Issue: When an IdM driver makes a change to an object (attributes for example). The change is recorded as made by the IdM engine server.
In instances where changes can originate from a number of sources, the tracking of where the change originate is impossible. Even with auditing on an attribute level and a SIEM system, the result is just "something" originating on this server made those changes.
Would it not be splendid, if the changes were actually performed as the entity which the driver is security equal to?
What would we gain with this?
Traceability (which driver runs amok?)
Compliance (and this is far more important). Who or at least WHAT made the change?