Recently, for a multi-hospital chain, we did a project that included evaluating and prioritizing their architectural principles for a new identity system. This is what we came up with. The list is useful, I think, not because of the order but because the process we went through to come up with it created consensus among the team about what tradeoffs we were going to have to make in the course of deploying the system. You, of course, will make different tradeoffs and your prioritization will be different. But the idea remains the same; all things being equal, is it more important to you to save money or have a flexible system? What do you mean by ‘save money’? What do you mean by ‘flexible’? Is saving money in the short term? What is the short term? And so forth.

1 Security (including de-provisioning and audit)

2 Reliability (disaster recovery/fault tolerance/availability; Service availability for auth = 99.998% , removing a user, others)

3 Agility (long-term; ease of integration of future applications/services; speed of implementation)

4 Flexibility/extensibility (drives abstraction/transparency, open architecture, system homogeneity)

5 Maintain-abilty (ease of management, simplicity)

6 Cost (within bounds: geometric progression)

7 Performance

8 Scalability (acquisitions, new hospitals, new services (on the order of tens of thousands)

9 Operational mode (excludes deprovisioning, removing access; includes moves, adds, changes)

10 Adaptability (provided its reliable: software — low; hardware: already have a plan)

11 System homogeneity (within the bounds of this project; not relevant)