friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6290434003
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzalv_5.4.0.1/rzalv_reg_plan.htm

126 lines
8.0 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Develop an Enterprise Identity Mapping registry definition naming plan" />
<meta name="DC.Relation" scheme="URI" content="rzalv_plan_eim_for_eserver.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2002, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2002, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzalv_reg_plan" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Develop an Enterprise Identity Mapping registry definition naming plan</title>
</head>
<body id="rzalv_reg_plan"><a name="rzalv_reg_plan"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Develop an Enterprise Identity Mapping registry definition naming plan</h1>
<div><p>To use Enterprise Identity Mapping (EIM) to map the user identity in one
user registry to an equivalent user identity in another user registry, both
user registries must be defined to EIM. You must create an EIM <a href="rzalveserverregistry.htm#rzalveserverregistry">registry definition</a> for each application or operating
system user registry that will participate in the EIM domain. User registries
can represent operating system registries such as Resource Access Control
Facility (RACF<sup>®</sup> )
or i5/OS™,
a distributed registry such as Kerberos, or a subset of a system registry
that is used exclusively by an application.</p>
<p>An EIM domain can contain registry definitions for user registries that
exist on any platform. For example, a domain managed by a domain controller
on i5/OS might
contain registry definitions for non-i5/OS platforms (such as an AIX<sup>®</sup> registry).
Although you can define any user registry to an EIM domain, you must define
user registries for those applications and operating systems that are EIM-enabled.</p>
<p>You can name an EIM registry definition anything that you like as long
as the name is unique in the EIM domain For example, you could name the EIM
registry definition based on the name of the system that hosts the user registry.
If this is not sufficient to distinguish the registry definition from similar
definitions, you could use a period (.) or an underscore (_) to add the type
of user registry that you are defining. Regardless of the criteria you choose
to use, you should consider developing a naming convention for your EIM registry
definitions. Doing so ensures that the definition names are consistent throughout
the domain and are adequately descriptive of the type and instance of the
user registry defined and how it is used. For example, you could choose the
name of each registry definition by using a combination of the application
or operating system name that uses the registry and the user registry's physical
location in your enterprise. </p>
<p>An application that is written to use EIM may specify either a source registry
alias or a target registry alias, or aliases for both. When you create EIM
registry definitions you need to check the documentation for your applications
to determine whether you need to specify one or more aliases for registry
definitions. When you assign these aliases to the appropriate registry definitions,
the application can perform an alias lookup to find the EIM registry definition
or definitions that match the aliases in the application. </p>
<p>You may find the following sample portion of the planning work sheet helpful
as a guide to use for recording information about participating user registries.
You can use the actual work sheet to specify a registry definition name for
each user registry, to specify whether it uses an alias, and to describe the
user registry location and use. The installation and configuration documentation
for the application will provide some of the information that you need for
the worksheet. </p>
<div class="p">
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><caption>Table 1. Sample EIM registry definition
information planning work sheet</caption><thead align="left"><tr><th align="left" valign="top" width="25%" id="d0e47">Registry definition name</th>
<th valign="top" width="25%" id="d0e49">User registry type</th>
<th valign="top" width="25%" id="d0e51">Registry definition alias</th>
<th valign="top" width="25%" id="d0e53">Registry description</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="25%" headers="d0e47 ">System_C</td>
<td valign="top" width="25%" headers="d0e49 ">i5/OS system user registry</td>
<td valign="top" width="25%" headers="d0e51 ">See application documentation</td>
<td valign="top" width="25%" headers="d0e53 ">Main system user registry for i5/OS on System C</td>
</tr>
<tr><td valign="top" width="25%" headers="d0e47 ">System_A_WAS</td>
<td valign="top" width="25%" headers="d0e49 ">WebSphere<sup>®</sup> LTPA</td>
<td valign="top" width="25%" headers="d0e51 ">app_23_alias_source</td>
<td valign="top" width="25%" headers="d0e53 ">WebSphere LTPA user registry on System A</td>
</tr>
<tr><td valign="top" width="25%" headers="d0e47 ">System_B</td>
<td valign="top" width="25%" headers="d0e49 ">Linux<sup>®</sup></td>
<td valign="top" width="25%" headers="d0e51 ">See application documentation</td>
<td valign="top" width="25%" headers="d0e53 ">Linux user registry on System B</td>
</tr>
<tr><td valign="top" width="25%" headers="d0e47 ">System_A</td>
<td valign="top" width="25%" headers="d0e49 ">i5/OS system user registry</td>
<td valign="top" width="25%" headers="d0e51 ">app_23_alias_target app_xx_alias_target</td>
<td valign="top" width="25%" headers="d0e53 ">Main system user registry for i5/OS on System A</td>
</tr>
<tr><td valign="top" width="25%" headers="d0e47 ">System_D</td>
<td valign="top" width="25%" headers="d0e49 ">Kerberos user registry</td>
<td valign="top" width="25%" headers="d0e51 ">app_xx_alias_source</td>
<td valign="top" width="25%" headers="d0e53 ">legal.mydomain.com Kerberos realm</td>
</tr>
<tr><td valign="top" width="25%" headers="d0e47 ">System_4 </td>
<td valign="top" width="25%" headers="d0e49 ">Windows<sup>®</sup> 2000 user registry</td>
<td valign="top" width="25%" headers="d0e51 ">See application documentation</td>
<td valign="top" width="25%" headers="d0e53 ">Human resources application user registry on System 4</td>
</tr>
</tbody>
</table>
</div>
<div class="note"><span class="notetitle">Note:</span> Association types for each registry will be determined later
in the planning process.</div>
</div>
<p>After you complete this section of the planning worksheet, you should <a href="rzalv_id_map_plan.htm#id_map_plan">develop your identity
mapping plan</a> to determine whether to use identifier associations, policy
associations, or both types of associations to create the mappings that you
need for the user identities in each defined user registry.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzalv_plan_eim_for_eserver.htm">Plan Enterprise Identity Mapping for eServer</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink