The company behind one of the most important open source projects in the world is providing a new way to use its framework for IAM (identity and access management) this week. Credit: opensource.com GitHub is making available a new IAM (identity and access management) tool, dubbed Entitlements, which leverages the company’s own Git framework to parse, track and approve access to a business’ systems.The basic idea of Entitlements is to use a dedicated Git repository as a way to provide a centralized clearinghouse for identity management data and using pull requests to make any changes—new approvals, reverifications and any other changes can be made to a given repository for a given system.The use of metadata tags also allows administrators to be granular in how they manage access to their systems—approvals dating back long enough can be subjected to mandatory reverification, differently tagged users can be granted different rights and privileges, and so on. Moreover, the use of Git provides a detailed audit log for the whole process, letting administrators track who requested what access and when, when it was granted, and by whom, for example. Detailed lists of groups, organized by manager, region, access level and more are also available for better auditing.Git has been using the Entitlements system internally for “years,” according to the company’s official blog post announcing that Entitlements has gone open source. The system can be used on any Git repository, but using it with GitHub.com directly allows for more functionality, like the use of cron jobs to automate review and auditing tasks, or use a business data “source-of-truth” to push updates from an org chart to the Entitlements framework. Moreover, GitHub said, like any good open source project, Entitlements is constantly being improved and iterated upon.“GitHub uses Entitlements every day, averaging around 2,000 commits per month,” the company said in the blog post. “We’re constantly shipping improvements to the app and exploring ways to make it even easier to use. We want to enable others to use what we’ve built for their own IAM needs.” More information about the Entitlements system is available at the app’s repo, and example configurations and workflows are available at the config repo here. GitHub also open sourced two output plugins for Entitlements, one to manage GitHub Orgs and Team memberships, and another that allows organizations to create robust audit logs. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe