This information explains how to create identifiers for a user or an entity within your enterprise.
An Enterprise Identity Mapping (EIM) identifier represents a person or entity in an enterprise. A typical network consists of various hardware platforms and applications and their associated user registries. Most platforms and many applications use platform-specific or application-specific user registries. These user registries contain all of the user identification information for users who work with those servers or applications.
You can use EIM to create unique EIM identifiers for people or entities in your enterprise. You can then create identifier associations, or one-to-one identity mappings, between the EIM identifier and the various user identities for the person or entity that the EIM identifier represents. This process makes it easier to build heterogeneous, multiple-tier applications. It also becomes easier to build and use tools that simplify the administration involved with managing every user identity that a person or entity has within the enterprise.
Figure 3 shows an example of an EIM identifier that represents a person named John Day and his various user identities in an enterprise. In this example, the person John Day has five user identities in four different user registries: johnday, jsd1, JOHND, jsday, and JDay.
Figure 3: The relationship between the EIM identifier for John Day and his various user identities
In EIM, you can create associations that define the relationships between the John Day identifier and each of the different user identities for John Day. By creating these associations to define these relationships, you and others can write applications that use the EIM APIs to look up a needed, but unknown, user identity based on a known user identity.
In addition to representing users, EIM identifiers can represent entities within your enterprise as Figure 4 illustrates. For example, often the print server function in an enterprise runs on multiple systems. In Figure 4, the print server function in the enterprise runs on three different systems under three different user identities of pserverID1, pserverID2, and pserverID3.
Figure 4: The relationship between the EIM identifier that represents the print server function and the various user identities for that function
With EIM, you can create a single identifier that represents the print server function within the entire enterprise. As the example shows, the EIM identifier Print server function represents the actual print server function entity in the enterprise. Associations are created to define the relationships between the EIM identifier (Print server function) and each of the user identities for this function (pserverID1, pserverID2, and pserverID3). These associations allow application developers to use EIM lookup operations to find a specific print server function. Application providers can then write distributed applications that manage the print server function more easily across the enterprise.
EIM identifier names must be unique within an EIM domain. Aliases can help address situations where using unique identifier names can be difficult. An example of the usefulness of EIM identifier aliases is in situations where someone's legal name is different from the name that person is known as. For example, different individuals within an enterprise can share the same name, which can be confusing if you are using proper names as EIM identifiers.
Figure 5 illustrates an example in which an enterprise has two users named John S. Day. The EIM administrator creates two different EIM identifiers to distinguish between them: John S. Day1 and John S. Day2. However, which John S. Day is represented by each of these identifiers is not readily apparent.
Figure 5: Aliases for two EIM identifiers based on the shared proper name John S. Day
By using aliases, the EIM administrator can provide additional information about the individual for each EIM identifier. Each EIM identifier can have multiple aliases to identify which John S. Day the EIM identifier represents. For example, the additional aliases might contain each user's employee number, department number, job title, or other distinguishing attribute. In this example, an alias for John S. Day1 might be John Samuel Day and an alias for John S. Day2 might be John Steven Day.
You can use the alias information to aid in locating a specific EIM identifier. For example, an application that uses EIM may specify an alias that it uses to find the appropriate EIM identifier for the application. An administrator can add this alias to an EIM identifier so that the application can use the alias rather than the unique identifier name for EIM operations. An application can specify this information when using the Get EIM Target Identities from the Identifier (eimGetTargetFromIdentifier()) API to perform an EIM lookup operation to find the appropriate user identity it needs.