Information Technology Reference
In-Depth Information
loosely-coupled for maximum flexibility. These aspects are described
below.
Implement user provisioning to applications downstream of IAM using
an event notification mechanism rather than tightly-coupled service
calls. To make them future-proof, keep the “user event” messages
generic rather than tailored to each downstream application. Using
persistent messages, durable subscriptions and listeners on all target
applications, changes to user data can be managed across the enterprise
in a flexible, reliable and robust manner. Applications can be added or
decommissioned at any point in the system's lifetime without any
downtime.
Make your provisioning messages idempotent, for a really simple
reliability mechanism. The ability to retry an operation without danger
of duplication is very powerful and liberating.
Where responses are required from downstream systems, use the same
notification mechanism with separate “user event acknowledgement”
messages that only IAM listens for.
Errors encountered by downstream systems when processing user
events must be handled in a decoupled way. A separate error reporting
mechanism, even a separate error queue, is preferable. User event
notification, acknowledgement responses and errors are not to be
treated as they would be in synchronous request/response systems.
This is an important aspect of loose coupling that keeps the Identity
Management solution simple and modular.
These are the basic ingredients of a cost-effective IAM solution, and we will
describe and explain them in detail in the rest of this document.
The following diagrams illustrate the logical and physical components of
LIMA.
