a different view of idm biz process? michael r gettes duke university camp @ denver, june 2005
TRANSCRIPT
A Different View of IdM Biz Process?
Michael R Gettes
Duke University
CAMP @ Denver, June 2005
Prioritization… @ Duke
• Cough
• ahem
• Cough, Cough
• Gag…
• Cough
• Next slide please …………
The Problem (per Tom Barton @ U of Memphis)
• Unclear process for lifecycle management of accounts & other IT resources – Seat of pants policy determination
• Inconsistent operational practices– Done differently by different people at different times
• Common business logic forced to reside in applications to determine eligibility– Eg. Is this user “currently a member of community”?– Inconsistent service levels for users results.
Not shown: transitions to prospective state from
grace, limbo, slide, IDonly.
Tom Barton’s Original U of Memphis StatesView of IdM …
Adding to the Problem …
• Gaining common understanding among Id Mgmt functional types
• Communication between Id Mgmt Functional and Id Mgmt Technical types
• How do Service Providers fit in?• Knitting together other Business Processes
with IdM Biz Process (communication and understanding)
• Hence, A Duke View…
ACTIVEor
EXISTS
Creation
Condition
Action
Result
Identity &Service/ProvisioningStates (functional view)
BecomeStudent
BecomeFaculty
RemoveStudentServices
ACTIVEor
EXISTS
Creation
Condition
Action
Result
DISABLEDGRACE
Identity &Service/ProvisioningStates (functional view)
BecomeStudent
BecomeFaculty
RemoveStudentServices
TerminatedStaff
IDENTITY
OBJECT
Condition
Action
Result
LoopOver AllConditionsUntilNoActions
Stable State
For each ID Object …
For good biz logicOrder must not matter
ID Object #1Old
ID Object #1New
ID Object #2Old
ID Object #2New
ID Object #3Old
ID Object #3New
ID Object #4Old
ID Object #4New
IdentityManagement
BusinessLogic
Testing and Validation Now Possible
