Repository: syncope Updated Branches: refs/heads/master 930db341f -> 8f1a55716
Introduction, SYNCOPE-700 Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/8f1a5571 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/8f1a5571 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/8f1a5571 Branch: refs/heads/master Commit: 8f1a5571600310becf7722c4500684581ee61a1b Parents: 930db34 Author: Massimiliano Perrone <massimiliano.perr...@tirasa.net> Authored: Fri Dec 11 11:46:35 2015 +0100 Committer: Massimiliano Perrone <massimiliano.perr...@tirasa.net> Committed: Fri Dec 11 11:46:35 2015 +0100 ---------------------------------------------------------------------- src/main/asciidoc/iam/iam.adoc | 70 +++++++++++++++++++++++++++++ src/main/asciidoc/reference-guide.adoc | 10 +---- 2 files changed, 71 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a5571/src/main/asciidoc/iam/iam.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/iam/iam.adoc b/src/main/asciidoc/iam/iam.adoc new file mode 100644 index 0000000..a781255 --- /dev/null +++ b/src/main/asciidoc/iam/iam.adoc @@ -0,0 +1,70 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +// + +== Identity and Access Management +Though Identity management and Access Management are often united, because the two management world often coexist in the +same projects or in the same environment, the two topics are completely different: each one has its context, its rules, +its best bractice. On the other hand, many software have unorthodox implementation so you could done a samething with +both of them. +However, in general as suggested by their name, the access management basically handles the access in a certain +environment providing some kind of credentials; on the countray the identity management handles the digital identity +profile and its life cicle. +Apache Syncope is an identity manager. + +=== Identity Stores +An identity store is the place where the digital identity are stored. Of course there are various store types, the most +famous are: + +* Microsoft Active Directory; +* LDAP +** OpenLDAP; +** FreeIPA; +** ForgeRock OpenDJ; +** 389 Directory Server; +* DBMS +** MySQL +** PostgreSQL +** Oracle +* ... + +From Apache Syncope point of view, an identity stores is viewed as an integrated resource with a communication based +on the identity connectors. + +=== Provisioning Engines +A provisioning engine is a software able to execute some operation on the profile of a digital identity. +Precisely this operation could be run to manage a user life cicle, the _CRUD_ operation to persiste the user on an +identity store: + +* Create +* Read +* Update +* Delete + +or could be the operations albe to modify the user profile in order to activate or deactivate its digital identity, or +could be the operations to add or remove a role from an user profile to achieve the RBAC (Role-based access control) +in an enviroment and so on. Definitely a provisioning angine manages the digital identity user profile in a centralized +way. + +=== Access Managers +As briefly mentioned before, an access manager is not an identity manager. An access management software manages above all +the authentication on a given environment. It provides the methods, generally called authentication module, to manage +the user authentication, the latter based on various identification system as the password, the fingerprint or based on +various protocols as SAML and OAuth 2.0. + +=== The Complete Picture \ No newline at end of file http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a5571/src/main/asciidoc/reference-guide.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/reference-guide.adoc b/src/main/asciidoc/reference-guide.adoc index 82e50ad..250e87f 100644 --- a/src/main/asciidoc/reference-guide.adoc +++ b/src/main/asciidoc/reference-guide.adoc @@ -54,15 +54,7 @@ provisioning, and compliance. include::introduction/introduction.adoc[] -== Identity and Access Management - -=== Identity Stores - -=== Provisioning Engines - -=== Access Managers - -=== The Complete Picture +include::iam/iam.adoc[] == Architecture