We are
in the process of evaluating MIIS here, and AD is currently our source for
authentication information, for Enterprise application, we are using a custom
database running on Critical Path to sync with other application directories,
and get a metaview of the information for identity management. Currently
no one allows the metaview write access anywhere.
I hope
our testing and subsequent deployment will allow for a more standardized
approach like what was described below.
To
build on what Gil wrote, The reason why SQL server was used to store
identity information, was probably because it was a metaview of all the relevant
data needed to construct an employee including privacy information. Active
Directory doesn't need access to privacy information (SSN#, DOB, etc) nor do
many LDAP applications. The nice thing about MIIS, is that it can create
that metaview for you and store it in a SQL server. So if your privacy
information is only stored in the HR system, and Payroll, Then you can set ACL's
on the info so only those systems get that info.
If you
are getting into directories for both network access and Enterprise Resource and
Application use, I suggest subscribing to the Burton Group papers on Enterprise
directory, and constructing your architecture based on some of their
principals. Now if we could only find a group willing to figure out the
Laws of directories we would be golden... Maybe Murphy is already doing
them.
Todd
|
Title: Message
- [ActiveDir] Identity Management using AD Glenn Corbett
- Re: [ActiveDir] Identity Management using AD jim . katoe
- RE: [ActiveDir] Identity Management using AD Gil Kirkpatrick
- RE: [ActiveDir] Identity Management using AD Jackson Shaw
- Re: [ActiveDir] Identity Management using AD Myrick, Todd (NIH/CIT)
- Re: [ActiveDir] Identity Management using ... Glenn Corbett
- RE: [ActiveDir] Identity Management us... Rick Kingslan
- Re: [ActiveDir] Identity Managemen... Glenn Corbett
- RE: [ActiveDir] Identity Managemen... Joe
- RE: [ActiveDir] Identity Management using AD Thommes, Michael M.
- RE: [ActiveDir] Identity Management using AD Gil Kirkpatrick
- RE: [ActiveDir] Identity Management using AD Myrick, Todd (NIH/CIT)
- RE: [ActiveDir] Identity Management using AD Duncan, Larry
- RE: [ActiveDir] Identity Management using AD Myrick, Todd (NIH/CIT)
- RE: [ActiveDir] Identity Management using AD Roger Seielstad