OpenRegistry MACE-Dir 5/18/09 1 OpenRegistry Initiative Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University May 2009.

Slides:



Advertisements
Similar presentations
Copyright Dave Steiner and Jeremy Rosenberg This work is the intellectual property of the authors. Permission is granted for this material to be.
Advertisements

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.
Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.
Peter Deutsch Director, I&IT Systems July 12, 2005
WORKDAY TECHNOLOGY Stan Swete CTO - Workday 1.
Managing Master Data with MDS and Microsoft Excel
 Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user.
NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.
June 10-15, 2012 Growing Community; Growing Possibilities Dedra Chamberlin, UCSF/UC Berkeley Eric Westfall, Indiana University.
ENTERPRISE DATA INTEGRATION APPLICATION ARCHITECTURE COMMITTEE OCTOBER 8, Year Strategic Initiatives.
Rev Jul-o6 Oracle Identity Management Automate Provisioning to Oracle Applications and Beyond Kenny Gilbert Director of Technology Services.
Configuration Management, Logistics, and Universal CM Issues Larry Bauer Boeing Commercial Airplanes NDIA Conference Miami March 4-5, 2005
University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy
Technical Overview of Kuali Rice UC Davis, Information & Educational Technology January 2009.
PayDox Corporate Document Management System Rotech AB Interface Ltd Business Software Integration.
1 Building and Maintaining Information Systems. 2 Opening Case: Yahoo! Store Allows small businesses to create their own online store – No programming.
1 Kuali Identity Management Advanced CAMP: Identity Services Summit for Higher Ed Open / Community-Source Projects.
Powered by Employment Security Department WorkSource Integrated Technology Solution.
Powered by An overview of the WorkSource Integrated Technology Solution for WEC.
An Online Knowledge Base for Sustainable Military Facilities & Infrastructure Dr. Annie R. Pearce, Branch Head Sustainable Facilities & Infrastructure.
KUALI IDENTITY MANAGEMENT Provides services for Identity and Access Management in Kuali Integrated Reference Implementations User Interfaces An “integration.
UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma
Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.
Building Applications with the KNS. The History of the KNS KFS spent a large amount of development time up front, using the best talent from each of the.
1 Schema Registries Steven Hughes, Lou Reich, Dan Crichton NASA 21 October 2015.
Capture the Movement: Banner 7.0 and Beyond Susan LaCour, Senior Vice President, Solutions Development California Community Colleges Banner Group.
Presenter(s): Candace Soderston Matt Sargent Bill Yock Date:November 16, 2011 Time:2:30 to 3:30 pm Help Shape the Future of Open Source Identity and Access.
June 10-15, 2012 Growing Community; Growing Possibilities Dedra Chamberlin, UCSF/UC Berkeley Eric Westfall, Indiana University.
Information Technology Current Work in System Architecture January 2004 Tom Board Director, NUIT Information Systems Architecture.
The State of Identity Management on Your Campus Session Moderators Jacob Farmer, Indiana University Theresa Semmens, North Dakota State University November.
KIM: Kuali Abstraction Layer for Identities, Groups, Roles, and Permissions.
ISC-ASTT PennGroups Central Authorization System (Grouper) June 2009.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Portal Services & Credentials at UT Austin CAMP Identity and Access Management Integration Workshop June 27, 2005.
June 10-15, 2012 Growing Community; Growing Possibilities Dedra Chamberlin, UC Davis Eric Westfall, Indiana University.
2-Oct-0101 October 2001 Directories as Middleware Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect.
8a Certified. About Us  Headquarters in Vienna, VA  Service Disabled Veteran-owned Small Business  SBA 8(a) program participant  Small Disadvantaged.
Vision to Reality: How Knowledge Sharing Promotes Efficiencies Through Process Improvement  History of the Knowledge Collaboration Centre (KCC)  The.
Portlet Development Konrad Rokicki (SAIC) Manav Kher (SemanticBits) Joshua Phillips (SemanticBits) Arch/VCDE F2F November 28, 2008.
Records Management with MOSS, K2, & PsiGen Deepa Patadia
Open-Source Identity Management MACE Grouper, Shibboleth and OpenRegistry Benjamin Oshrin Rutgers University Copyright © James Cramton Benjamin Oshrin.
OpenRegistry Jasig Dallas OpenRegistry Initiative Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University March 2009.
OpenRegistry LSM 10/7/09 1 OpenRegistry Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University July 2009.
Information Technology  © 2001 The Trustees of Boston College   Slide 1 Call to Action! Bernard W. Gleason JA-SIG uPortal Conference Vancouver, British.
October 2014 HYBRIS ARCHITECTURE & TECHNOLOGY 01 OVERVIEW.
Introduction The concept of a web framework originates from the basic idea that every web application obtains its foundations from a similar set of guidelines.
OpenRegistry: What’s New Jasig San Diego 3/10 1 What’s New With OpenRegistry Scott Battaglia Benjamin Oshrin March 2010.
Electronic Business Systems
MED-V - Managing virtual PCs for IT Pros
OpenRegistry Initiative
By: Raza Usmani SaaS, PaaS & TaaS By: Raza Usmani
BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.
EGEE Middleware Activities Overview
Current Campus Issues – From My Horizon
Vaccine Code Set Management Services Pilot
It’s About Time! Finding Efficiencies in Post Award Operations
Cloud Computing.
PASSHE InCommon & Federated Identity Workshop
Central Authorization System (Grouper) June 2009
Metadata in the modernization of statistical production at Statistics Canada Carmen Greenough June 2, 2014.
MANAGING DATA RESOURCES
Identity Management at the University of Florida
Community AAI with Check-In
Metadata The metadata contains
Tips and Tricks for Getting Started with ArcGIS Solutions
Rapid software development
ORCID: ADDING VALUE TO THE GLOBAL RESEARCH COMMUNITY
Technical Issues with Establishing Levels of Assurance
Data, Policy, Stakeholders, and Governance
HLN Consulting, LLC® November 8, 2006
Presentation transcript:

OpenRegistry MACE-Dir 5/18/09 1 OpenRegistry Initiative Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University May 2009

OpenRegistry MACE-Dir 5/18/09 2 Table of Contents Background –Identity and Access Management Models –What is a Registry? What is OpenRegistry? –Inspirations and Use Cases Objectives Approach Technology –Data Model –Architecture Milestones

OpenRegistry MACE-Dir 5/18/09 3 I2 Identity & Access Management Model

OpenRegistry MACE-Dir 5/18/09 4 I2 Identity & Access Management Model OpenRegistry Core

OpenRegistry MACE-Dir 5/18/09 5 I2 Identity & Access Management Model OpenRegistry Core OpenRegistry Periphery

OpenRegistry MACE-Dir 5/18/09 6 What is a “Registry”? A definitive source of information related to a type of entity Person Registry: Definitive set of people affiliated with a given organization Other types of registries: Group, service, account, credential, course, role, business rule

OpenRegistry MACE-Dir 5/18/09 7 What Is OpenRegistry? An OpenSource Identity Management System, a place for data about people affiliated with your institution Core functionality –Interfaces for web, batch, and real-time data transfer –Identity data store –Identity reconciliation from multiple systems of record –Identifier assignment for new, unique individuals Additional functionality –Data beyond Persons: Groups, Courses, Credentials, Accounts –Business Rule based data transformations

OpenRegistry MACE-Dir 5/18/09 8 What Is OpenRegistry? More than just a Registry, some periphery too –Directory Builder –Provisioning and Deprovisioning Generally not authoritative for data –SORs are authoritative for most data –OR reflects single, reconciled view of data from multiple SORs –Exceptions include some identifiers, results of business rule calculations, populations with no real SOR (eg: visitors)

OpenRegistry MACE-Dir 5/18/09 9 Inspirations Columbia University Identity Management System Rutgers People Database Georgetown Model* Higher Ed Standards (eg: eduPerson) Evolving Standards (eg: NIST LoA) Review of interested peer institutions Decades of combined experience from before the field was called “Identity Management”

OpenRegistry MACE-Dir 5/18/09 10 Rutgers University Capture Identity Data for all populations affiliated with the University, including regular students, continuing ed students, joint program students, alumni, new employees, faculty, staff, retirees, and guests –Now: Primarily students, faculty/staff, and some “guests” Faster propagation of data, real time where possible –Now: Nightly to biweekly batch feeds Consistent data definitions, contracted via versions –Now: Hard to find definitions, unclear when they change Delegated operations where possible –Now: Heavy dependency on Help Desk and Central IT

OpenRegistry MACE-Dir 5/18/09 11 OpenRegistry (Select) Use Cases Fast identity creation for new hires (provisional hire) Real-time System of Record (SOR) data where SOR is capable, batch otherwise Guest sponsorship Directory construction, including real-time updates Provisioning/deprovisioning Data dictionary and versioned attribute definitions Password trust/levels of assurance ID Card integration Activation keys Roles and role specific data Audit history

OpenRegistry MACE-Dir 5/18/09 12 OpenRegistry Objectives Meet functional requirements of constituent institutions Highly scalable, highly available, modular architecture Easy to install, easy to configure, easy to adapt, easy to use, easy to maintain

OpenRegistry MACE-Dir 5/18/09 13 OpenRegistry Approach Communicate openly and transparently Design based on supportable, end-user focused, efficient processes and ease of maintenance Adhere to open standards wherever possible Leverage other higher ed efforts Favor iterative development where appropriate Implement highly available, highly scalable, cost efficient technologies

OpenRegistry MACE-Dir 5/18/09 14 OpenRegistry Approach Generic architecture and data model –More than Rutgers needs, but makes OR more useful for others Multiple levels of engagement with the community –Discuss: Review design documents, identify gaps and changes –Develop: Help write code, documentation, etc –Deploy: Run OR as an IDMS (when released) –Donate: Contribute resources to help with development and outreach Transparent, agile development process –Work done on Jasig servers, not Rutgers Get the ball rolling, encourage others to join Build on lessons learned from CAS

OpenRegistry MACE-Dir 5/18/09 15 Data Model Generic enough to work for multiple institutions Specific enough to work for yours Internationalized Well documented

OpenRegistry MACE-Dir 5/18/09 16 Data Model Overview

OpenRegistry MACE-Dir 5/18/09 17 Data Model Excerpt

OpenRegistry MACE-Dir 5/18/09

OpenRegistry MACE-Dir 5/18/09 19 Component Architecture

OpenRegistry MACE-Dir 5/18/09 20

OpenRegistry MACE-Dir 5/18/09 21

OpenRegistry MACE-Dir 5/18/09 22

OpenRegistry MACE-Dir 5/18/09 23

OpenRegistry MACE-Dir 5/18/09 24

OpenRegistry MACE-Dir 5/18/09 25

OpenRegistry MACE-Dir 5/18/09 26 OpenRegistry Initiative Milestones √ Requirements √ Design √ Project Infrastructure R1: Core Services, REST API, Initial UI, Initial Business Rules –Meets Rutgers RIAR-1 requirements R2: Enhanced Core Services, UI, Business Rules, Initial Provisioning R3: Batch Interface, Enhanced Business Rules, Enhanced Provisioning

OpenRegistry MACE-Dir 5/18/09 27 Intersection With Your Institution Potential for collaboration could take many forms –Participation in or vetting of OR design Web Interface and Data Model design underway now –Evaluation for migration and adoption as OR matures –Adjustment of OR milestones according to your needs, with your resources Benefits of Migration to OR –Provides long term, sustainable model –Elimination of programmer-specific knowledge concerns –Avoidance of vendor lock-in Commercial solutions aren't drop-in, customization work needed Easier to tailor to future needs –Community of similar institutions in similar situations

OpenRegistry MACE-Dir 5/18/09 28 Additional Information

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.