KIM Integration Model | Pros | Cons |
|---|
#1 (Internal DB) | - Out of box implementation
- No custom KIM service implementation
| - No IDM integration
- Must re-enter all person identity manually
- Must manually keep identity data synchronized
|
#2 (Data feed) | - Authoritative IDM source data is utilized
- No custom KIM service implementation
| - Must create a synchronization/push process
- Delay is source data propagation
|
#3 (Service - LDAP backed) | - Real-time data currency
- Authoritative IDM source data is utilized
- LDAP designed for quick searching and retrieval
| - Custom KIM service implementation
- LDAP data source must make all attributes available
- Requires good performing LDAP service
- Introduces external dependency for real-time data access
- There may be entities that KIM needs that don't exist in LDAP (must provide way to look these up elsewhere)
|
#4 (Service - DB backed) | - Real-time data currency
- Authoritative IDM source data is utilized
| - Custom KIM service implementation
- Database data source must make all attributes available
- Requires good performing database service with special tuning to enable quick searches
- Introduces external dependency for real-time data access
|