The Penrose Project

• Overview
  • News
  • FAQ
  • Features
  • Licenses
  • Download
  • Demo
• Documentation
  • Quick Start
  • Version 1.2 (in development)
    • Complete
    • Server User Guide
    • Studio User Guide
    • Developer Guide
    • Embedding Penrose
    • Javadoc
  • Version 1.1 (stable)
    • Complete
    • Server User Guide
    • Studio User Guide
    • Developer Guide
    • Embedding Penrose
    • Javadoc
  • Use Cases
  • Community Wiki
• Developer
  • Nightly Builds
  • Code Repository
  • Road Map
  • Change Log
  • Project Management
• Support
  • WebChat
  • Forum & List
  • Bug/Feature Tracker
  • Team
  • Contact

Provisioning

Overview

Provisioning system facilitates the tasks of providing resources and services to the enterprise constituents (employees, customers, vendors, etc).

Provisioning service:

• Replicates local security credentials in a central repository
• Changes to the repository are executed in the managed domain
• Changes made in managed domain also applied to repository
• Every person added to the role will get correct access
• Deleting the central entity deletes all associated accounts
• Needs workflow to achieve maximum gains and include online authorisation of requests

Key requirements for Provisioning Applications:

• Workflow logic (rules, conditions, policies)
• Exception handling and routing of the workflow logic
• Data aggregation and integration of the provisioning rules with the data.
• Self-discovery of the set of relationships on which the provisioning rules can be applied.
• Enforcement of the workflow logic for the different data stores
• Results tracking of the provisioning process.

A traditional LDAP directory cannot meet these needs because the purpose of the enterprise directory is to authenticate users and it is distinctly different from that of the authoritative repository for user provisioning (storing and reporting profile and access control information about each user).
Combining authentication delivery with reporting delivery using a single repository will reduce performance for both.

A virtual directory, a relational database management system or another repository separate from the enterprise directory should become the authoritative repository of provisioning.