One of the basic, important steps in implementing an Identity Management infrastructure is the planning around where your new, shiny provisioning engine is going to get all the identity information it needs. Sometimes the answer is very straightforward (e.g. "oh, we just suck all the information out of the HR system"). Unfortunately, life is not always this simple. Quite often, you need to think about where your disparate, authoritative sources of identity information are. Once you figure that out, you then need to determine how to get that information easily (in a manageable and maintainable way) on a regular basis, preferably in an automated fashion.
Your friendly sales rep at whatever software vendor you deal with will immediately throw a tool at you. This said tool will probably be one of the following:
- An LDAP directory which includes synchronisation capabilities with other data stores.
- A Relational Database (RDBMS) which includes synchronisation capabilities with other data stores.
- A plain old synchronisation tool that transports data between various sources.
- A Meta-Directory (which could leverage an LDAP or RDBMS depending on the architecture).
- A Virtual Directory (which could leverage an LDAP or RDBMS depending on the architecture).
I'll stop now because I don't particularly want to start the "Directory Trek Wars" again despite the fodder it would provide me to do part III :-)