Evolveum's commitment to evolution and innovation emerged into natural cooperation with Academia. We strive to combine past experience and expertise with modern theoretical findings. We avoid repeating the same mistakes from the past by exploring new approaches, where theoretical research is a foundation for future improvements. Through the volunteers, mostly students (bachelors, masters, engineers, phds), we lay down theoretical basis for future development. When the results from the research are proven to be usable in practice then we are trying, again preferably with student cooperation, to "productize" them.
Cooperation with universities and educational organizations
- Faculty of Information and Informational Technologies, Slovak University of Technology, Bratislava
- Technical university of Kosice, Slovakia
- Faculty of Mathematics, Physics and Informatics at Comenius University, Bratislava, Slovakia
- Faculty of Economic Informatics at University of Economics in Bratislava, Slovakia
- Zealand Institute of Business and Technology (Erhvervsakademi Sjælland), Denmark: Student internship in order to apply a student's knowledge in practice and support the development of student's ability and creativity to solve tasks.
If you are interested in starting cooperation with us, please do not hesitate to contact us.
Currently available thesis topics
- Diploma Thesis: Return of investment calculation for Identity Management solution
- Design a model that would estimate the economic properties of a proposed identity management solution. The model should be able to estimate return of investment, total cost of ownership and also other economic properties.
- Diploma Thesis: Employee cost calculation from IT point of view
- Design a model that is using data from an identity management system to estimate the cost of services for a specific employees and/or employee groups. E.g. the model should be able to calculate the cost of services provided by IT department to other departments. The IDM system can provide reasonably reliable data about the service usage, licensing cost and also the data about sharing of system operational cost which may lead to a better cost data.
- Bachelor Thesis: Identity provisioning into cloud environments
- Bachelor Thesis: Analysis of application problems and automatic resolution proposals
- Design and create a system that will be able to automatically suggest a solution to software problems. E.g. it should be able to analyze log records that are copied to the system by an engineer. The system should be able to look through a knowledge base, mailing lists, documentation and other resources. It should be able to suggest a solution based on the retrieved information, suggest a correct documentation or at least provide a list of relevant resources to investigate.
- Smart audit log analysis
- Design and prototype a system that processes audit log records and provides a practical and convenient tools for (forensic) analysis of the records. It should be able to correlate related records and present them in a meaningful way. The system should be able to answer questions such as "what access privileges an employee had three months ago?", "Who has access to this part of a system a week ago?". The system should also be interactive, e.g. it should be able to quickly search through the records, refine the searches and so on.
- Role life-cycle management
- Design and prototype a model for a complete life-cycle of RBAC roles. The solution should be able to manage the life-cycle from role definition proposal, approvals, deployment, reviews and decommission. The system should be able to estimate the impact of new or changed role definition on existing system, it should be able to estimate risks. The solutions should enforce regular role reviews and so on.
- Integrated Development Environment (IDE) for Identity Management
- Design and create an interactive system that can be used for efficient customization and development of Identity Management solution. The system should be based on Integrated Development Environment (IDE) principles and in fact could be implemented as a set of plug-ins for existing IDEs (such as Eclipse). The system should efficiently support the tasks frequently done during IDM solution desgin, customization, testing and deployment.
- Role Mining
- Design and prototype a system that will use data from existing Identity Management system to search for patterns and propose improvements in RBAC structure. The system should be able to propose new roles or changes to existing roles. E.g. it should analyze groups of users with similar attributes and/or access rights.
- Visualisation of Identity Management system configuration
- Design and create a subsystem that will visualize configuration of Identity Management (IDM) system. The IDM systems deal with synchronization of data among many sources and targets. Create a subsystem that can visualize the data path and transformations along the paths. Such subsystem should be aimed at system administrators that review and update the configuration therefore it should be able to (at least partially) modify the configuration or at least point to the IDM native configuration tools. The secondary goal is to support diagnostics therefore it should also contain some debugging and data visualization tools. The suggested form of solution is interactive Web application or an IDE plugin.
- Identity provisioning with OAuth
- The OAuth-based protocols (OpenID Connect, UMA) are a good choice for cloud access management. But they almost completely lack the identity management features. There is no way how to synchronize identities, how to deprovision or pre-provisioning accounts, no mechanisms that would support reasonable local cache coherency, etc. The goal is to extend the OAuth protocol with an identity management functionality and implement a prototype. The ideal environment for the prototype would be a ConnId connector in midPoint.
Work in progress thesis
- Diploma Thesis: Identity management among organizations, Erik Suta, started 2013
- Diploma Thesis: Schema-based generation of a data manipulation layer, Tomas Zboja, started 2012
Abstract: Thesis analyzes various languages for schema description. It analyzes them in various fields: construction, extensibility, extension, and also their usability.
Furthermore it compares these languages and identifies requirements of identity management, and the compliance with the analyzed languages. This thesis also indicates the suitability of the languages for identity management problem.
- Diploma Thesis: Intelligent identity information processing, Tomas Jendek, started 2012
Abstract: Identity management provides managing user’s information in various systems, their access rights and accounts. These information are usually stored in various heterogeneous databases or identity stores. Analyzing and maintaining these data is complicated because of data incompleteness and inconsistency.
Identity management systems deals with integration of user’s accounts and access rights, usually stored in various identity stores. In the thesis we explain main principles of identity management systems and main technologies. Later we describe methods for data correlation and compare four existing systems with focus on correlation mechanisms.
Student Success Stories
Performance Monitoring of Java Applications
Author: Erik Suta
Type: Bachelor Thesis
Work on my bachelor thesis was closely linked with Java platform, specifically its performance and profiling. I have managed to implement a prototype - simple client-server profiling tool, which introduced popular profiling features such as profiling of only selected methods or selection of aspects of java application performance which would be monitored. One completely new profiling method, profiling based on method parameter values, was also introduced. I have successfully defended my thesis (angel) and received praise for exceptional thesis by the Dean of our faculty, FIIT STU (Faculty of Information and Informational Technologies, Slovak University of Technology, Bratislava) in June 2013.
In September 2013, I have partially integrated the results and ideas from my BP into our identity management software, midPoint. This partial implementation is available since midPoint version 2.2.1. In version 3.0 (planned for May 2014), midPoint will contain full implementation of profiling subsystem based on my bachelor thesis. Of course, the implemented profiling subsystem is vastly different from prototype implemented in bachelor thesis, mainly because it was designed specifically for midPoint purposes.
Main differences are:
• Thesis used external java agent to connect to profiled application and then collected performance information using dynamic runtime bytecode injection and JMX. In midPoint, we are still using JMX, but the need for external agent is not present here and we are using build-in AspectJ profiling module to collect performance information.
• Thesis used sockets to transfer profiling information to server, where they were evaluated and published. In midPoint, profiling information are partially evaluated by midPoint itself and then published in the logs. To perform detailed analysis, we use special external tool. This step was taken for simple reason – to overcome performance overhead that is linked with all profiling tools. Profiling in midPoint causes almost none or very low profiling overhead.
If you are interested in reading my bachelor thesis, you can do it here: BT_Java_performance_monitoring_12/13.pdf
If you are interested in midPoint implementation of concepts described in my bachelor thesis, please refer to development documentation (bear in mind, that the implementation is still in progress) or if you want to use it yourself, refer to profiling configuration in administration interface.
Consistency in Identity Management
Author: Katarina Valalikova
Type: Diploma Thesis
The aim of my diploma thesis was to find a way how to ensure the consistency between different databases/systems in the field of identity management. I designed the algorithm which was influenced by three basic principles:
- relative changes,
- CAP Theorem,
The mechanism tries to minimize risk of inconsistencies and if they even happen, it tries to reasonably react and bring the data to the consistent state. This proposed mechanism was implemented and tested in one of the open-source identity management solution called midPoint. After I successfully defended my diploma thesis I started to enhance the mechanism to be usable also in the real deployments. Some of the improvements were made and today, the mechanism is part of the midPoint product since version 2.1.
I received a praise of the dean of the faculty and I was also suggested for the dean price. My diploma thesis was also selected as one of the top 10 diploma thesis of all diploma theses in the school year (2011/2012) and you can find my diploma thesis in the gallery of the best from Czech and Slovakia (http://www.acm-spy.cz/index.php?cid=13&rocnik=2012 topic: "Konzistencia údajov pri správe podnikových identít") and full text is available here: http://www.acm-spy.cz/data/gallery2012/acmspy2012_submission_16.pdf
Description of consistency mechanism which is practically used in midPoint can be found in the section Consistency Mechanism.