19th EUNIS Congress „ICT Role for Next Generation Universities”

Businesses typically have several services where employees may log in using some centrally provided credential(s). However, those credentials are usually system specific and stored separately in different records - one for each system. When one of the attributes (e.g. name or title) common to some credentials changes, it should be updated everywhere to match. Doing this in batch mode e.g. once a day has at least the following drawbacks:
● Creates delay (credentials are out of sync until batch is run)
● Unnecessary processing of identities that didn't change
● High system load while identities are being synchronized
Event driven identity management trades all these flaws to increased complexity. In Helsinki Metropolia University of Applied Sciences such system, an in-house developed software named Amme (translates literally into "basin, tub"), is being used.
The purpose of this paper is to present an overview of the software architecture and behaviour of Amme as an example of an event driven identity management system. This paper also studies other parts of IAM (Identity and Access Management) architecture and support processes in Metropolia e.g. software systems where identity information is originated, directories where data is populated, custom interfaces for software systems and single-sign-on - architecture.