Presentation is loading. Please wait.

Presentation is loading. Please wait.

OpenRegistry LSM 10/7/09 1 OpenRegistry Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University July 2009.

Published byTheresa Copeland Modified over 7 years ago

Similar presentations

Presentation on theme: "OpenRegistry LSM 10/7/09 1 OpenRegistry Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University July 2009."— Presentation transcript:

1 OpenRegistry LSM 10/7/09 1 OpenRegistry Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University July 2009

2 OpenRegistry LSM 10/7/09 2 About Rutgers University State University of New Jersey Three Main Campuses –New Brunswick (main) 29000 FT, 7000 PT Students –Newark 7000 FT, 4000 PT Students –Camden 3500 FT, 1700 PT Students ¾ Undergraduate 15000 Faculty/Staff 400000 Alumni Many visitors, guests, conference attendees, etc Need to assign NetIDs (logins) and ID Cards

3 OpenRegistry LSM 10/7/09 3

4 OpenRegistry LSM 10/7/09 4 We’re Not That Unique Lots of other US Higher Ed looks similar –Multiple Systems of Record (SORs) –Heterogenous Downstream Systems (DSSs) OpenSource: Kerberos, OpenLDAP, CAS, Shibboleth, Sakai, Kuali,... Proprietary: Active Directory, Banner, Endeavor, Lenel,... –Complex, poorly documented rules and procedures –Limited resources And also in Canada, UK, Sweden, Brazil,...

5 OpenRegistry LSM 10/7/09 5

6 OpenRegistry LSM 10/7/09 6 Rutgers University Identity Goals Capture Identity Data for all populations affiliated with the University, including regular students, continuing ed students, joint program students, alumni, new employees, faculty, staff, retirees, and guests –Now: Primarily students, faculty/staff, and some “guests” Faster propagation of data, real time where possible –Now: Nightly to biweekly batch feeds Consistent data definitions, contracted via versions –Now: Hard to find definitions, unclear when they change Delegated operations where possible –Now: Heavy dependency on Help Desk and Central IT

7 OpenRegistry LSM 10/7/09 7 What Is OpenRegistry? An OpenSource Identity Management System, a place for data about people affiliated with your institution Core functionality –Interfaces for web, batch, and real-time data transfer –Identity data store –Identity reconciliation from multiple systems of record –Identifier assignment for new, unique individuals Additional functionality –Data beyond Persons: Groups, Courses, Credentials, Accounts –Business Rule based data transformations

8 OpenRegistry LSM 10/7/09 8 What Is OpenRegistry? More than just a Registry, some periphery too –Directory Builder –Provisioning and Deprovisioning Generally not authoritative for data –SORs are authoritative for most data –OR reflects single, reconciled view of data from multiple SORs –Exceptions include some identifiers, results of business rule calculations, populations with no real SOR (eg: visitors)

9 OpenRegistry LSM 10/7/09 9 Inspirations Columbia University Identity Management System Rutgers People Database Georgetown Model* Higher Ed Standards (eg: eduPerson) Evolving Standards (eg: NIST LoA) Review of interested peer institutions Decades of combined experience from before the field was called “Identity Management”

10 OpenRegistry LSM 10/7/09 10 I2 Identity & Access Management Model OpenRegistry Core OpenRegistry Periphery

11 OpenRegistry LSM 10/7/09 11

12 OpenRegistry LSM 10/7/09 12 Data Model Generic enough to work for multiple institutions Specific enough to work for yours Internationalized Well documented

13 OpenRegistry LSM 10/7/09 13 Data Model Overview

14 OpenRegistry LSM 10/7/09 14 Data Model Excerpt

15 OpenRegistry LSM 10/7/09 15

16 OpenRegistry LSM 10/7/09 16 OpenRegistry Approach Communicate openly and transparently Design based on supportable, end-user focused, efficient processes and ease of maintenance Adhere to open standards wherever possible Leverage other higher ed efforts Favor iterative development where appropriate Implement highly available, highly scalable, cost efficient technologies

17 OpenRegistry LSM 10/7/09 17 OpenRegistry Approach Generic architecture and data model –More than Rutgers needs, but makes OR more useful for others Multiple levels of engagement with the community –Discuss: Review design documents, identify gaps and changes –Develop: Help write code, documentation, etc –Deploy: Run OR as an IDMS (when released) –Donate: Contribute resources to help with development and outreach Transparent, agile development process –Work done on Jasig servers, not Rutgers Get the ball rolling, encourage others to join Build on lessons learned from CAS

18 OpenRegistry LSM 10/7/09 18

19 OpenRegistry LSM 10/7/09 19

20 OpenRegistry LSM 10/7/09 20

21 OpenRegistry LSM 10/7/09 21

22 OpenRegistry LSM 10/7/09 22

23 OpenRegistry LSM 10/7/09 23

24 OpenRegistry LSM 10/7/09 24 OpenRegistry Initiative Milestones √ Requirements √ Design √ Project Infrastructure R1: Core Services, REST API, Initial UI, Initial Business Rules –Meets Rutgers RIAR-1 requirements R2: Enhanced Core Services, UI, Business Rules, Initial Provisioning R3: Batch Interface, Enhanced Business Rules, Enhanced Provisioning

25 OpenRegistry LSM 10/7/09 25 Intersection With Your Institution Potential for collaboration could take many forms –Participation in or vetting of OR design –Evaluation for migration and adoption as OR matures –Adjustment of OR milestones according to your needs, with your resources Benefits of Migration to OR –Provides long term, sustainable model –Elimination of programmer-specific knowledge concerns –Avoidance of vendor lock-in Commercial solutions aren't drop-in, customization work needed Easier to tailor to future needs –Community of similar institutions in similar situations

26 OpenRegistry LSM 10/7/09 26 Additional Information http://www.ja-sig.org/wiki/display/OR

Download ppt "OpenRegistry LSM 10/7/09 1 OpenRegistry Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University July 2009."

Similar presentations

AR-07-01 – Issues for Attention Tactical and Strategic Guidance documents – what is the agreed approval/ publication process? –Strategic Guidance will.

AR – Issues for Attention Tactical and Strategic Guidance documents – what is the agreed approval/ publication process? –Strategic Guidance will.
Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
Presenter(s): Candace Soderston Matt Sargent Bill Yock Date:November 16, 2011 Time:2:30 to 3:30 pm Help Shape the Future of Open Source Identity and Access.

Presenter(s): Candace Soderston Matt Sargent Bill Yock Date:November 16, 2011 Time:2:30 to 3:30 pm Help Shape the Future of Open Source Identity and Access.
NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.

NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.
Copyright Dave Steiner and Jeremy Rosenberg 2010. This work is the intellectual property of the authors. Permission is granted for this material to be.

Copyright Dave Steiner and Jeremy Rosenberg This work is the intellectual property of the authors. Permission is granted for this material to be.
1 The Evolving Definition of Student: Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.

1 The Evolving Definition of "Student": Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
 SAP AG 2000 FAQ.ppt / 1 FAQ LSMW Frequently Asked Questions concerning LSMW.

 SAP AG 2000 FAQ.ppt / 1 FAQ LSMW Frequently Asked Questions concerning LSMW.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 17 Slide 1 Rapid software development.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 17 Slide 1 Rapid software development.
LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.

LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.
 Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user.

 Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user.
NERCOMP 2007 - Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.

NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.
Open Source for Government Alexander C. Pitzner Sr. Network Engineer Harrisburg University of Science and Technology

Open Source for Government Alexander C. Pitzner Sr. Network Engineer Harrisburg University of Science and Technology
June 10-15, 2012 Growing Community; Growing Possibilities Dedra Chamberlin, UCSF/UC Berkeley Eric Westfall, Indiana University.

June 10-15, 2012 Growing Community; Growing Possibilities Dedra Chamberlin, UCSF/UC Berkeley Eric Westfall, Indiana University.
ENTERPRISE DATA INTEGRATION APPLICATION ARCHITECTURE COMMITTEE OCTOBER 8, 2012 3-5 Year Strategic Initiatives.

ENTERPRISE DATA INTEGRATION APPLICATION ARCHITECTURE COMMITTEE OCTOBER 8, Year Strategic Initiatives.
University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy

University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy
State of Information Technology Presentation for Faculty Council November 14, 2013 Mike Carlin Vice Chancellor for IT and CIO.

State of Information Technology Presentation for Faculty Council November 14, 2013 Mike Carlin Vice Chancellor for IT and CIO.
1 Kuali Identity Management Advanced CAMP: Identity Services Summit for Higher Ed Open / Community-Source Projects.

1 Kuali Identity Management Advanced CAMP: Identity Services Summit for Higher Ed Open / Community-Source Projects.
InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb

InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb
The rSmart Group Kuali Days Successful Financial System Implementation Indianapolis April 11, 12 2006.

The rSmart Group Kuali Days Successful Financial System Implementation Indianapolis April 11,

Similar presentations

Ads by Google