Discussion of scope

Chunk

Out of Scope

In Scope

Registries

relationships among objects

matching engine (merging and splitting Identities)
ID store: schema, interfaces, object.,
Management functions
notification
reconciliation
statefulness
multiple credentials
crosswalk or mapping of multiple credentials
multiple identifiers

Data Presentation

 

 

Provisioning

 

FC-NG/Grouper: Realtime provisioning

FC-NG:

  • SCIM/SPML Standards work
  • Connectors (beyond LDAP and AD)
  • Improve Statefulness (Grouper might be able to fill this GAP per Chris's comments)
    • Need improved documentation, recipes, usage/implementation patterns

Access Management

 

Grouper: Service/Application Registry, Improved UI (for developers)
KIM: Service APIs into KIM, Improved UI
usability for devs
GAMS (Groups project from UW), document recipies

Authentication

distributed session management
non-web federated authentication

Production & management of strong authenticators (certs and 2 Factor)
password management
single log out

Access Certification

compliance management

reporting
audit
attestation

Policy Management

Policy mgmt

 

Personal Profile Management

 

Person attributes beyond those needed for identity reconciliation, needed by a myriad of campus applications/customers

Thing

Registries

Data Presentation

Ops/Int

AuthN

Acc Mgmt

Acc Cert

Policy

Profile

...

  • No labels