1. Field of the Invention
The present invention is directed to technology for automatically configuring object classes.
2. Description of the Related Art
With the growth of the Internet, the use of networks, and other information technologies, Identity Systems have become more popular. In general, an Identity System provides for the creation, removal, editing and other managing of identity information stored in various types of data stores. The identity information pertains to users, groups, organizations and/or things. For each entry in the data store, a set of attributes are stored. For example, the attributes stored for a user may include a name, address, employee number, telephone number, email address, user ID and password. The Identity System can also manage access privileges that govern what an entity can view, create, modify or use in the Identity System. Often, this management of access privileges is based on one or more specific attributes, membership in a group and/or association with an organization.
The data store often maintains attributes associated with an entity, such as a user, group, or organization, in an object that corresponds to the entity. For example, an object for a user may contain attributes for the user's name and login code. The Identity System often employs different classes of objects, with each class corresponding to a different type of entity. In one example, the Identity System employs different object classes for users, groups, and organizations. Each object in the user object class contains a set of attributes that correspond to a user. Each object in the group object class contains a set of attributes that correspond to a group. Each object in the organization object class contains a set of attributes that correspond to an organization.
The object classes employed in the data store may be used by many different systems and applications, in addition to the Identity System. The Identity System needs to have the object classes configured to support their use by the Identity System. In one example, the Identity System needs to associate meta-attributes with the attributes in an object class. The meta-attributes provide information the Identity System employs when using the object class attributes, such as an attribute's display name.
Traditionally, a system administrator manually configures object classes for the Identity System. The administrator informs the Identity System of each object class and configures each object class attribute—providing meta-attributes when necessary. The manual configuration is typically a tedious process that consumes a great deal of time. It is desirable for the configuration to be automated.
Some Identity System users also employ an Access Systems. An Access System provides for the authentication and authorization of users attempting to access resources. For efficiency purposes, there is an advantage to integrating the Identity System and the Access System. Additionally, integrating the Identity System and the Access System allows for single-sign-on functionality across multiple resources. Thus, there is also a need for Access Systems and integrated Identity/Access Systems to automatically configure object classes. Systems other than Identity and Access Systems can also benefit from automatically configuring object classes. Automated object class configuration can benefit any application or system that needs to interface with data store object classes.