Identity Management System: Architecture



Similar documents
SOA REFERENCE ARCHITECTURE: WEB TIER

Government's Adoption of SOA and SOA Examples

Unifying IT Vision Through Enterprise Architecture

Enterprise Identity Management Reference Architecture

Entitlements Access Management for Software Developers

Service-Oriented Architecture and Software Engineering

Business Process Execution Language for Web Services

The IBM Rational Software Development Platform..Role focused tools help simplification via Separation of Concerns

VALLIAMMAI ENGNIEERING COLLEGE SRM Nagar, Kattankulathur

Oracle SOA Reference Architecture

API Architecture. for the Data Interoperability at OSU initiative

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution

Business Process Driven SOA using BPMN and BPEL

e-gateway SOLUTION OVERVIEW Financials HCM ERP e-gateway Web Applications Mobile Devices SharePoint Portal

CBM SOMA - SCA. Techniques and Standards to Increase Business and IT Flexibility. Jouko Poutanen Senior IT Architect, IBM Software Group

SERVICE ORIENTED ARCHITECTURE

BUSINESS-DRIVEN, COMPLIANT IDENTITY MANAGEMENT USING SAP NetWeaver IDENTITY MANAGEMENT

Oracle Identity Manager (OIM) as Enterprise Security Platform - A Real World Implementation Approach for Success

Enterprise Architecture For Next Generation Telecommunication Service Providers CONTACT INFORMATION:

SOA + BPM = Agile Integrated Tax Systems. Hemant Sharma CTO, State and Local Government

Identity and Access Management

The Unique Alternative to the Big Four. Identity and Access Management

What is BPM? Software tools enabling BPM

Cloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102

E-Business Suite Oracle SOA Suite Integration Options

SofaWare Management Architecture Basics

Single Sign On. SSO & ID Management for Web and Mobile Applications

Gabriel Magariño. Software Engineer. Overview Revisited

Vendor Technical Overview Briefing July 16, 2014 GARTNER PUBLIC SECTOR CONSULTING. GARTNER CONSULTING Engagement:

Course 20533: Implementing Microsoft Azure Infrastructure Solutions

Effective Team Development Using Microsoft Visual Studio Team System

How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions

Business Process Management Enabled by SOA

Business Process Management Tampereen Teknillinen Yliopisto

Whitepaper: Manage Access Control for Network Resources with Securitay s Security Policy Manager

SOA Blueprints Concepts

Enterprise Service Bus Defined. Wikipedia says (07/19/06)

Guiding Principles for Technical Architecture

Course 50382A: Implementing Forefront Identity Manager 2010 OVERVIEW

The Use of Service Oriented Architecture (SOA) for Back Office

Implementing Microsoft Azure Infrastructure Solutions

Creating a Strong Security Infrastructure for Exposing JBoss Services

Testing Tools using Visual Studio. Randy Pagels Sr. Developer Technology Specialist Microsoft Corporation

Implementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led

SOA Standards - Patterns

SAP Secure Operations Map. SAP Active Global Support Security Services May 2015

CRM Solutions. Banking Sector

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

THE GLOBAL EVENT MANAGER

Introduction to Service-Oriented Architecture for Business Analysts

Service Oriented Architecture (SOA) An Introduction

Web Services Integration Case Study - Housing

WHAT IS CHANGE MANAGEMENT

SOA REFERENCE ARCHITECTURE: SERVICE TIER

Group Management Server User Guide

SOA Fundamentals For Java Developers. Alexander Ulanov, System Architect Odessa, 30 September 2008

<Insert Picture Here> Building a Complex Web Application Using ADF and Siebel

Service Oriented Architecture 1 COMPILED BY BJ

Service-Oriented Architecture Foundation

Prerequisites for Successful SOA Adoption

Integrated Identity and Access Management Architectural Patterns

Cloud Technology Platform Enables Leading HR and Payroll Services Provider To Meet Solution Objectives

Architectural Requirements for an SOA Based on Web Services. Jim Bole VP, Engineering Infravio, Inc. April 23, 2003

SOA Planning Guide The Value Enablement Group, LLC. All rights reserved.

Identity Management with midpoint. Radovan Semančík FOSDEM, January 2016

An Architecture to Deliver a Healthcare Dial-tone

Air Force SOA Enterprise Service Bus Study Using Business Process Management Workflow Orchestration for C4I Systems Integration

How To Understand A Services-Oriented Architecture

Enterprise Digital Identity Architecture Roadmap

SMART Solutions for Active Directory Migrations

Biometric Single Sign-on using SAML

Business Process Management In An Application Development Environment

Presentation Outline. Key Business Imperatives Service Oriented Architecture Defined Oracle SOA Platform SOA Maturity/Adoption Model Demo Q&A

DC OCFO s ESB Success Story

Oracle BPA Suite: Model and Implement Business Processes Volume I Student Guide

Enterprise Application Designs In Relation to ERP and SOA

Business Integration Architecture for Next generation OSS (NGOSS)

Technical Layer (Technical Interoperability) Information Layer (Information Interoperability. Business Layer (Business Process Interoperability)

Designing an Enterprise Application Framework for Service-Oriented Architecture 1

Policy Driven Practices for SOA

Workflow and Service Oriented Architecture (SOA)

Biometric Single Sign-on using SAML Architecture & Design Strategies

Service Oriented Architecture (SOA) Architecture, Governance, Standards and Technologies

PeopleSoft Enterprise Campus Solutions 9.0 Enrollment Web Services

Flexible Medical Image Management Using Service-Oriented Architecture

Transcription:

Identity Management System: Architecture

Table of Contents 1. Overview and Goals...3 2. Design...4

1. Overview and Goals The Identity Management (IdM) team at UNC Chapel Hill has identified a set of core requirements for a new system that will handle provisioning and de- provisioning in a timelier, more automated, and more efficient manner, as well as requirements for a user interface that will provide users with more effective and easier- to- use self- service options. These requirements are detailed in a separate set of documents. This document details the high- level architectural design of the new system. The system architecture should strive to meet these design goals: The system must be loosely coupled. That is, replacing or changing any one component of the system must not necessitate major changes to any other component of the system. The addition of new services to be provisioned and de- provisioned must require minimal modification to the system. The system should enable re- use of workflows and processes across services as much as possible. The system should use open protocols and standards (like SPML, DSML, LDAP, BPEL, and WS- *) as much as possible. We must support transitioning to the system as gradually as possible, and we must not lose any data during the transition process. The system should give service owners as much control as possible over the exact procedure for provisioning and de- provisioning those specific services. That is, the exact process for service provisioning should not be in the system directly, but rather be behind a service façade. If possible, the user- accessed UI and the system should be separate; as much as possible of the UI should be available through the current campus portal. The system should reduce duplication of data and of configuration, so that data and configuration are not stored in multiple systems unnecessarily. The system must be able to handle provisioning and de- provisioning services for applications, machines, and other types of identities as well as for person identities.

2. Design Many of the design goals that IdM has for its new system are easily met if we choose to architect in a service- oriented fashion. Loose coupling, re- use, open protocols, and abstraction of implementation are all properties that services in a well- designed service- oriented architecture (SOA) possess. The new IdM system, therefore, will view each service to be provisioned and de- provisioned by the central system as a service in SOA terms. Each of these services should provide a SPML façade for the central provisioning service to call. All operations on a service are provided either by pre- defined SPML capabilities or by a small number of custom UNC capabilities that have been defined within the confines of the standard SPML capability framework. The actual provisioning engine (the system that makes eligibility decisions, handles de- provisioning schedules, and coordinates communication with the user) can also be viewed as a service it is the gateway through which external consumers, including the user interface, must enter. Audit logging is a concern shared by most or all services. These are called crosscutting concerns in aspect- oriented programming (AOP) terminology. Rather than code audit logging into each and every service, this concern can easily be handled by BPEL processing, which can fill the role of AOP interceptors. This BPEL processing can direct copies of request/response messages to an auditing. The new architecture is represented visually in Figure 1.

Figure 1

3. Scenarios In order to see how we would use the architecture above in order to handle some real- world situations, we present some sample high- level message flows through the provisioning/de- provisioning system. All data flows refer to Figure 1. 3.1. Person- related scenarios All changes to person data will be external to this architecture and will be reflected in the person registry. The person registry is responsible for publishing messages into the provisioning/de- provisioning system for processing. 3.1.1. Bio- demo information change Bio- demo information will rarely be used in provisioning and eligibility decisions, but it is synchronized to the LDAP directories and it may be required data for some provisioned services.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information