...
KIM Integration Model | Pros | Cons |
|---|
#1 (Internal DB) | - Out of box implementation
- No custom KIM service implementation
| - No IDM integration
- Must re-enter all person identity manually
- Must manually keep identity data synchronized
|
#2 (Data feed) | - Authoritative IDM source data is utilized
- No custom KIM service implementation
| - Must create a synchronization/push process
- Delay is source data propagation
|
#3 (Service - LDAP backed) | - Real-time data currency
- Authoritative IDM source data is utilized
- LDAP designed for quick searching and retrieval
| - Custom KIM service implementation
- LDAP data source must make all attributes available
- Requires good performing LDAP service
- Introduces external dependency for real-time data access
- There may be entities that KIM needs that don't exist in LDAP (must provide way to look these up elsewhere)
|
#4 (Service - DB backed) | - Real-time data currency
- Authoritative IDM source data is utilized
| - Custom KIM service implementation
- Database data source must make all attributes available
- Requires good performing database service with special tuning to enable quick searches
- Introduces external dependency for real-time data access
|
...
Institution | Identity | Group | Role/Permission/Responsibility* |
|---|
IU | #2 (10 minutes) | #1 & #2 (AD groups) | N/A |
CSU | #2 (nightly) | #1 | N/A |
Arizona | #3 | #1 | N/A |
SJD | #3 | #1 | N/A NPS |
Naval Post-Secondary | #3 | #1 | N/A |
UCD UC Davis | #3 | #1 | N/A |
UCM UC Merced | #4 | #1 | N/A |
Due to the complexity of the KIM type functionality, it is recommended that Role, Permission and Responsibilities services remain as the default KIM services. By utilizing KIM types you can integrate into other external systems rather than overriding these specific services.