Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

MidPoint has strong synchronization features that includes ability to automatically correlate identities. Correlation expression is a simple but very powerful mechanism to correlate identities when reliable correlation identifier is present. This is common case in enterprise or government environments. But even in those environments there may be corner cases, omissions and typing mistakes. For example someone mistyped employee number when creating an account, employee numbers missing in older systems and so on. And there are big problems: How do we distinguish new employee from an employee that used to work here, left and came back? This usually cannot be correlated automatically as there is no global correlation identifier. Some countries issue country-wide identifiers of physical persons, but they use is often strictly limited. This problem is even more pronounced for organizations with less tight control over the identities such as universities, libraries and other academic organizations, not-for-profit organizations ad and so on.

Solution Outline

The situation may seem hopeless as there often is no way to implement completely automated and reliable identity correlation mechanism. But all hopes are not lost. Obviously, there needs be some manual interaction in the correlation mechanism. But midPoint can keep this manual interaction efficient and it can even automate some parts of the correlation process.

...

MidPoint can be improved to support manual identity correlation. In fact, this is something that we have expected almost since the beginning of midPoint development. For example there is a disputed synchronization situation. This situation is part of midPoint for years. But it was mostly considered to be a situation that indicates an error in a correlation expression. However, it was planned that this situation can be extended to indicate need for manual interaction. This situation can be supplemented with more information, such as (direct or indirect) list of candidate matches. Once again, such an extension was anticipated from the beginning and this was one of the reasons that midPoint has shadow objects. In that case correlation expressions or sorter can be used to determine the candidate matches. In case of multiple matches (or a single low-confidence match) the account will end up in disputed situation. Candidate matches will be recorded in the shadow object. MidPoint user interface can be extended to look for disputed correlation cases and present them to operator. The operator can then make manual decisions in an efficient manner.

...

Info
titleSynergy: Case Management

Manual correlation is a synergistic feature. It is designed to fit together with another planned midPoint feature: case management. Case management is mean meant to support cases that describe a unit of cooperative work. Users may delegate cases, may comment on them and may work together to resolve the case. Cases are planned to support many midPoint features where manual work is required from approvals and  and manual resources to remediation. Manual correlation is just another reuse of the same principle.

...