Alexander Phillip Amies - Irvine CA, US Dennis Raymond Doll - Newport Beach CA, US Bassam H. Hassoun - Riverside CA, US Brian Robert Matthiesen - Rancho Santa Margarita CA, US
Assignee:
International Business Machines Corporation - Armonk NY
International Classification:
G06F 17/30
US Classification:
707616, 707662, 707781, 707999203
Abstract:
A system for synchronizing account names from a plurality of source security systems. In response to coupling a conversion system between the plurality of source security systems and a target security system, identity data from a human resource system and account data from the plurality of local source security systems is loaded into the conversion system. A name resolution rule set is retrieved and a unique account name identification is generated for a set of account names associated with an identity using the name resolution rule set. The set of account names associated with the identity is converted to the unique account name identification to produce a synchronized set of account names associated with the identity. Then, the synchronized set of account names associated with the identity is stored in the target security system.
System For Notification Of Group Membership Changes In Directory Service
Brian R Matthiesen - Rancho Santa Margarita CA, US Dennis R Doll - Newport Beach CA, US Bassam Ann Hassoun - Riverside CA, US
Assignee:
International Business Machines Corporation - Armonk NY
International Classification:
G06F 7/00 G06F 17/00
US Classification:
707709, 726 1, 37039554
Abstract:
An identity management system provides for a computationally efficient approach to monitor group changes, or events, on a directory service. Group events are monitored by use of a domain crawler process launched by an event monitoring process of the identity management system that gathers group event data and reports the collected and consolidated changes to the identity management system.
Method And System For Managing And Monitoring Continuous Improvement In Detection Of Compliance Violations
Fernando Barcelo - Corona CA, US Dennis R. Doll - Newport Beach CA, US Bassam H. Hassoun - Riverside CA, US Brian R. Matthiesen - Rancho Santa Margarita CA, US Jedd Weise - Laguna Niguel CA, US John B. Young - Irvine CA, US
Assignee:
INTERNATIONAL BUSINESS MACHINES CORPORATION - Armonk NY
International Classification:
G06F 21/20
US Classification:
726 25
Abstract:
A computer implemented method, data processing system, and computer program product is provided for using compliance violation risk data about an entity to enable an identity management system to dynamically adjust the frequency in which the identity management system performs a reconciliation and compliance check of an identity account associated with the entity. Data associated with an identity account is collected, wherein the data comprises at least one of compliance data, prior compliance violations, or personal data about an entity associated with the identity account. One or more risk factors for the identity account based on the collected data are determined. A risk score of the identity account is calculated based on the determined risk factors. The identity account is then audited with a frequency according to the risk score assigned to the identity account.
System And Method For Notification Of Group Membership Changes In A Directory Service
Brian R. Matthiesen - Rancho Santa Margarita CA, US Dennis R. Doll - Newport Beach CA, US Bassam Hassoun - Riverside CA, US
Assignee:
International Business Machines Corporation - Armonk NY
International Classification:
G06F 7/00
US Classification:
707 3, 37039554, 726 1
Abstract:
A method and system provides for a computationally efficient approach to monitor group changes, or events, on a directory service. Group events are monitored by use of a domain crawler launched by an event monitoring process of an identity management (IdM) system that gathers group event data and reports the collected and consolidated changes to the IdM system.
Automatically discovering attribute permissions is provided. A profile indicating a set of attributes that can be converted into permissions for a new target instance is provided. In response to detecting that the new target instance is being added, a convertible set of attributes for the new target instance is searched for based on the profile. Search results for the convertible set of attributes are displayed. Ones of the convertible set of attributes are selected as a set of attribute permissions for the new target instance for access control to the new target instance.