Testing IAM: it's not only the identity that counts

For a month now I'm busy with testing an Identity and Access Management (IAM) solution build for a Dutch Energy company.
As you already might know by reading my blog, testing IAM is not only testing if someone can log in and out of an application.
No, there's more.
IAM stands for Identity and Access Management.
Identity management, a part of computer security, is about the management of identities and their authentication, authorization,and permissions within or across system and enterprise boundaries.
Access Management also relates to authentication and authorization, but includes Access Control too, which is perhaps a better word for it.
Next to this, Access Control is about measures such as physical devices (biometrics, encryption) and monitoring by humans and automated systems. Trends like Bring Your Own Device (BYOD) and 'Het Nieuwe Werken' (work anywhere any place any time) makes Access Control (and Identity Management) challenging:
People want to work with their devices perfectly in a secure and interoperable way.

This not only affects IAM, but also the testing of IAM: more and more complex testcases which has to be generated and executed in a short time.
These are just some thoughts from me. As you might have seen on Twitter or FaceBook I have started a TestingSaaS-FaceBook page where I want to interact with my blog readers and develop a social network dedicated to sharing knowledge on testing SaaS applications with a special emphasis on identity and security.

Why FaceBook?
I saw with blogging it was most of the time a one-to-one interaction, this social network could be an interaction where all blogreaders are involved and knowledge can be shared. So, if you have thoughts about testing IAM, drop by at my TestingSaaS- FaceBookpage and let's get this network started.