Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This feature is partially implemented by the ability to include custom form in approval GUI that can be used to fill out user profile. But that is not yet a complete feature as this is only aimed at administrators. There is no support for user to fill out the missing data.

This also relates to Management of Lawful Bases for Data Processing (GDPR) and Data Provenance, e.g. we may need to make erasure of the entered data once there is no longer need to process that data.

Self-service management of orgs

TODO: MidPoint has quite a nice set of features for organizational management and especially delegated organizational management (see Authorization). However, the user interface is mostly concerned about enterprise use cases and power users that maintain the organizational structure.

The idea is to make org management more "democratic" or "ad-hoc" approach to org management

...

. E.g. we would like an ability for every user to create an ad-hoc work group. The user that creates the group will become an owner and manager, he can add more owners and managers, add members and so on. This process should be lightweight, it should scale well and it should be available for almost all ordinary users.

The tricky part is that those ad-hoc groups may need special parameters or data. But that can be solved by improvements to parametric roles and/or archetypes.

User relationships

TODO: contacts: family, friends

TODO: invites

Smart identity merge/split

Traditional IDM approach is to gather all identity data, correlate them with existing database and decide about identity matching at the time of new user enrollment.

But that method will cease to work as we will go deeper to progressive user profiles. We may not have enough data to correlate a user at the beginning - and we may not even want to do it (e.g. for data protection reasons).

The right moment to merge identities may come way later. At that moment the identities may be operating independently for quite some time. Therefore we may need to do some kind of smart identity merge, most like a user-assisted identity merge. E.g. user may "proof" the merge by logging in into both accounts.

There will be mistakes in the merge process. Therefore there may be a need for identity split. While merge will not be easy, split may be even more difficult.

See Also