Last modified 22 Apr 2021 17:31 +02:00
This functionality is obsolete. It is no longer supported or maintained.

TODO: update

Local copy of any object on the provisioning resource that is related to provisioning. It may be account, group, role (on the target system), entitlement (privilege, security label), organizational unit or anything else that is worth managing in identity management.

This object provides a representation of the resource object in the IDM system, in the local repository. It is different from the object that represents resource object on the target resource.

Resource Object Shadow may represent a minimal data structure in IDM repository that contains only an identifier and nothing else. It may also represent a rich structure with a lot of cached or fetched data. The actual content of this object depends on usage: on the specific interface and operation used and even on the system state and configuration.

Resource Object Shadow contains resource attributes copied from the target resource in the attributes tag. This tag must not contain properties from the identity data model (from the identity XML namespace). This element includes resource attributes that identify resource object on the resource.

XML Element Type Description


contains xsd:any[*]

Resource attributes interpreted, handled like properties

Users (and partially administrators) of IDM system should not see the shadow objects and should not be aware of them as it will hinder the understandability of the system. Users should be presented just with "accounts" and "groups". However, the concept of shadow objects is very important for developers and for engineers deploying IDM systems.

See Shadow Objects for a detailed explanations of shadow objects. The Resource and Connector Schema Explanation page describes how the it works with resource and connector schema.