1. Field of the Invention
The present invention is directed to technology for limiting central data store accesses during a workflow or another series of processing steps.
2. Description of the Related Art
With the growth of the Internet, the use of networks, and other information technologies, Identity Systems have become more popular. In general, an Identity System provides for the creation, removal, editing and other managing of identity information stored in various types of data stores. The identity information pertains to users, groups, organizations and/or things. For each entry in the data store, a set of attributes are stored. For example, the attributes stored for a user may include a name, address, employee number, telephone number, email address, user ID and password. The Identity System can also manage access privileges that govern what an entity can view, create, modify or use in the Identity System. Often, this management of access privileges is based on one or more specific attributes, membership in a group and/or association with an organization.
Identity Systems frequently store most attributes in one or more central data stores, such as a directory or database. As the volume of data maintained in the central data store grows, pressure on the bandwidth of the central data store mounts—data store bandwidth can be a limiting factor in the amount of data and other resources the Identity System can support. Central data store accesses can also be time consuming—taking place remotely over a network connection in some implementations.
Some Identity Systems employ workflows to carry out a variety of operations, such as adding and modifying identity profiles for system users. A workflow breaks an operation into a series of steps that are performed by the Identity Systems and other entities. In some instances, the Identity System calls on another entity to carry out a function called for in a workflow step, such as provisioning resources to a user. The Identity System then waits for the called entity to complete the assigned function.
Identity Systems employing workflows typically update the central data store at the end of each step in a workflow—updating the attributes related to the workflow. This places substantial demands on central data store bandwidth. In many instances, the updates of attributes in the central data store are unnecessary. Only certain circumstances require attributes in the central data store to be up to date. For example, an updated attribute is necessary when another entity needs to use the attribute. These circumstances, however, do not typically occur after every workflow step. It is desirable to reduce the number of central data store updates performed in each workflow.
Some Identity System users also employ an Access Systems. An Access System provides for the authentication and authorization of users attempting to access resources. For efficiency purposes, there is an advantage to integrating the Identity System and the Access System. Additionally, integrating the Identity System and the Access System allows for single-sign-on functionality across multiple resources. Thus, there is also a need to reduce workflow related accesses of a central data store, such as a directory, in an Access Systems and integrated Identity/Access Systems. Systems other than Identity and Access Systems can also benefit from reducing central data store accesses when carrying out workflows.