Presentation on theme: "Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida."— Presentation transcript:
Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida
Desired State One person, one identity Identity management across UF systems – desktop, web-based, enterprise Support multiple modalities for directory services – LAN-based, web-based, enterprise Provide public and private identifiers, not SSN Authoritative source for identity and directory information Move toward single sign-on
Some History Registry since 1988 Kerberos since 1997 LDAP since 1998 Directory Strategy process 6/00-8/01. White paper. nteam.htm nteam.htm Directory Project 9/01-January 21, Largest UF IT Project.
Strategy Process Fourteen months 6/00-8/01 Visit by Ken Klingenstein 4/01 Student ID Process 2/01-8/01 ID recommendation: UFID for entire community. Follow I2 guidelines. Integrate with directory project Strategy white paper for directory services at UF – why, what, how, who, when (18 months)
Directory Project Timeline IT Review complete 3/01 Directory white paper 8/01 Project launch 10/01 Original target date 4/03 Actual go-live January 21, 2003 Seven FTE on core team Over 150 participants from across UF
Directory Project Charge Use of models and standards developed by the Internet2 Initiative including the EduPerson schema.Internet2 Initiative Update to database schema in DB2 and LDAP. Provide a support mechanism for unit level extensions as desired. Improve infrastructure of LDAP facility. Develop processes and policies to ensure maintenance of accurate directory data. Develop of standard interfaces to reduce need for duplicate databases and enhance accessibility of directory data. Develop a middleware connection in support of a new UF identifier strategy. Develop effective data flows to and from existing data systems such as the Registrar and Personnel. Provide a data model, LDAP schema and set of API's to support functional expansion and growth of new idea.
UF Directory Project Overhaul Registry Overhaul LDAP. eduPerson, eduPersonAffiliation Introduce UFID. Publicly visible identifier (nnnn- nnnn) used in place of SSN for business transactions. Introduce UUID. Private identifier used as key in core systems SSN as attribute GatorLink as attribute Over 1,500 legacy apps modified All SSN-based processes refactored Self-service directory access
Consequences 1,272,228 objects in UF LDAP People, Organizations, Groups, Relationships Better data through new processes Old: Local admin + reconciliation New: Central, self-service + replication Positioned for new services PeopleSoft, Active Directory, Single Sign On
Current State Five production middleware data systems – LDAP, UF Registry, Kerberos, Netware Directory Services (NDS), PeopleSoft Portal Active Directory (AD) to be added Existing integration between PeopleSoft, LDAP, Kerberos and UF Registry Adhoc integration with Kerberos and NDS UF Registry provides authoritative source GatorLink ( , netid), UFID (publicly visible), UUID (private) identifiers
Why Six Systems? LDAP is the open standard for web-based applications Active Directory is the standard for desktop users NDS is the legacy system for desktop users PeopleSoft is the future enterprise system Kerberos is the open standard for authentication UF Registry is the current authoritative source with a known data model and service provider for legacy systems
Middleware Roadmap Use LDAP and Kerberos to authenticate PeopleSoft (in place today) Provide standards-based authentication mechanism for free-standing web apps (in place today via GL Auth) Implement AD based on Kerberos identity – provide a foundation for future desktop integration. Spring 2003 through 2005 Consider the future of NDS Migrate UF Registry to PeopleSoft Campus Community. Analysis complete, design in progress, go-live 7/04 7/04: Integrated enterprise middleware systems – AD, LDAP, PeopleSoft, Kerberos