 | Level: Intermediate Chris Choi (chrichoi@au1.ibm.com), IT Specialist, IBM
Christopher Hockings (hockings@au1.ibm.com), IT Specialist, IBM
04 Mar 2008 As part of compliance requirements, organizations are required to perform attestation of a user's entitlements for access to systems. This process usually requires a responsible party (for example, the user's manager) to assert that the user continues to require access to a particular system. IBM® Tivoli® Identity Manager (ITIM) provides account attestation as part of its core functionality, and hence can implement complex attestation requirements. However, setting the attestation for a large number of target systems can be a chore. In addition, when a responsible party is asked to perform attestation for many users of a system as part of a continuous attestation cycle, the task becomes laborious. This tutorial gives the reader some methods for scaling attestation from a manageability perspective, using features available within ITIM 5.0.
In this tutorial
This tutorial provides tricks to simplify the steps that are required to create many like services and how to configure the attestation processes for the accounts on these systems. We begin by giving you an overview of the features of ITIM that are used in the tutorial, and then we follow this with a real implementation of managing attestation of accounts on a large number of like systems.
Prerequisites
This tutorial is written for ITIM specialists, whose skills and experience should be at the intermediate level. You should have general experience with deployment of ITIM within a customer environment.
You should have some experience with writing Java™ applications. It's highly recommended that you study
the ITIM application API documentation at <itim_install_dir>/extensions/doc/applications/applications.html and the example applications at <itim_install_dir>/extensions/examples/apps. This documentation provides valuable insight into the operation of the ITIM APIs used in this tutorial.
| | | |
