- The "Job of Provisioning" (abstract technical definition): Keeping identity information state consistent across all components of the institutional IT ecosystem
- Guideline: Build provisioning models using compositions of Enterprise Integration Patterns (EIP): http://www.eaipatterns.com/
- "Event-driven" and "messaging" are high level, abstract EIP constructs that help structure discussions of provisioning capabilities
- They do NOT commit one to a particular technical infrastructure such as ESB, JMS, though those are among the candidate solutions
- Principle: Standards at the core, customization at the edges
- E.g., Core: Canonical data models; SCIM as the rising new protocol to serve provisioning needs
- E.g., Edge: Connectors that speak SCIM on one side and speak app-specific APIs on the other; flow goes both into and out of app
- Scope: Re-label Provisioning as "App and Data Integration Services"
- This brings into scope the feeds from source systems to person registries
- in addition to traditional view of provisioning FROM the person registry to "consumer" systems
- Candidate solution frameworks (existing integration stacks)
- Kuali RICE
- The Apache integration stack: http://servicemix.apache.org/
- FuseSource.com, Wso2.com (packaged Apache integration stack)
- Open source projects descended from Sun IAM suite
- Deliverables:
[Extensible] person/agent identity information schemas
- including mappings to/from canonical data models, e.g., SCIM, LDAP, RDBMS)
- Connector building, collecting, reposing, support for downloading
- Detailed recommended solutions to a defined set of common provisioning tasks
- based on compositions of EAI patterns
- including source system of record feeds to the person registry
- as well as classic provisioning cases
- including optional rules engine to externalize identity business processes including identity life-cycle management
- Reference implementations of recommended solutions in Kuali Rice AND in Apache ServiceMix
- Training materials, training events