decide under what conditions and with what level of access users will gain rights to this directory. It's mine, I created it, I can do that, and I do that by coming in here, clicking Edit, and deciding as I showed you in one of our prior conversations, that if we spell correctly, of course. That we can go ahead and we can add in a user something like guest. And by doing that I can specify the guest will or will not be given certain rights. And you'll see I've just denied guest access to all those things, right but I may give guest the right access. See how there's different ways I could do that. That permission set wouldn't work correctly, but you get the general idea just to show you that it's the owner. I have the right, the entitlement to be able to do that. And that's what we're talking about with entitlement, is that capability. And obviously in a system when we're going through and we're interacting and setting up secure access, we have a lot of times automated this process of entitlement. There may be in other words a system that runs provisions a user puts them into a group like I just showed you I could do. And by putting them in a group automatically assigns certain rights to them based on membership and membership is one of the conditions. One of the rules that can be used to assign through entitlement access rights. And so by doing that and automating provisioning of users, we're automating the process of entitlements with certain degree. But the resource owner still has the ultimate saying decides what will happen. So we want to make sure we understand the moving parts. We want to make sure that we understand what all the pieces are in the identity life cycle management scenario. All of the various stages and the things that go on that we're talking about become important, because they interact with each other. Right, if we don't have the ability to understand how to authorize and authenticate a user, then entitlement doesn't matter because we're never going to allow users in. If we don't define entities then entitlement doesn't matter because we have nothing to entitle. If we don't understand how to do probitionate, entitlement doesn't matter because there's no reason for anything to theoretically be able use the entitlement. Because there are no accounts that are created because we haven't provision them. So it's important for us to understand all these moving parts and how they come together. How they interact, mutually support, and play off one another. As we wrap up our discussions around identity access management and the idea of the identity life cycle and the management of it, it's a good idea for us to pause for a moment. As I often will do, I encourage you to take a couple of quiet minutes. Review the information, review the definitions of what goes on each of these areas. You'll make sure you understand authorization, make sure you understand authentication, make sure you understand entitlement. Make sure you understand entities, make sure understand provisioning. These are the five key areas, we've talked about maintenance that wraps around all of this to ensure we're doing the right thing. Understand all those terms, if you're not quite clear on them, it's a great time for you take few minutes before we continue our conversations. I'm always willing to wait patiently for you, never a problem. Take a few minutes, go ahead and review, make sure you're comfortable and then as soon as you're ready come back and join me and we'll continue our conversations.
