Go Directly to Page Content

MCommunity Design Requirements Documents

These documents were written to guide the work of the MCommunity system developers, although others might also find them interesting. Each chapter lists requirements for a different component of the MCommunity system. Each chapter is a separate document.

Introduction

The MCommunity enterprise directory system is made up of the following logical components:

1. Identity Management. A comprehensive set of tools and processes for creating and managing digital identities for all entities that are affiliated in some capacity with U-M and that need access to IT resources.

2. Sponsor System. An interface to the identity management system that allows authorized people and processes to perform additions and modifications of/to identity data for persons loosely affiliated with the University.

3. Identity Vault. This includes the Registry and Directory, which serve as the data and processing hub for identity management, service provisioning, and workflow. The modules of the Identity Vault subsystem are:

   • Registry. The restricted-access collection point for person identity data from institutional sources (such as human resources, student, and development systems), including the Sponsor System. It is the point of all person identity creation.

   • Directory. An accessible directory that contains active person and non-person identity data, roles, and groups for the purpose of provisioning IT resources.

   • LDAP Tree. An LDAP-accessible directory instance. We are also including here the requirements for the components of MCommunity that support the ID Vault, such as the User Applications and Workflow.

4. Roles System. System consisting of role objects in the Directory and processing logic to associate identities to them based on defined rules for membership. Based on these roles users will be granted and denied access to IT resources.

5. Provisioning. A set of tools that allows different constituencies at the university to use directory identity information to authorize use of the local resources.

6. Audit System. All events relevant to identity management and service provisioning that warrant long term tracking will be recorded in an audit system capable of storing, normalizing and reporting on these events.

Table of Contents

Chapter 1. General Requirements [download PDF file]

• What is MCommunity?
• How Will It Be Used?
• General System Requirements
• Appendix 1-A: Data Schema
• Appendix 1-B: Governance Board Recommendations 3

Chapter 2. Identity Management [download PDF file]

• Definitions
• What Is Identity Management?
• How Will It Be Used?
• Business Process Model
• Dependencies
• Business Requirements
• Appendix 2-A: Populations and Data Sources
• Appendix 2-B: Search-Match and Minimum Data Requirements
• Appendix 2-C: Identity Lifecycle Use-Case Analysis

Chapter 3. Sponsor System [download PDF file]

• Definitions
• What Is the Sponsor System?
• How Will It Be Used?
• Business Process Model
• Dependencies
• Business Requirements
• Operations Requirements
• Questions, Future Enhancements, and Design Considerations
• Appendix 3-A: Uniqname Types

Chapter 4. Identity Vault (Registry and Directory) [download PDF file]

• What Is the Identity Vault?
• How Will It Be Used?
• Business Requirements
• Operations Requirements
• Dependencies
• Questions, Future Enhancements, and Design Considerations

 

Information and Technology Services