Update iam-features.adoc

internet2 · Feb 9, 2021 · d29d990 · d29d990
1 parent 871f93c
commit d29d990
Showing 1 changed file with 34 additions and 2 deletions.
diff --git a/iam-features.adoc b/iam-features.adoc
@@ -24,6 +24,8 @@ Management of identities in the public  sector. Usually a good support for organ
 
 Management of Identities in the in Higher  Education. Requires all types of  identities: teachers, students, employees, visitors, researchers, collaborators,  visitors etc., Usually support for very complex and parallel organizational  structures is required. Ability for a parameterized membership in many  organizational units is critical. As is the support for temporal conditions  to limit student and visitor access) Clean open source strategy is also  crucial.
 
+- - -
+
 === *Architecture*
 
 ==== Overall System Architecture
@@ -38,6 +40,8 @@ Platform on which the system runs.  E.G. specific operating system or hardware-i
 
 Framework (or other method) which is  used to &lsquo;wire&rsquo; the system together. Framework that binds the components  together and forms the basic structure of the system.
 
+- - -
+
 == *User Interface*
 
 ==== Framework
@@ -56,6 +60,8 @@ What is this? Does  the user interface provide access to all functionality avail
 What is this? How  quickly the GUI reacts to user actions.
 CustomizationWhat is this? How  easily can be the GUI fuctionality be customized.
 
+- - -
+
 == *Role-Based Access Control (RBAC)*
 
 ==== Provisioning Roles
@@ -93,9 +99,11 @@ What is this? Ability  to guide the creation, modification and disposal of a rol
 
 What is this? Ability  to create groups (or other objects) in the target systems as a reflection of  a role. Also ability to create roles as a reflection of arbitrary resource  objects.
 
-== Organizational Structure
+- - -
+
+== *Organizational Structure*
 
-==== Organizational units
+==== Organizational Units
 
 What is this? Ability  to support object that model organizational units such as companies,  divisions, departments, projects, workgroups, teams, ...
 
@@ -110,6 +118,8 @@ What is this? Ability  to maintain several independent organizational structures
 
 What is this? Ability  to create organizational units (or other objects) in the target systems as a  reflection of organizational structure. Also the other way around. Ability to  transform flat structures to tree structures, ability to reconstruct tree  structure from flat string attributes, etc.
 
+- - -
+
 == *Provisioning and Synchronization*
 
 ==== Propagation
@@ -152,6 +162,8 @@ What is this? Ability  of an IDM system to recover from provisioning failures su
 
 What is this? Support  for management of entitlements on the resource side (in managed systems) such  as LDAP groups, AD groups, privileges, ACLs, etc. Ability to display and  synchronize them. Also ability to manage membership or association of  accounts and entitlements.
 
+- - -
+
 == *Connectors*
 
 ==== Framework
@@ -200,6 +212,8 @@ What is this? Can  the connectors be used in other systems? Is there a support f
 
 What is this? How  easy is to develop a new connector.
 
+- - -
+
 == *Customization*
 
 ==== Flexibility
@@ -230,6 +244,8 @@ What is this? Ability  to synchronize any object with any other object.
 
 What is this? Ability  to place custom code to be executed at important points in request  processing.
 
+- - -
+
 == *External interfaces (APIs)*
 
 ==== Local native API
@@ -248,6 +264,8 @@ What is this? RESTful  resource-oriented interface with proper structure accordi
 
 What is this? A  stand-alone component that can be linked to an application code and can be  used to conveniently access the IDM system over the network.
 
+- - -
+
 == *Data Storage*
 
 ==== Commercial relational databases
@@ -262,6 +280,8 @@ What is this? Ability  to store data in open source relational databases such as
 
 What is this? Ability  to store data in NoSQL databases.
 
+- - -
+
 == *Self-service*
 
 ==== Self registration
@@ -290,6 +310,8 @@ What is this? Agents  that capture cleartext passwords and sent them to IDM for
 
 Other self-service functionality
 
+- - -
+
 == *Security*
 
 ==== Authentication
@@ -316,6 +338,8 @@ What is this? Ability  to delegate privileges of one user to another user. E.g.
 
 What is this? Ability  to record all the operations of the users and the system down to a very fine  details.
 
+- - -
+
 == *Workflow*
 
 ==== Workflow engine integration
@@ -338,6 +362,8 @@ What is this? Does  the workflow support workflow standards (such as BPMN)?
 
 What is this? How  easily can the default workflow engine be replaced? Can the product use a  different engine? Or can it invoke remote workflow system instead?
 
+- - -
+
 == *Governance, risk assessment, compliance and forensic*
 
 ==== Segregation of duties
@@ -360,6 +386,8 @@ What is this? Support  for producing a well-formatted human-readable reports (e.
 
 What is this? Support  for storage of historical data and ability to analyze them. E.g. ability to  report who had a particular role 6 moths ago.
 
+- - -
+
 == *Operation*
 
 ==== Hardware resource efficiency
@@ -386,6 +414,8 @@ What is this? Ability  to efficiently execute operations on a selected objects i
 
 What is this? Ability  to control what information is logged, ability to log debug and tracing  information, whether the log messages are easy to understand, etc.
 
+- - -
+
 == *Documentation*
 
 ==== Architectural documentation
@@ -400,6 +430,8 @@ What is this? Documentation  describing system configuration, administration and
 
 What is this? Documentation  describing how the system is implemented, how to create plug-ins and other  programming extensions, how to contribute to the project, etc.
 
+- - -
+
 == *Community*
 
 ==== Version control system