*DRAFT*
DELIVERABLE 1:
Without accounts, people can’t log in to anything so we need a way to provision them. Since there are many types of accounts used on each campus it is not efficient to have to go into each credential store and manually create accounts there (not to mention the fact that administrators need to have access in all of these places to do so).
DELIVERABLE 2:
Requirements:
- Needs to have the capability to establish a new identity in the IdM database and look up existing identities.
- Since the IdM databases at various campuses have different structures (eg schemas) and protocols (eg SQL, LDAP) and account provisioning system must have configurable (and maybe extensible) plug-ins which enable these kinds of data access.
- Similarly, since credential storage is varied (LDAP, AD, RACF, SQL, etc.) a provisioning system needs various plug-ins to manage accounts in all the possible credential stores.
- It needs to manage the mappings of identities to accounts.
- Assuming the role or group systems provide their own access provisioning then integration with those components would not necessarily be needed, however, it would be nice to have the ability to manage these from the same place that accounts are created.