IAM in Service Catalog
Page Audience: SMW unit, during development of this page. Published to partners and customers when ready.
Page Purpose: Describe an important design pattern for middleware services.
Document Status: Early draft
Institutionally there are many kinds of entities that we wish to identify, describe, manage, and share among multiple business functions and application systems: people, groups, departments, roles, classes, budgets, computers, services, programs, functions, etc. Proper management of information about these entities allows this information to be easily shared among all systems. A registry is a design pattern describing key aspects of managing this kind of information.
A registry keeps track of all instances of a particular kind of thing.
Appropriate "kinds of thing" are those which have:
An entry in a registry has:
The functional attributes are those that are most likely to be shared among multiple systems. An application system will typically maintain information about registered entities that is specific to that system, and remains internal to that system.
A registry provides guarantees about accuracy, completeness, timeliness, and accessibility of its records, appropriate to the needs of its subscribers. Those with registry update capability (maintainers) must all agree to abide by conditions necessary to maintain the service guarantees of the registry.
A registry may be maintained (ie, entries created/updated/deleted) via a single business process or application system, or via multiple processes/systems. Supporting multiple maintenance processes raises several design issues, including whether to extend one process to support all others or creating a new one; reconciling conflicting attributes; etc.
A registry has business logic for maintaining quality of entries.
Examples of institutional registries include:
Some architectural assumptions:
University Person Registry
The goal of this system is to provide a single shared source of data about all people of interest to the institution, that is accurate, complete, up-to-date, and accessible. It is a registry as described above, and will be maintained via multiple processes.