1. Field of the Invention
The present invention is directed to technology for provisioning tasks.
2. Description of the Related Art
Identity Systems have become more popular with the growth of the Internet, network use, and other information technologies. In general, an Identity System provides for the creation, removal, editing and other managing of identity information stored in various types of data stores. The identity information pertains to entities, such as users, groups, organizations and/or things. The data store maintains a set of attributes for each entity. For example, the attributes stored for a user may include a name, address, employee number, telephone number, email address, user ID and password. The Identity System can also manage access privileges that govern what an entity can view, create, modify or use in the Identity System. Often, this management of access privileges is based on one or more attributes.
Entities managed by the Identity System may require access to a variety of resources that are external to the Identity System. For example, a user may need a telephone connection and accounts on various computer systems. A person working as an Identity System administrator can manually submit a request for the necessary external resources to one or more external provisioning systems.
A provisioning system services resource requests by establishing external resource access for an entity, such as an Identity System user. Most provisioning systems include one or more agents with each agent corresponding to an external resource. For each requested resource, the provisioning system assigns an agent to make the resource available to a specified entity. In one example, the provisioning system receives a request to establish a computer system account and telephone connection for a user. The provisioning system assigns one agent to create the computer account and another agent to create the telephone connection. Provisioning systems are also capable of terminating an entity's resource access.
An Identity System administrator is often required to manually interface with multiple provisioning systems, because no one provisioning system supports all of the external resources required by the administrator. Each provisioning system can have a different user interface and manner of operation—placing an undesirable burden on the Identity System administrator. The separate provisioning systems may not be able to communicate with each other to support possible interdependencies in resource assignments—creating logistical difficulties for the Identity System administrator.