Distributed topology enabler for identity manager
First Claim
1. A method, comprising:
- searching, with a processor of a computer, a main Identity Manager (IM) node to discover other IM nodes;
interrogating each of the IM nodes to obtain a list of services supported by that IM node;
combining existing identity management information from a subset of the IM nodes that a user is allowed to access and that each host a subset of services;
in response to receiving a provisioning request to change the combined identity management information relating to an account;
issuing sub-requests generated from the provisioning request to one or more IM nodes that are to process the sub-requests in parallel and that are selected based on the list of services supported by each of the one or more IM nodes;
in response to determining that one IM node of the one or more IM nodes is not active, queuing a sub-request for the one IM node for later submission to the one IM node with a deferred status for the queued sub-request;
receiving a status of each of the sub-requests from each of the one or more IM nodes that has processed that sub-request;
combining the status of each of the sub-requests, including the deferred status; and
returning the combined status as a status of the provisioning request;
in response to receiving a request to view identity information for a person, retrieving the identity information from the main IM node;
in response to receiving a change to identity information for the person, issuing the change from the main IM node to the other IM nodes; and
updating an object stub in a directory server.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are techniques for combining existing identity management information from multiple Identity Manager (IM) nodes. The combined information from the multiple IM nodes is presented. A provisioning request to change the identity management information is received. The provisioning request is decomposed to form multiple, separate sub-requests. One or more IM nodes are identified to process the sub-requests. The sub-requests are issued to the one or more IM nodes in parallel. A status of each of the sub-requests is received from each of the one or more IM nodes that is processing that sub-request. The received statuses are combined. The combined statuses are returned as a status of the provisioning request.
24 Citations
15 Claims
-
1. A method, comprising:
-
searching, with a processor of a computer, a main Identity Manager (IM) node to discover other IM nodes; interrogating each of the IM nodes to obtain a list of services supported by that IM node; combining existing identity management information from a subset of the IM nodes that a user is allowed to access and that each host a subset of services; in response to receiving a provisioning request to change the combined identity management information relating to an account; issuing sub-requests generated from the provisioning request to one or more IM nodes that are to process the sub-requests in parallel and that are selected based on the list of services supported by each of the one or more IM nodes; in response to determining that one IM node of the one or more IM nodes is not active, queuing a sub-request for the one IM node for later submission to the one IM node with a deferred status for the queued sub-request; receiving a status of each of the sub-requests from each of the one or more IM nodes that has processed that sub-request; combining the status of each of the sub-requests, including the deferred status; and returning the combined status as a status of the provisioning request; in response to receiving a request to view identity information for a person, retrieving the identity information from the main IM node; in response to receiving a change to identity information for the person, issuing the change from the main IM node to the other IM nodes; and updating an object stub in a directory server. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer program product for identity information management, the computer program product comprising:
-
a non-transitory computer readable storage medium having computer readable program code embodied therewith, wherein the computer readable program code, when executed by a processor of a computer, configured to perform; searching, with a processor of a computer, a main Identity Manager (IM) node to discover other IM nodes; interrogating each of the IM nodes to obtain a list of services supported by that IM node; combining existing identity management information from a subset of the IM nodes that a user is allowed to access and that each host a subset of services; in response to receiving a provisioning request to change the combined identity management information relating to an account; issuing sub-requests generated from the provisioning request to one or more IM nodes that are to process the sub-requests in parallel and that are selected based on the list of services supported by each of the one or more IM nodes; in response to determining that one IM node of the one or more IM nodes is not active, queuing a sub-request for the one IM node for later submission to the one IM node with a deferred status for the queued sub-request; receiving a status of each of the sub-requests from each of the one or more IM nodes that has processed that sub-request; combining the status of each of the sub-requests, including the deferred status; and returning the combined status as a status of the provisioning request; in response to receiving a request to view identity information for a person, retrieving the identity information from the main IM node; in response to receiving a change to identity information for the person, issuing the change from the main IM node to the other IM nodes; and updating an object stub in a directory server. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system, comprising:
-
a processor; and non-transitory storage coupled to the processor, wherein the storage stores a computer program, and wherein the processor is configured to execute the computer program to perform operations, the operations comprising; searching, with a processor of a computer, a main Identity Manager (IM) node to discover other IM nodes; interrogating each of the IM nodes to obtain a list of services supported by that IM node; combining existing identity management information from a subset of the IM nodes that a user is allowed to access and that each host a subset of services; in response to receiving a provisioning request to change the identity management information relating to an account; issuing sub-requests generated from the provisioning request to one or more IM nodes that are to process the sub-requests in parallel and that are selected based on the list of services supported by each of the one or more IM nodes; in response to determining that one IM node of the one or more IM nodes is not active, queuing a sub-request for the one IM node for later submission to the one IM node with a deferred status for the queued sub-request; receiving a status of each of the sub-requests from each of the one or more IM nodes that has processed that sub-request; combining the status of each of the sub-requests, including the deferred status; and returning the combined status a status of the provisioning request; in response to receiving a request to view identity information for a person, retrieving the identity information from the main IM node; in response to receiving a change to identity information for the person, issuing the change from the main IM node to the other IM nodes; and updating an object stub in a directory server. - View Dependent Claims (12, 13, 14, 15)
-
Specification