In a large organization, using a single enterprise-wide identity infrastructure is often impossible for geographic, political, or technical reasons. For example, Utah runs hundreds of web servers. My goal as CIO was not to have everyone use a single enterprise infrastructure for web servers or even to use a single authentication and authorization component. Rather, we had to find ways for individual projects to build portions of the identity infrastructure and yet have them work in an interoperable fashion.

We've seen the role that policies and interoperability frameworks (IF) play in making this possible. The consolidated infrastructure blueprint that we saw in the last section also plays an important role. In addition to those important aids, we can give system architects a head start when they design a system by creating system reference architectures (SRAs) that show how an individual system can be put together from components in the IF so as to work with the CIB. The system architect can customize the SRA to the specific job at hand rather than starting from scratch.

As an example, suppose your enterprise infrastructure used a metadirectory to consolidate directory information and that you had also deployed a policy server and provisioning server from a particular vendor in accordance with your interoperability framework. A new project to build a partner portal has been launched. The project is of sufficient scope that it will need its own web servers, ...