Onboarding resources to an identity management system

US 9,015,204 B2
Filed: 07/15/2009
Issued: 04/21/2015
Est. Priority Date: 07/15/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A method of onboarding in an identity management system, comprising:

discovering native object fields for identity management, wherein the fields are in an object schema of a resource to be onboarded into the identity management system;

marking fields in the object schema of the resource with semantic markers corresponding with fields of provisioning objects in the identity management system, wherein the semantic markers are organized in an ontology having a plurality of specificity levels of increasing specificity to provide generic to specific relations of definition between the semantic markers;

mapping the fields in the object schema of the resource to one or more provisioning objects of an identity management system profile including,directly matching the fields of the object schema having the same markers as the fields of the provisioning objects for a selected specificity level of the plurality of specificity levels in the ontology to create matched fields and unmatched fields;

increasing the specificity level of the selected specificity level to an increased specificity level; and

directly matching the unmatched fields of the object schema having the same markers as the fields of the provisioning objects for the increased specificity level; and

enabling deployment from a generated deployment mapping from mapping the fields to add the resource to the identity management system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A process of onboarding a resource into an identity management system is disclosed. The identity management system is configured to connect users with resources and manage user identities and security entitlements of the connected resources. The process of onboarding a resource includes marking or tagging resource fields with semantic markers.

Citations

20 Claims

1. A method of onboarding in an identity management system, comprising:
- discovering native object fields for identity management, wherein the fields are in an object schema of a resource to be onboarded into the identity management system;
  
  marking fields in the object schema of the resource with semantic markers corresponding with fields of provisioning objects in the identity management system, wherein the semantic markers are organized in an ontology having a plurality of specificity levels of increasing specificity to provide generic to specific relations of definition between the semantic markers;
  
  mapping the fields in the object schema of the resource to one or more provisioning objects of an identity management system profile including,directly matching the fields of the object schema having the same markers as the fields of the provisioning objects for a selected specificity level of the plurality of specificity levels in the ontology to create matched fields and unmatched fields;
  
  increasing the specificity level of the selected specificity level to an increased specificity level; and
  
  directly matching the unmatched fields of the object schema having the same markers as the fields of the provisioning objects for the increased specificity level; and
  
  enabling deployment from a generated deployment mapping from mapping the fields to add the resource to the identity management system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 19)
- - 2. The method of claim 1 comprising maintaining a catalogue with semantic markers organized to provide syntactic composition relations between catalogue concepts;
    - and wherein the marking of the fields comprises selecting markers from the catalogue.
  - 3. The method of claim 2, wherein the catalogue is expressed as an ontology.
  - 4. The method of claim 3, wherein the ontology is expressed in a resource description framework vocabulary.
  - 5. The method of claim 1 comprising:
    - retrieving a native object schema of the resource.
  - 6. The method of claim 1 comprising:
    - selecting native objects and object fields of the resource for projection as provisioning objects.
  - 7. The method of claim 6 comprising:
    - annotating projected native schema fields by marking with the semantic markers of conveyed values.
  - 8. The method of claim 7 comprising:
    - refining annotations to include more specificity than the conveyed values.
  - 9. The method of claim 7, wherein the provisioning objects are mapped to fields in the identity management system profile.
  - 10. The method of claim 4, wherein the mapping includes:
    - searching the catalogue for compositions that are satisfied from profile object fields and wherein any unmapped fields are refined.
  - 19. The method of claim 1 wherein enabling deployment includes establishing a connection between the identity management system and the resource and beginning provisioning and reconciliation.

11. A non-transitory computer-readable storage medium tangibly storing computer-executable instructions for controlling a computing device in an identity management system, the computer-executable instructions comprising:
- instructions for discovering object fields for identity management, wherein the fields are in an object schema of a resource to be onboarded into the identity management system and converting the object schema to a resource specific ontology;
  
  instructions for selecting fields and tagging value significance with semantic markers corresponding with fields of provisioning objects in the identity management system, wherein the semantic markers are organized in a provisioning ontology having a plurality of specificity levels of increasing specificity to provide generic to specific relations of definition between the semantic markers;
  
  instructions for generating a connector map and a deployment map between the fields and the provisioning objects based on the value significance, including,instruction for directly matching the fields having the same markers as the fields of the provisioning objects for a selected specificity level of the plurality of specificity levels in the provisioning ontology; and
  
  instructions for increasing the specificity level of the selected specificity level to an increased specificity level;
  
  instructions directly matching unmatched fields of the object schema having the same markers as the fields of the provisioning objects for the increased specificity level; and
  
  instructions for enabling deployment from a generated deployment mapping from mapping the fields to add the resource to the identity management system.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The non-transitory computer-readable storage medium of claim 11, wherein the resource specific ontology is expressed as a resource description framework schemata or a web ontology language.
  - 13. The non-transitory computer-readable storage medium of claim 11, wherein the instructions for selecting fields include instructions for viewing the discovered schema and choosing relevant native fields to be managed with the identity management system.
  - 14. The non-transitory computer-readable storage medium of claim 11, where the instructions for generating the connector map and the deployment map include instructions for saving the connector map and the deployment map into a memory of the identity management system.
  - 15. The non-transitory computer-readable storage medium of claim 11, wherein the instructions are implemented as a web-based onboarding tool.

16. An identity management system configured to onboard a resource in an enterprise computing system, comprising:
- a computer system having a processor and a memory wherein the computer system is configured to couple a user to a selected resource of the enterprise and to onboard resources;
  
  wherein the resource includes resource fields in a resource schema for identity management;
  
  wherein the memory includes a catalogue having semantic markers organized in an ontology having a plurality of specificity levels of increasing specificity to provide generic to specific relations of definition between the semantic markers;
  
  wherein the resource fields are marked with semantic markers of conveyed values;
  
  wherein the resource fields having the same markers as the fields of provisioning objects are directly matched together for a given specificity level of the plurality of specificity levels in the ontology;
  
  increasing the specificity level of the selected specificity level to an increased specificity level;
  
  directly matching unmatched fields of the object schema having the same markers as the fields of the provisioning objects for the increased specificity level; and
  
  wherein deployment is enabled from a generated deployment mapping from the matching to add the resource to the identity management system.
- View Dependent Claims (17, 18, 20)
- - 17. The identity management system of claim 16 including:
    - an application utility accessible by an owner of the resource and an administrator of the identity management system to include the memory with a map of a correlation between native object fields of the resource and the identity management system.
  - 18. The identity management system of claim 17, wherein the computer system is coupled to the resource and the user through a network, and wherein the application utility is network based.
  - 20. The identity management system of claim 16 wherein the resource schema is described as an ontology.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Booth, David, Williams, Stuart, Rouault, Jason, Kisielewicz, Marek, Mukerji, Jishnu
Primary Examiner(s)
Nguyen, Loan T

Application Number

US12/503,794
Publication Number

US 20110016162A1
Time in Patent Office

2,106 Days
Field of Search

None
US Class Current

707/803
CPC Class Codes

G06F 16/81 Indexing, e.g. XML tags; Da...

G06F 21/604 Tools and structures for ma...

Onboarding resources to an identity management system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Onboarding resources to an identity management system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links