Intent-based governance service
US-2020314145-A1 · Oct 1, 2020 · US
System and method to exchange identity governance data across multiple identity repositories
US11240168B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11240168-B2 |
| Application number | US-202016734460-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 6, 2020 |
| Priority date | Jan 6, 2020 |
| Publication date | Feb 1, 2022 |
| Grant date | Feb 1, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A technique for identity governance (IG) data exchange includes receiving, by a first adapter, an identity governance message from a first identity governance resource for transmission of the identity governance message to a second identity governance resource. The first adapter analyzes the message and, based on the analysis, selects a routing policy to apply to the message. Based on the routing policy, the adapter determines a select input queue from a plurality of input queues to receive the message and writes the message to the select input queue. The message is then routed from the select input queue to an output queue, and then a second adapter transfers the message from the output queue to the second identity governance resource.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: receiving, by a first adapter of an identity governance exchange module, an identity governance message from a first identity governance resource for transmission of the identity governance message to a second identity governance resource, wherein the first identity governance resource includes an identity governance and administration system and the identity governance exchange module is interposed between the identity governance and administration system and the second identity governance resource for identity governance message flow therebetween; analyzing, by the first adapter, the identity governance message; selecting, based on the analysis, a routing policy to apply to the identity governance message; based on the routing policy, determining a select input queue from a plurality of input queues of the identity governance exchange module to receive the identity governance message; writing, by the first adapter, the identity governance message to the select input queue; routing the identity governance message from the select input queue to an output queue of the identity governance exchange module; and transferring, by a second adapter of the identity governance exchange module, the identity governance message from the output queue to the second identity governance resource. 2. The method of claim 1 , further comprising, retrieving, by the first adapter, the routing policy from a management queue of the identity governance exchange module. 3. The method of claim 1 , further comprising: writing the routing policy to a management queue of the identity governance exchange module; and retrieving, by the first adapter, the routing policy from the management queue. 4. The method of claim 1 , further comprising: parsing, by the first adapter, the identity governance message; identifying, by the first adapter, an attribute from the identity governance message; and selecting the routing policy based on the attribute. 5. The method of claim 1 , further comprising, retrieving, by the second adapter, the routing policy from a management queue. 6. The method of claim 1 , wherein the identity governance and administration system communicates in a first protocol and the first adapter includes logic configured to communicate in the first protocol, wherein the receiving the identity governance message from the first identity governance resource includes: receiving the identity governance message by the first adapter in the first protocol from the first identity governance resource; and wherein the second identity governance resource includes an information technology system having an identity governance data repository, wherein the information technology system communicates in a second protocol and the second adapter includes logic configured to translate the identity governance message to meet requirements of the second protocol, wherein the transferring the identity governance message from the output queue to the second identity governance resource includes: transferring the identity governance message by the second adapter in the second protocol from the output queue to the second identity governance resource. 7. The method of claim 1 , further comprising: receiving, by the second adapter, an identity governance message from the second identity governance resource; selecting, by the second adapter, a routing policy associated with the identity governance message received from the second identity governance resource; and based on the routing policy associated with the identity governance message received from the second identity governance resource, writing the identity governance message received from the second identity governance resource to another select one of the plurality of input queues. 8. A system, comprising: a first adapter of an identity governance exchange module, the first adapter being configured to receive an identity governance message from a first identity governance resource for transmission of the identity governance message to a second identity governance resource, wherein the first identity governance resource includes an identity governance and administration system and the identity governance exchange module is interposed between the identity governance and administration system and the second identity governance resource for identity governance message flow therebetween, the first adapter being further configured to: analyze the identity governance message; select, based on the analysis, a routing policy associated with the identity governance message; based on the routing policy, determine a select input queue from a plurality of input queues of the identity governance exchange module to receive the identity governance message; and write the identity governance message to the select input queue; a queuing layer of the identity governance exchange module having the select input queue and configured to route the identity governance message from the select input queue to an output queue of the identity governance exchange module; and a second adapter of the identity governance exchange module configured to retrieve the identity governance message from the output queue and transfer the identity governance message to the second identity governance resource. 9. The system of claim 8 , wherein the first adapter is configured to retrieve the routing policy from a management queue of the queuing layer. 10. The system of claim 9 , further comprising a management module of the identity governance exchange module, the management module being configured to: receive the routing policy; and write the routing policy to the management queue. 11. The system of claim 8 , wherein the first adapter is configured to: parse the identity governance message; identify an attribute from the identity governance message; and select the routing policy based on the attribute. 12. The system of claim 8 , wherein the second adapter is configured to retrieve the routing policy from the queuing layer. 13. The system of claim 8 , further comprising: a management module of the identity governance exchange module, the management module being configured to: receive a change to the routing policy; and write the changed routing policy to the queuing layer; and wherein the first adapter is configured to: periodically access the queuing layer; and retrieve the changed routing policy from the queuing layer. 14. The system of claim 8 , wherein the first adapter is configured to: determine whether the identity governance message corresponds to a high priority event; responsive to determining that the identity governance message corresponds to the high priority event, identify a high priority queue in the queuing layer based on the routing policy; and write the identity governance message to the high priority queue. 15. A computer program product for identity governance data exchange, the computer program product comprising: one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media, the program instructions being executable by a processor to: receive, by a first adapter of an identity governance exchange module, an identity governance message from a first identity governance resource for transmission of the identity governance message to a second identity governance resource, wherein the first identity governance resource includes an identity governance and administration system and the identity governance exchange module is interposed between the identity
Assignees
Inventors
Classifications
Policy-based network configuration management · CPC title
Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements · CPC title
using virtualisation of network functions or resources, e.g. SDN or NFV entities · CPC title
- H04L47/6215Primary
Individual queue per QOS, rate or priority · CPC title
- H04L41/0806Primary
for initial configuration or provisioning, e.g. plug-and-play · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11240168B2 cover?
- A technique for identity governance (IG) data exchange includes receiving, by a first adapter, an identity governance message from a first identity governance resource for transmission of the identity governance message to a second identity governance resource. The first adapter analyzes the message and, based on the analysis, selects a routing policy to apply to the message. Based on the routi…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification H04L47/6215. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 01 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).