From d29d990000868b8faae7fe529eb15049eb07a90a Mon Sep 17 00:00:00 2001 From: Keith Hazelton Date: Tue, 9 Feb 2021 16:44:21 -0600 Subject: [PATCH] Update iam-features.adoc --- iam-features.adoc | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/iam-features.adoc b/iam-features.adoc index 0e90964..f1ef814 100644 --- a/iam-features.adoc +++ b/iam-features.adoc @@ -24,6 +24,8 @@ Management of identities in the public sector. Usually a good support for organ Management of Identities in the in Higher Education. Requires all types of identities: teachers, students, employees, visitors, researchers, collaborators, visitors etc., Usually support for very complex and parallel organizational structures is required. Ability for a parameterized membership in many organizational units is critical. As is the support for temporal conditions to limit student and visitor access) Clean open source strategy is also crucial. +- - - + === *Architecture* ==== Overall System Architecture @@ -38,6 +40,8 @@ Platform on which the system runs. E.G. specific operating system or hardware-i Framework (or other method) which is used to ‘wire’ the system together. Framework that binds the components together and forms the basic structure of the system. +- - - + == *User Interface* ==== Framework @@ -56,6 +60,8 @@ What is this? Does the user interface provide access to all functionality avail What is this? How quickly the GUI reacts to user actions. CustomizationWhat is this? How easily can be the GUI fuctionality be customized. +- - - + == *Role-Based Access Control (RBAC)* ==== Provisioning Roles @@ -93,9 +99,11 @@ What is this? Ability to guide the creation, modification and disposal of a rol What is this? Ability to create groups (or other objects) in the target systems as a reflection of a role. Also ability to create roles as a reflection of arbitrary resource objects. -== Organizational Structure +- - - + +== *Organizational Structure* -==== Organizational units +==== Organizational Units What is this? Ability to support object that model organizational units such as companies, divisions, departments, projects, workgroups, teams, ... @@ -110,6 +118,8 @@ What is this? Ability to maintain several independent organizational structures What is this? Ability to create organizational units (or other objects) in the target systems as a reflection of organizational structure. Also the other way around. Ability to transform flat structures to tree structures, ability to reconstruct tree structure from flat string attributes, etc. +- - - + == *Provisioning and Synchronization* ==== Propagation @@ -152,6 +162,8 @@ What is this? Ability of an IDM system to recover from provisioning failures su What is this? Support for management of entitlements on the resource side (in managed systems) such as LDAP groups, AD groups, privileges, ACLs, etc. Ability to display and synchronize them. Also ability to manage membership or association of accounts and entitlements. +- - - + == *Connectors* ==== Framework @@ -200,6 +212,8 @@ What is this? Can the connectors be used in other systems? Is there a support f What is this? How easy is to develop a new connector. +- - - + == *Customization* ==== Flexibility @@ -230,6 +244,8 @@ What is this? Ability to synchronize any object with any other object. What is this? Ability to place custom code to be executed at important points in request processing. +- - - + == *External interfaces (APIs)* ==== Local native API @@ -248,6 +264,8 @@ What is this? RESTful resource-oriented interface with proper structure accordi What is this? A stand-alone component that can be linked to an application code and can be used to conveniently access the IDM system over the network. +- - - + == *Data Storage* ==== Commercial relational databases @@ -262,6 +280,8 @@ What is this? Ability to store data in open source relational databases such as What is this? Ability to store data in NoSQL databases. +- - - + == *Self-service* ==== Self registration @@ -290,6 +310,8 @@ What is this? Agents that capture cleartext passwords and sent them to IDM for Other self-service functionality +- - - + == *Security* ==== Authentication @@ -316,6 +338,8 @@ What is this? Ability to delegate privileges of one user to another user. E.g. What is this? Ability to record all the operations of the users and the system down to a very fine details. +- - - + == *Workflow* ==== Workflow engine integration @@ -338,6 +362,8 @@ What is this? Does the workflow support workflow standards (such as BPMN)? What is this? How easily can the default workflow engine be replaced? Can the product use a different engine? Or can it invoke remote workflow system instead? +- - - + == *Governance, risk assessment, compliance and forensic* ==== Segregation of duties @@ -360,6 +386,8 @@ What is this? Support for producing a well-formatted human-readable reports (e. What is this? Support for storage of historical data and ability to analyze them. E.g. ability to report who had a particular role 6 moths ago. +- - - + == *Operation* ==== Hardware resource efficiency @@ -386,6 +414,8 @@ What is this? Ability to efficiently execute operations on a selected objects i What is this? Ability to control what information is logged, ability to log debug and tracing information, whether the log messages are easy to understand, etc. +- - - + == *Documentation* ==== Architectural documentation @@ -400,6 +430,8 @@ What is this? Documentation describing system configuration, administration and What is this? Documentation describing how the system is implemented, how to create plug-ins and other programming extensions, how to contribute to the project, etc. +- - - + == *Community* ==== Version control system