Service type management

A service type is a category of related services that share the same schemas. It defines the schema attributes that are common across a set of similar managed resources.

Overview

Service types are profiles, or templates, that are used to create services for specific instances of managed resources. For example, if you have several Lotus® Domino® servers that users need access to, you might create one service for each Lotus Domino server using the Lotus Domino service type. In previous versions of IBM® Security Identity Manager, a service type is referred to as a service profile.

Some service types are installed by default when IBM Security Identity Manager is installed. Other service types can be installed when you import the service definition files for adapters for managed resources. A service type definition is provided by the Security Identity Manager Adapter for a managed resource. There is a service type for each type of managed resource that Security Identity Manager supports, such as UNIX, Linux®, Windows, IBM Security Access Manager, and so on.

A service type is defined in the service definition file of an adapter, which is a Java™ Archive (JAR) file that contains the profile. The service type for an adapter is created when the adapter profile (JAR file) is imported. For example, a service type is defined in the WinLocalProfileJAR file. You can also define a service type using the interface for Security Identity Manager.

Security Identity Manager supports the following types of service providers:

DAML for Windows Local Adapter, Lotus Notes® Adapter, and so on
IDI (IBM Security Directory Integrator for UNIX and Linux adapters)
Custom Java class for defining your own implementation of a service provider
Manual for managing user-defined “manual” activities

Default service types

The following default service types are provided with Security Identity Manager:

Identity feed service types:

DSML: A Directory Services Markup Language (DSML) Identity Feed service imports user data, with no account data, from a human resources database or file and feeds the information into the Security Identity Manager directory. The service uses a placement rule to determine where in the organization a user will be placed. The service can receive the information in one of two ways: a reconciliation or an event notification. This service is based on the DSML Identity Feed Service Profile.
Note: DSMLv2 is deprecated in Security Identity Manager Version 5.0 in favor of the remote method invocation (RMI)-based IDI adapter framework. The use of DSMLv2 continues to be supported in this release.
AD: The AD Identity Feed Service imports user data from Windows Active Directory. The organizationalPerson objects are fed into Security Identity Manager and add or update users to Security Identity Manager. The user profiles selected from this service must have an objectclass that is derived from the organizationalPerson class.
CSV: The CSV Identity Feed Service imports user data from a comma-separated value (CSV) file and adds or updates users to Security Identity Manager. The CSV file contains a set of records separated by a carriage return/line feed (CR/LF) pair (\r\n). Each record contains a set of fields separated by a comma. If the field contains either a comma or a CR/LF, the comma must be escaped with double quotes as the delimiter. The first record in the CSV source file defines the attributes provided in each of the following records. Attributes must be valid based on the class schema for the selected person profile for this service.
IDI Data Feed: The IDI Data Feed service type uses the Security Directory Integrator to import user data, with no account data, into Security Identity Manager and to manage accounts in the Security Identity Manager data store on external resources. This service is based on the IDI Data Feed Service Profile.
INetOrgPerson: The INetOrgPerson Identity Feed imports user data from the LDAP directory. The inetOrgPerson objects are loaded and add or update users in Security Identity Manager.

Account service types:

Security Directory Integrator-based

This service type can be optionally installed during the installation of Security Identity Manager. All these are Security Directory Integrator-based adapters; each is a specific service type. Security Directory Integrator is one type of service provider. There can be multiple service types defined for the same type of service provider.

ITIM Service

The ITIM service type is used to create accounts in the Security Identity Manager system and represents the IBM Security Identity Manager Server itself. This is a standard service with no configuration parameters. All users that need access to the Security Identity Manager system must be provisioned with a Security Identity Manager account.

Hosted Service

The Hosted Service type is used to create a service that is a proxy to the hosting service that is residing in the service provider organization.

The hosted service connects to the managed resource target through the hosting service indirectly. The configuration details of the hosting service is invisible and protected from administrators in the secondary organization where the Hosted Service is defined. Administrators can define policies for the hosted service, specifically, without affecting the hosting service.

The primary usage of a Hosted Service is to allow users in business partner organizations to have accounts and access to internal IT resources of an organization and to allow administrators in the secondary organization to define specific service policies for the user accounts.

Custom Java class

The custom Java class service type allow you to define your own profile by defining and implementing a Java class.