...
Generic Functional Requirements
- information Information about a user should include attributes as specified by the organization
- only Only the IdM system should be able to write to log/audit data stores
- the The IdM system must be able to associate user account data across multiple systems each having different schemes for local identifiers
- the The IdM system needs to notify downstream systems of user-related events in a timely and secure fashion
- the The IdM system must consume upstream user-related events from systems of record in a timely and secure fashion
...
- Design data integration components to be loosely coupled, not tightly integrated to avoid "lock-in" and "lock-out" problems. Components which are loosely-coupled can bring flexibility and interoperability with products from different vendors.
- Base user account data integration on the mapping of a meaning-free identifier. Use a meaning-free identifier such as UUID to map to local user IDs to facilitate working across multiple systems with different schemes for local identifiers.
- Use commodity message queuing products. For example, use products such as ActiveMQ for messaging needs where possible.
- Integration with downstream systems should be asynchronous and loosely-coupled. For example, user provisioning can use event notification mechanisms using generic "user event" messages.
Technical Solutions
- Commodity messaging products such as ActiveMQ
- Integration technologies such as Apache Camel
Case Studies
See, for example, the data integration tips in the LIMA design model.