Information Technology Reference
In-Depth Information
Designing User Provisioning Messages
The basic idea is to keep things simple. Provisioning-related messages are of
the following types:
1.
User events (that IAM publishes to associated systems)
2.
User event acknowledgements (used only when some data has to be
returned from associated systems to IAM)
3.
User event processing errors (to be handled separately)
The actual format of data is up to the preference of an individual
organisation. Some prefer XML, while others may choose JSON. We're
agnostic about this level of design detail, because it's more important to get
the higher level right. At this higher level, there are perhaps two major
message data models that can be used to transport user events.
1. Ideal Model (exploiting the User UUID and the property of idempotence):
In the ideal case, all downstream systems understand the User UUID as a
candidate key for a user within their own data stores. This facilitates a very
simple model of user event propagation.
On any user event that occurs within IAM (i.e., user creation, user deletion,
change of user attributes, provisioning or de-provisioning on an associated
system), a simple snapshot of the user's profile is all that needs to be
broadcast on the User Event Bus. Here's what this looks like:
Fig 51: Simple user event
