Michael R. Gettes, Carnegie Mellon University Renee Shuey , The Pennsylvania State University
A Different View of IdM Biz Process? Michael R Gettes Duke University CAMP @ Denver, June 2005.
-
Upload
evan-bailey -
Category
Documents
-
view
214 -
download
0
Transcript of A Different View of IdM Biz Process? Michael R Gettes Duke University CAMP @ Denver, June 2005.
The Problem (per Tom Barton @ U of Memphis)
• Unclear process for lifecycle management of accounts & other IT resources – Seat of pants policy determination
• Inconsistent operational practices– Done differently by different people at different times
• Common business logic forced to reside in applications to determine eligibility– Eg. Is this user “currently a member of community”?– Inconsistent service levels for users results.
Not shown: transitions to prospective state from
grace, limbo, slide, IDonly.
Tom Barton’s Original U of Memphis StatesView of IdM …
Adding to the Problem …
• Gaining common understanding among Id Mgmt functional types
• Communication between Id Mgmt Functional and Id Mgmt Technical types
• How do Service Providers fit in?• Knitting together other Business Processes
with IdM Biz Process (communication and understanding)
• Hence, A Duke View…
ACTIVEor
EXISTS
Creation
Condition
Action
Result
Identity &Service/ProvisioningStates (functional view)
BecomeStudent
BecomeFaculty
RemoveStudentServices
ACTIVEor
EXISTS
Creation
Condition
Action
Result
DISABLEDGRACE
Identity &Service/ProvisioningStates (functional view)
BecomeStudent
BecomeFaculty
RemoveStudentServices
TerminatedStaff
IDENTITY
OBJECT
Condition
Action
Result
LoopOver AllConditionsUntilNoActions
Stable State
For each ID Object …
For good biz logicOrder must not matter
ID Object #1Old
ID Object #1New
ID Object #2Old
ID Object #2New
ID Object #3Old
ID Object #3New
ID Object #4Old
ID Object #4New
IdentityManagement
BusinessLogic
Testing and Validation Now Possible