A Different View of IdM Biz Process?

1
A Different View of IdM Biz Process?

• Michael R Gettes
• Duke University
• CAMP _at_ Denver, June 2005

2
Prioritization _at_ Duke

• Cough
• ahem
• Cough, Cough
• Gag
• Cough
• Next slide please

3
The Problem (per Tom Barton _at_ U of Memphis)

• Unclear process for lifecycle management of
  accounts other IT resources
• Seat of pants policy determination
• Inconsistent operational practices
• Done differently by different people at different
  times
• Common business logic forced to reside in
  applications to determine eligibility
• Eg. Is this user currently a member of
  community?
• Inconsistent service levels for users results.

4
Tom Bartons Original U of Memphis States View
of IdM
Not shown transitions to prospective state from
grace, limbo, slide, IDonly.
5
Adding to the Problem

• Gaining common understanding among Id Mgmt
  functional types
• Communication between Id Mgmt Functional and Id
  Mgmt Technical types
• How do Service Providers fit in?
• Knitting together other Business Processes with
  IdM Biz Process (communication and understanding)
• Hence, A Duke View

6
Condition
Identity Service/Provisioning States
(functional view)
Action
Creation
Result
Become Student
Become Faculty
Remove Student Services
7
Condition
Identity Service/Provisioning States
(functional view)
Action
ACTIVE or EXISTS
Creation
Result
Become Student
Become Faculty
DISABLED
GRACE
Remove Student Services
Terminated Staff
8
For each ID Object
Condition
Action
Result
Loop Over All Conditions Until No Actions Stable
State
For good biz logic Order must not matter
9
Testing and Validation Now Possible
ID Object 1 Old
ID Object 1 New
Identity Management Business Logic
ID Object 2 Old
ID Object 2 New
ID Object 3 Old
ID Object 3 New
ID Object 4 Old
ID Object 4 New
10
(No Transcript)
11
(No Transcript)