Hi, Alan
Not sure if that's a rhetorical question, but I'll add my own rhetoric ;-)
Sounds like we're in a similar position.
Migrating our ID card integration to FIM will be probably be done in an early phase, as it's easy to separate (it was intentionally loosely-coupled).
Interesting that you should mention timeliness; one of the features I wanted from a replacement IDM was near-real-time updates - which isn't really FIM's strength! (Our current IDM still has some nightly batch feeds from our upstream student and employee databases, and we wanted a mechanism to improve that).
However, as soon as the IDM is made aware of changes (be it via overnight import; frequent polling of the card database; interactive user self-service or via the administrative web interface), changes are pushed to card consumer systems every 10 minutes. This frequency is arbitrary and could easily be more increased (given that we're only talking about small deltas), but it seems reasonably fit for our current purposes. Somewhat relevant here is a minor bit of common-sense consumer protection: we stop the "liability clock" at the time a card was reported lost (by capturing a timestamp - along with an optional customer-supplied crime number), irrespective of how long the change takes to work its way round our systems.
One area we will be improving is photo management, as new/updated photos are currently imported hourly (in practise, this isn't a show-stopper as new cards can always be issued with a photo which is taken with a web-cam there and then).
Best wishes,
Steve
-----Original Message-----
From: Discussion for MS IDM tools liks ILM and FIM [mailto:[log in to unmask]] On Behalf Of Alan Braley
Sent: 20 March 2013 17:41
To: [log in to unmask]
Subject: Re: ID Card management
Hi Steve,
Thanks for responding.
We currently do card management and identity management in a system that has been built in-house on an Oracle database. It keeps track of all the card data and pushes out changes to the dependent systems: library, doors, car-parks, cashless catering, sports centre etc. It provides an interface for manual input and also an output for user account creation in our directories.
So very much the heart of our current identity management.
FIM is capable of all of these functions, but with respect to ID cards there is an issue of getting status information; e.g. re-issues due to loss or theft, passed to the dependent systems in a timely manner. Is it reasonable to use FIM as the hub and have management agents to connect with the card dependent systems? Cycling through MA's means updates to these consumers of card data will not be instantaneous, but perhaps good enough?
Alan Braley
Service Owner for Identity Management & eMail
University of Warwick
___________________________________________________________
This email has been scanned by MessageLabs' Email Security
System on behalf of the University of Brighton.
For more information see http://www.brighton.ac.uk/is/spam/
___________________________________________________________
___________________________________________________________
This email has been scanned by MessageLabs' Email Security
System on behalf of the University of Brighton.
For more information see http://www.brighton.ac.uk/is/spam/
___________________________________________________________
|