friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6290434003
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzalv_5.4.0.1/rzalveserverdomain.htm

113 lines
7.5 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="EIM domain" />
<meta name="abstract" content="This information explains how to use a domain to store all your identifiers." />
<meta name="description" content="This information explains how to use a domain to store all your identifiers." />
<meta name="DC.Relation" scheme="URI" content="rzalveservercncpts.htm" />
<meta name="DC.Relation" scheme="URI" content="rzalveserverregistry.htm#rzalveserverregistry" />
<meta name="DC.Relation" scheme="URI" content="rzalveservereimid.htm" />
<meta name="DC.Relation" scheme="URI" content="rzalveservereimmaplookup.htm#rzalveservereimmaplookup" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2002, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2002, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzalveserverdomain.dita" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>EIM domain</title>
</head>
<body id="rzalveserverdomain.dita"><a name="rzalveserverdomain.dita"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">EIM domain</h1>
<div><p>This information explains how to use a domain to store all your
identifiers.</p>
<p>An Enterprise Identity Mapping (EIM) <em>domain</em> is a directory within
a Lightweight Directory Access Protocol (LDAP) server that contains EIM data
for an enterprise. An EIM domain is the collection of all the EIM identifiers,
EIM associations, and user registries that are defined in that domain, as
well as access control for the data. Systems (EIM clients) participate in
the domain by using the domain data for EIM lookup operations.</p>
<p>An EIM domain is different from a user registry. A user registry defines
a set of user identities known to and trusted by a particular instance of
an operating system or application. A user registry also contains the information
needed to authenticate the user of the identity. Additionally, a user registry
often contains other attributes such as user preferences, system privileges,
or personal information for that identity.</p>
<p>In contrast, an EIM domain <em>refers</em> to user identities that are defined
in user registries. An EIM domain contains information about the <em>relationship</em> between
identities in various user registries (user name, registry type, and registry
instance) and the actual people or entities that these identities represent.</p>
<p>Figure 2 shows the data that is stored within an EIM domain. This data
includes EIM identifiers, EIM registry definitions, and EIM associations.
EIM data defines the relationship between user identities and the people or
entities that these identities represent in an enterprise.</p>
<div class="fignone"><span class="figcap">Figure 1. EIM domain and the data that is stored within the domain</span><br /><img src="rzalv504.gif" alt="Example of the information that is stored in an EIM domain" /><br /></div>
<p>EIM data includes:</p>
<dl><dt class="dlterm">EIM registry definitions</dt>
<dd>Each EIM registry definition that you create represents an actual user
registry (and the user identity information it contains) that exists on a
system within the enterprise. Once you define a specific user registry in
EIM, that user registry can participate in the EIM domain. You can create
two types of registry definitions, one type refers to system user registries
and the other type refers to application user registries. <p></p>
</dd>
<dt class="dlterm">EIM identifiers</dt>
<dd>Each EIM identifier that you create uniquely represents a person or entity
(such as a print server or a file server) within an enterprise. You can create
an EIM identifier when you want to have one-to-one mappings between the user
identities that belong to a person or entity to whom the EIM identifier corresponds. <p></p>
</dd>
<dt class="dlterm">EIM associations</dt>
<dd>The EIM associations that you create represent relationships between user
identities. You must define associations so that EIM clients can use EIM APIs
to perform successful EIM lookup operations. These EIM lookup operations search
an EIM domain for defined associations. There are two different
types of associations that you can create:<p></p>
<dl><dt class="dlterm">Identifier associations</dt>
<dd>Identifier associations allow you to define a one-to-one relationship
between user identities through an EIM identifier defined for an individual.
Each EIM identifier association that you create represents a single, specific
relationship between an EIM identifier and an associated user identity within
an enterprise. Identifier associations provide the information that ties an
EIM identifier to a specific user identity in a specific user registry and
allow you to create one-to-one identity mapping for a user. Identity associations
are especially useful when individuals have user identities with special authorities
and other privileges that you want to specifically control by creating one-to-one
mappings between their user identities.<p></p>
</dd>
<dt class="dlterm">Policy associations</dt>
<dd>Policy associations allow you to define a relationship between a group
of user identities in one or more user registries and an individual user identity
in another user registry. Each EIM policy association that you create results
in a many-to-one mapping between the source group of user identities in one
user registry and a single target user identity. Typically, you create policy
associations to map a group of users who all require the same level of authorization
to a single user identity with that level of authorization.</dd>
</dl>
</dd>
</dl>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzalveservercncpts.htm" title="Use this information learn about important EIM concepts that you need to understand to implement EIM successfully.">Enterprise Identity Mapping concepts</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzalveserverregistry.htm#rzalveserverregistry" title="This information explains how you can create a registry definition to hold all your user registries for a system.">EIM registry definitions</a></div>
<div><a href="rzalveservereimid.htm" title="This information explains how to create identifiers for a user or an entity within your enterprise.">EIM identifier</a></div>
<div><a href="rzalveservereimmaplookup.htm#rzalveservereimmaplookup" title="This information explains the process for Enterprise Identity Mapping (EIM) mapping and view examples.">EIM lookup operations</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink