Re: [SAGE] Sun IdM?

[Amos <amos+lists.sage@utdallas.edu>]

-- Darrell Fuhriman said the following on 1/5/06 3:54 PM:
> 
> And another University joins the fray. :)

I don't know if a generic EDU IdM list would be of benefit.

> We're currently in the middle of a pretty large implementation of
> Sun IdM -- connecting SCT Banner, Luminis, our Enterprise LDAP,
> and AD.
> 
> I think there are quite a few Universities around that are in the
> same place.
> 
> What sort of questions did you have?

Well, in terms of the packaged IdM tool from Sun, things like: how
flexible is it when it comes to customizing local business logic for
account aging? We currently employ a gradual "aging" of account access
privs until the account is ultimately removed. I imagine the Sun product
offers a means to customize that?

Though the mechanism is a bit klugy, we also do some resource
provisioning based upon account sponsor. This includes the location of 
the home directory, whether it be on the central IT filesystems or on a 
departmental filesystem that might exist. I have concerns that this sort 
of resource provisioning might be difficult if not impossible in a 
"canned" solution like that from Sun.

> I would say that Identity Management is *hard*.  :)

That's why I'm not terribly interested in doing it over even if it is 
less than perfect. However, there are other risks with in-house 
developed stuff.

Amos