Versions Compared

Old Version 2

changes.mady.by.user Tom Jordan (wisc.edu)

Saved on

compared with

New Version Current

changes.mady.by.user gesze001@odu.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

Image Removed

 

Narrative

...

  1. Record is created in institutional source system.
  2. Institutionally defined logic invokes the Person Registration and Update service either via REST API calls (synchronous) or by inserting Person Update messages into the Person Update queue (asynchronous).
  3. Person Registration and Update service calls Orchestration Engine to invoke workflow for new source record registrationinvokes the Person Match / De-duplication service to determine if the record supplied matches an existing record
    1. If Person Match
    Orchestration engine invokes search / match function to determine if there are candidate matches
    1. If search / match returns a definite match, orchestration engine calls registration function which binds source record to existing identityPerson Registration invokes Unique Identifier Creation to generate any additional identifiers (if needed), links with an existing person, add any address, contact and affiliation data to Master Person Store and either calls the Group Update Service (synchronous) or puts a message on the Person Update queue (asynchronous).
    2. If Person Match If search / match returns a possible match (verification required), orchestration engine invokes verification workflowIf search / match , Person Registration puts a message in a Person Record Verification queue, or calls an institutionally defined API. Verification is accomplished according to institutionally defined rules and processes, and the decision (match or do not match) is registered using the Person Registration and Update Service.
    1. If Person Match returns no possible match,
    5. new registration function is called.
  5. Person / Affiliation / Identifier information is registered to the Person Information Store
  6. Orchestration engine triggers refresh of data-driven group information in the Groups Service
    1. person registration invokes Identifier Assignment to generate any needed identifiers,  registers record to Person Data Store , and puts a message on the Person Update queue.
  8. Person Registration Service calls the Group Update Service (synchronous) or inserts a Person Update message in the Person Update Queue (asynchronous).
  9. Groups Service recognizes the new person message in the Person Update queue and adds group memberships based on person and affiliation data.
  10. Groups Service inserts group update messages into the Group Update Queue.
  11. Provisioning component runs rule-based provisioning based on data-driven group memberships
    1. Could be based on new Group Update messages in Group Update Queue
    2. Could also be triggered by Orchestration Engine
    Orchestration engine invokes rule-based provisioning in Provisioning Service
  12. Accounts and access are provisioned according to data-driven group membership

 

  2. Provisioning system may generate identifiers. If so, it will generate a Person Update message and place it in the Person Update queue
  3. Provisioning system may generate additional group memberships. If so, it will generate a Group Update message and place it in the Group Update queue.
  4. User is now able to access resources that are protected by institutional access control systems. Group and attribute data can be released to local and federated applications to provide authorization information for use in access control decisions.

See also

...