IBM Security Identity Governance and Intelligence, Version 5.2

Complete Architecture of the IBM Security Identity Governance Integration Interface

The IBM® Security Identity Governance and Intelligence architecture includes all branches that allow the AG Core module to interface with all types of external systems.

Figure 1. IBM Security Identity Governance and Intelligence II overview

IBM Security Identity Governance II overview

The diagram displays the interface tables and three distinct flows:

Read-from (flow 1)
Write-to (flow 2)
Synchronization (flow 3)

Events that are generated during propagation of information to the three branches are classified in the input events (EVENT_IN), output events (EVENT_OUT), and synchronization events (EVENT_TARGET). The table ORGUNIT_ERC contains a copy of the organization unit data that is registered in the personal data system. The function of this table is identical to that of USER_ERC.

Another important element that is shown in the figure is the ECONN module layer. Through all the previously outlined branches, this module is involved in communications and alignment between the AG Core centralized DB and the peripheral target systems.

However, the logical behavior of the II is not dependent on the presence of an ECONN layer.

The following list is a brief summary of the three branches:

Read-from: Each change that is made to data in the personal data target systems is copied to the USER_ERC for a user or ORGUNIT_ERC for an OU in the input interface. This action generates a new event in the input events table. The event contains the minimum information that is required to reconstruct what was modified. The input RE takes responsibility for the event. It applies the input rules and, if there are no processing problems, communicates the information to the AG Core, which can then be aligned.

Write-to: Each change that is made to data in the AG Core generates a new event in the output events table. The event contains the minimum information that is required to reconstruct what was modified. The output RE takes responsibility of the event. It applies the output rules and, if there are no processing problems, communicates the information to the output interface. The output interface then propagates the information to the target system, which can then be aligned.

Synchronization: Each change that is executed on data in any of the authoritative target systems generates a new event in the EVENT_TARGET table. The event contains the minimum information that is required to reconstruct what was modified. The inconsistency RE takes responsibility for the event. It applies the inconsistency rules and, if there are no processing problems, aligns the AG Core.