Novell Home

Novell Identity Manager 2.0: the new DirXML

Novell Cool Solutions: Feature
By Linda Kennard

Digg This - Slashdot This

Posted: 18 Nov 2003
 

Editor's Note: Even though the next version of DirXML (to be known as Novell Nsure Identity Manager) isn't scheduled for release until January of 2004, we thought you would appreciate this peek.

For the full text of this Novell Connection article, see: Tech Talk #4 - Nsure Identity Manager 2.0.

Noteworthy Additions

While Nsure Identity Manager includes several noteworthy features, these features are among the most exciting (and thus merit the attention they get in this article):

  • A new graphical user interface for building the policies (previously called rules) that control the flow of information between connected systems.
  • New password management features that
    • enable you to create password policies that define criteria for password creation across your connected systems;
    • help users to recover forgotten passwords or to reset expired ones;
    • synchronize passwords between eDirectory and several other connected systems.

The New Code Is (Almost) No Code

Nsure Identity Manager simplifies the process of creating policies. Policies are collections of rules that define conditions and actions that govern the flow of information between connected systems in your Nsure Identity Manager environment. For example, a creation policy includes rules that dictate how and when you want new objects created.

In DirXML 1.x, you create rules in either XML or XSLT. Basically, you use XML for rules that are based on simple logic, such as many of the rules in schema-mapping, creation, matching and placement policies. You reserve XSLT for rules that require more complex logic, such as rules in input, output, event and command transformation policies. Unfortunately, the reality of this seemingly fair equation is that you use XML for only about 20% of your rules and the more complex XSLT for the remaining 80%.

Novell engineers revamped DirXML so that Nsure Identity Manager essentially inverts these percentages. With Nsure Identity Manager, only 20% of your rules need be in XSLT and the remaining 80% of your rules are in a new, simplified version of XML called DirXML Script. What is more important, you don't have to write DirXML Script (or XML or XSLT) to create these rules. Instead, you build the rules that form your policies using a graphical user interface called Policy Builder.

In fact, for some systems, Novell provides policies that are entirely XSLT free. For example, all of the Novell-developed policies for Microsoft Active Directory were built using Policy Builder, demonstrating that configuring complex policies without writing code is possible (even probable).

Included in the Nsure Identity Manager plug-ins for Novell iManager 2.0, Policy Builder speeds the time and reduces the mental energy required to build policies. In Policy Builder, you click the connector for which you want to create a policy, after which you see a graphical representation of the subscriber and publisher channels between eDirectory and the connected system. Near these channels, you might also see icons (that look like tiny documents). These icons represent policies that already have been written for this connector.

To create a new policy, you click one of the arrows in the publisher or subscriber channels. This opens Rule Builder. In Rule Builder, you define and combine conditions (such as "if operation equals move") and specify the appropriate action or actions (such as "do veto").

For every variable in the condition or action that you're defining, Rule Builder provides drop-down lists that include only valid options. (See Figure 2.) For example, to open a list of valid options for the value that follows the word "if" in a condition, you click the arrow at the end of that field. As you can see in Figure 2, you do the same to view drop-down lists of options for every variable.

Policy Builder translates the rules you create into DirXML Script. Policy Builder also includes a wizard that enables you to translate into DirXML Script any rules that you already have in old-style XML (that is, rules you wrote using previous versions of DirXML). In fact, with the exception of schema-mapping rules, you'll need to translate these old rules in order for them to work in this upgraded environment.

Of course, if you're a diehard code guy, you can view and write DirXML Script, XML and XSLT. The point here is that you don't have to because Policy Builder makes the process of building rules as simple?and code free?as possible.

For the full text of this Novell Connection article, see: Tech Talk #4 - Nsure Identity Manager 2.0.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell