Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The individual partial mechanisms can then be combined into a very complex and powerful configurations. The somehow extreme examples are perhaps meta-roles and higher-order inducements. Please have a look at OrgSync Story Test description to get an idea how complex configuration can be created by using just a handful of mechanisms.

...

  • Mappings and Expressions are used in many places in midpoint: Inbound Mapping, Outbound Mapping, Object Template, Correlation and Confirmation Expressions and we even use expressions inside expressions.
  • Synchronization policy is configured just once. Then the same policy is used by all the synchronization flavors such as live synchronization, reconciliation or discovery. It does not matter how a change was discovered. The reaction will always be consistent.
  • Roles and object templates can be applied to numerous types of objects, not just users. E.g. we can have roles that are applied to organizational units or even to roles itself (creating meta-roles).
  • The principle of outbound mappings is used both in resource definitions and in roles. The principles are the same.
  • Organizational structure can be reused for many purposes: formal functional organizational structure of a company (divisions, sections), project-based structure, ad-hoc teams, multi-tenancy, even for a simple groupings of objects for the purpose of delegated administration. Or all of that at once. The same principles are used.
  • Deltas are used mostly for normal computation of changes (e.g. in mappings). But they are also stored in the role requests that wait for an approval. Deltas are stored in shadows while they wait for a target resource to come back online. Deltas are used to re-start an operation after resolving an incosistency.
  • Roles are used mostly for provisioning. But the same roles are also used to hold internal midPoint authorizations. Therefore any kind of role approval process can also be applied to midPoint internal security. This also means that provisioning policies and internal midPoint policies can be defined in the same roles which simplifies the configuration. And there is one more reuse: the organizational units are considered to be also roles. So it is easy to assign an account, group or midPoint authorization to all members of an organizational unit.

...

  • The business model of Evolveum is strictly partner-based. We strongly believe that everybody should do what he does best. We are best at development of identity management software. So that's what we do. Our partners are best at designing IDM solutions, deploying them, counselling, identifying new customers, communicating with them and keeping them. And that's what our partners do. We support our partners and we do not compete with them.
  • MidPoint source code is open and the licence is one of the most liberal open source licenses available. Anyone can see source code, anyone can modify it and use it. MidPoint development process is also open. Our plans, roadmaps and designs are documented and publicly available. Therefore it is not only the anyone can see the source code but also anyone can understand it.
  • We are encouraging midPoint users to participate. Major features of several recent midPoint versions were planned and designed largely based on user feedback. We also encourage participation of developers outside of midPoint core team. We have chosen the tools that are appropriate for this kind of cooperation.
  • Complete documentation of midPoint is publicly available. It is maintained in the wiki form and we try to follow the encyclopedic style used by Wikipedia. We gladly grant write access to the documentation to any partner who is willing to help with documentation updates.
  • We have a great team. Really great. But it is a small team and it will remain small. We prefer efficiency, technological excellence and merit over world domination. And therefore we are more than aware that we cannot do everything. Therefore our plan is to cooperate with other software vendors that have similar mindset that we have. Our plan is to stick to identity provisioning. That's currently the missing piece as other existing products lacks either functionality, cost efficiency or both. When it comes to access management, directory services, compliance, analytics and other identity management subfields we prefer cooperation over competition. Our plan is to integrate with existing products on the market. We have created an Open Source Identity Ecosystem initiative to bootstrap this cooperation.

See Also

...