Information Technology Reference
In-Depth Information
Appendix C - Special Case Example 1 (Multiplexing User
IDs)
Here is a problem that not every organisation would face, hence it is unlikely
to be addressed out-of-the-box by any commercial IAM product. The
bespoke solution (multiplexing) is interesting and may be more widely
applicable.
Let's say your organisation has a product system running on an old
mainframe. You are now required to open up the functionality of this system
to the web, to be accessed by B2C users (customers) through a pass-through
web application. (Notice that in LIMA terminology, the pass-through web
application is your protected application, while your mainframe is your
associated system. The mainframe is not directly exposed.)
Fig 58: Multiplexing User IDs
Your auditors demand that the activities of each individual customer be
tracked as they transact on this sensitive product system. However, the
mainframe-based system was never designed to deal with the hundreds of
thousands of online customers that are expected. It has severe restrictions
on the number of User IDs it can support, perhaps because the User ID field
only supports 4 numeric digits. It would cost too much to re-engineer this
legacy system to support a much larger number of users. What do you do?
One approach is to think about the number of concurrent users that are
expected to access the system. Perhaps this would be in the range of a few
thousand, compared to the hundreds of thousands of customers overall. The
solution then is to just provision this smaller number of users on the
mainframe, and record these as “temporary User IDs” within IAM, to be
treated as “access tokens” to the mainframe, handed out to B2C users as
they pass through the IAM gauntlet. When users complete their session or
log out (however you may define “logout” in a Single Sign-On environment),
you release these temporary User IDs back into the “pool” to be reissued to
 
Search WWH ::




Custom Search