Beta 1

Title Implementering af Identity Management i Miljøministeriet
Author Johansen, Anders
Thiesen, Klaus Poul (Computer Science and Engineering, Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark)
Institution Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark
Thesis level Diplom thesis
Year 2008
Abstract Most companies have for many years integrated a lot of different IT-systems independently of each other. Commonly these systems don’t have interfaces to connect to each other, they use separate databases and are generally incompatible. The systems often have department specific functions; Human Resource management for the personnel department, Incident tracking for the IT department and so on. The same data is often stored across these systems, typically user identities and rights. These doublets of identities make proper management tiresome, because they often need to be manually changed in each system. There is a big chance of having a forgotten, ill-maintained system with expired user with full rights on it. Not only do these aspects pose a significant security risk, but also weighs down the IT-department, which probably can spend its time better on other tasks. The mentioned problems are very relevant in the Danish Department of the Environments (DOE) IT-department, the so called Center for Koncernforvaltning, Informatik department (CFK-I). The department uses a lot of time with simple user administration, not to mention the extra work that comes with wrongly created users, due to most of it being manually maintained. When changes to the organizational structure happens somewhere in the DOE, there is suddenly placed a lot of work on the people working with user administration. These people often are integral to other IT projects in the department, which in turn have to be postponed. To solve these problems the DOE’s IT-department has chosen to start an Identity Management (idM) project based on Microsofts “Identity Lifecycle Management Server” (ILM). The goal of the project will be to make a connection between systems that share data, reduce redundant users accounts and free up resources in the IT-department for development of other technologies. The core of the project, the ILM server, will synchronize between the main user database “Active Directory” (AD) and a process tool called “Omada Enterprise” (OE). The OE system will be the entry point for the creation of new users or changes to existing accounts. The ILM server will make this possible. With time the plan is to integrate ILM with a larger set of systems used in the DOE. To facilitate this, the project will run over several phases, to ensure compatibility and minimize loss of work hours. The solution has to be future proof and module based, so extensions to the system can be added with relative ease. To this end a large part of the project will be classifying data and flow of data across the different systems.
Series IMM-B.Eng.-2008-27
Original PDF dip08_27.pdf (0.67 MB)
Admin Creation date: 2008-12-22    Update date: 2008-12-22    Source: dtu    ID: 232414    Original MXD