Enterprise Identity Management systems control access to information derived from identity-related data stored in various data repositories. Examples of the data include email distribution lists or system resource access rights based on identity-based attributes such as job function, office location, department, and reporting relationship. Maintaining such information often requires an administrator's direct input and a knowledge of the relationships of the data, which can be quite complex.
As identity attributes (such as users, employees, contractors, customers, and the like) join, leave, and change positions within the organization, their attributes frequently change. This usually requires that relational data be updated as needed to reflect these changed attributes. Conversely, derived data sets (such as new lists or entitlements) are populated based on current user attributes. The challenge of maintaining this derived data current becomes even more difficult as the both the source and the derived datasets become larger and/or more volatile and/or more distributed.