Services and Things

Evolveum midPoint is a very comprehensive system. It can manage identities, roles and organizational structures. Simply speaking it can manage anything that is at least marginally related to the concept of identity. Yet until quite recently support for one broad area was missing and it was added in midPoint 3.4. Now midPoint can also manage mobile devices, servers, printers, sensors, deployment units, network elements, application components, …
anything that can be described by a generic term service. By supporting services midPoint makes yet another big push on the outside of the envelope of traditional identity management. Now midPoint can take the role of unified business-oriented management platform.

Let’s imagine a software development company. Operation of many software houses is inherently project-oriented. When a new project starts it needs to be defined in trouble ticket system, it needs it wiki spaces and so on. MidPoint can do that automatically for a few years already. But a project also needs server resources: build servers, continuous integration server, testing environments with several servers and so on. As midPoint supports services it can do that easily – as virtual service is just one specific instance of a service. MidPoint can invoke the OpenStack components to make sure that appropriate virtual infrastructure is automatically set up for the project. And as midPoint is still a state-of-the-art identity management system it can easily create accounts on these servers. Projects can be completely provisioned in a matter of seconds. And when the project is closed all the servers can be deprovisioned as easily. And the precious resources are no longer wasted.

The services are not limited to servers. They can represent almost anything: mobile devices, printers, … and literally any thing. Because all the things provide some sort of service. Otherwise we would have no reason to care about them, would we? This is how midPoint supports the Internet of Things (IoT). MidPoint actually evolved into this. We have realized that the same mechanism that we have perfected for data synchronization and identity management can be easily reused to manage any things. The mechanisms are the same: there is some “business” object that needs some kind of service to work. This “business” object may be a project, organizational unit, business application or anything else. But there is always such “business” object that “owns” the service – the reason for its very existence. MidPoint can easily manage such objects. It is built to do that. And the same mechanisms that are used for identity management are also re-used for service management. As midPoint can provision identities it can also provision services.

Even though midPoint evolved to support services all of the original midPoint concepts are re-used. Services can be assigned to users similarly as roles can be assigned. Services can be placed in organizational structures to allow delegated administration and multi-tenancy. Services can have their own roles (meta-roles) to unify the configuration and make the management of large-scale services easier. Even a very complex configurations are possible and they are maintainable. All the excellent midPoint features can be applied to services now. This is a major breakthrough that puts midPoint into a category of its own. Identity management will never be the same again. Because this is no longer just identity management …

Leave a Reply

Your email address will not be published.