Search This Blog

Friday, July 30, 2010

OIM Architecture

I've been working with OIM for the last two months and found to be a powerful tool among the identity and access management tools. Thought of exploring the architecture part a bit. Lets see how can I corelate it with the real time screens.




The presentation layer has an administrative console and Web console. Admin console helps to run several background tasks, while the web console helps to manage the users, mangage their user profiles, resource profiles etc.



User ID creation task can be an example of several tasks that can be run from the admin console. If you want to view the User profile of an employee, like viewinf the profile in PeopleSoft, then web admin interface helps to manage the same.



Because both the Administrative and User Console and the Design Console are highly dynamic, the Dynamic Presentation Logic tier guides the content displayed on these interfaces.The second tier implements the business logic that resides in Java Data Objects. These objects are managed by the supported J2EE application server (JBoss Application Server, BEA WebLogic Server, IBM WebSphere Application Server, and Oracle Application Server). The Java Data Objects implement the business logic of the Oracle Identity Manager application; however, they are not exposed to any methods from the outside world. To access the business functionality of Oracle Identity Manager, you can use the API layer in the J2EE infrastructure, which provides the lookup and communication mechanism.

The Business Logic tier is implemented as an Enterprise JavaBeans (EJB) application.The following are the components of the Business Logic tier.



Application Server

The application server on which Oracle Identity Manager runs provides life cycle management, security, deployment, and run-time services to the logical components that constitute Oracle Identity Manager. These services include:
Scalable management of resources
Transaction management
Security management
Client access

Technology resources

Consider a scenario of having a trusted source as HCM. When ever a new employee is created in HCM, the data should flow to IMS. It can be done using the IB messaging system. Write a code under the job data save postchange code (which is not highly recommended), or can create an application engine process which will publish the messages to OIM, at every now and then. The rest of the feature implementation depends on the clients requriement.



A requirement example for using IMS.



Say the client needs a central application to manage the access and identity across their company. IMS can be a one place administration point from where all the other resources like HCM, FSCM, EPM, ELM, portal and every other resources are controlled and maintained. The access provision, we know, in peoplesoft is all about managing the roles. Based on the client policies the role deletion and addition in all there mentioned resources can be done from IMS.



Being new to this tool, I have lot more areas to explore. Consider, this as an overview about the same.

No comments:

Post a Comment