Managing Enterprise Directories: Operational Issues

Slides:



Advertisements
Similar presentations
What’s FIM all about?. Agenda What is FIM Why are we implementing FIM How is FIM related to Office 365 What will FIM do How does FIM differ from ILM (current.
Advertisements

What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.
Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,
© Copyright Computer Lab Solutions All rights reserved. Do you need usage information about your computer labs? Copyright Computer Lab Solutions.
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.
1 Extending Authenticated Online Services with "Friend Accounts" at Washington State University Brian Foley Technology Architect/Application Developer.
A Different View of IdM Biz Process? Michael R Gettes Duke University Denver, June 2005.
Multi-Organizational Authorization Services RL “Bob” Morgan, University of Washington Internet2/Educause Advanced CAMP Boulder, Colorado July 2003.
Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.
Copyright Jill M. Forrester This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
Identity Management: The Legacy and Real Solutions Project Overview.
MIT ROLES DB Internet 2 Authority Architectures CAMP, June 2004.
INDIANAUNIVERSITYINDIANAUNIVERSITY Automated Network Isolation at Indiana University David A. Greenberg Information Technology Security and Policy Office.
Darrel S. Huish Katherine J. Ranes Arizona State University Lessons Learned During the First Year of myASU, a Large Institution Portal Copyright Darrel.
Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, This work is the intellectual property of the.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Unified Messaging at Williams College A Cost Model Analysis By Mark Berman Copyright Mark Berman, This work is the intellectual property of the author.
Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,
Sharing Information and Controlling Content: Continuing Challenges for Higher Education Susanna Frederick Fischer Assistant Professor Columbus School of.
Information Technology Services 1 Copyright Copyright Marc Wallman and Theresa Semmens, This work is the intellectual property of the authors. Permission.
Educause 2006, Dallas TX What does a University need from Access Management? John Paschoud InfoSystems Engineer, LSE Library London School of Economics.
Moving Your Paperwork Online University of California, Irvine presents PayQuest Copyright UC,Irvine This work is the.
NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Georgia State University Case.
Copyright Michael White and Sandra Thompson, This work is the intellectual property of the author. Permission is granted for this material to be.
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
Enterprise Directories: Design, Implementation, and Operational Strategies Dr. Tom Barton.
Discussion Panelists: Justin C. Klein Keane Sr. Information Security Specialist University of Pennsylvania Jonathan Hanny Application Security Specialist.
Welcome to CAMP: Charting Your Authentication Roadmap Mike Grady Senior Technology Architect and Strategist Campus Information Technologies and Educational.
Security Access Management at UCI – Slaying the Paper Forms Dragon Mark Askren, Assistant Vice Chancellor Valerie Jones, Project Lead Jennifer Lane, Help.
Authority Process & Policy   Advanced CAMP July 9, 2003 Copyright Sandra Senti This work is the intellectual property of the author. Permission.
Two Issues in Directory Operations Dr. Tom Barton The University of Memphis & Internet2.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 NMI R3 Enterprise Directory Components.
Copyright David A. Cox This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
Learning & Teaching = Activities Copyright Steve Ehrmann & Nikki Reynolds, This work is the intellectual property of the author. Permission is granted.
The Unexpected Webification of FRS Financial Records System or Steve Machuga Gil Thornfeldt “A funny thing happened on the way to electronic forms” Copyright.
Integration is Critical for Success Curriculum Course Delivery Ongoing Support Instructor & Learner.
EDUCAUSE 2003 Copyright Toshiyuki Urata 2003 This work is the intellectual property of the author. Permission is granted for this material to be shared.
Moving Forward in Stages Tom Barton, University of Chicago.
Authors: Victoria F. Sarkisian, Linguistic Coordinator at the Academic Learning Center Austin C. Schilling, Senior Consultant at IBM In collaboration with:
WebISO, Single Sign-On & Authorization General Overview Shelley Henderson Project Manager, Grid Software USC Information Services Copyright.
Bringing it All Together: Charting Your Roadmap CAMP: Charting Your Authentication Roadmap February 8, 2007 Paul Caskey Copyright Paul Caskey This.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
Copyright Michael White and Sylvia Maxwell, This work is the intellectual property of the author. Permission is granted for this material to be shared.
© Scottsdale Community College Leveraging the Power of E-Learning Taking your course to a higher level Presented by Sidne Tate Director, Instructional.
University of Southern California Identity and Access Management (IAM)
Breaking Down Barriers & Building Bridges Improves Customer Satisfaction & Efficiency Wendy Woodward | March 15, 2011 Copyright Wendy Woodward 2011.
How to Use Social Media, Identity Management, and Your Campus Portal to Efficiently and Effectively Communicate with Students Sarah Alpert, Senior Project.
SupportU 24x7: Implementing and Maintaining a Co-Managed Help Desk
Jill Forrester and David Kelly| October 20, 2011
Federated Identity Management at Virginia Tech
Julian Hooker Assistant Managing Director Educause Southwest
BIM 360 Glue Migration to BIM 360 Account Administration (HQ)
Applications of Virtualization & Automation
John O’Keefe Director of Academic Technology & Network Services
Decentralization in a Centralized IT Environment
IT All Staff M. Mundrane 16 March 2018.
Copyright Notice Copyright Bob Bailey This work is the intellectual property of the author. Permission is granted for this material to be shared.
Ed Barboni, Senior Advisor, Council of Independent Colleges
Blaine A. Brownell, President,
University of Southern California Identity and Access Management (IAM)
Privilege Management: the Big Picture
Project for OnLine Instructional Support (POLIS)
October 20, 2004 CAMP: Delivering, Sourcing, and Securing Services Throughout the Student Identity Life Cycle Stage 1: Establishing a Relationship.
myIS.neu.edu – presentation screen shots accompany:
An App A Day Copyright Tina Oestreich and Brian Yuhnke This work is the intellectual property of the author. Permission is granted for this material.
Technical Topics in Privilege Management
October 20, 2004 CAMP: Delivering, Sourcing, and Securing Services Throughout the Student Identity Life Cycle Stage 1: Establishing a Relationship.
Enabling Applications to Use Your IdMS
Presentation transcript:

Managing Enterprise Directories: Operational Issues Dr. Tom Barton, University of Memphis Copyright Tom Barton, 2003. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

Stateful Provisioning Base CAMP - February 5-7, 2003 2

The Problem Unclear process for lifecycle management of accounts & other IT resources Seat of pants policy determination Inconsistent operational practices Done differently by different people at different times Common business logic forced to reside in applications to determine eligibility Eg. Is this user “currently a member of community”? Inconsistent service levels for users results. Base CAMP - February 5-7, 2003 3

Automated stateful provisioning Basic account provisioning is guided by a finite state machine. Managed resources include shell accounts IMAP/POP/HTTP mailbox service campus-wide computing cluster access variety of directory enabled application and web services that use an LDAP directory for access control, or that use the LDAP directory to determine eligibility for service. Base CAMP - February 5-7, 2003 4

States embody levels of service Provisioning profiles Full access to basic services Faculty, staff, enrolled student Email & identity management, including PIN maintenance for access to administrative web applications Accepted student, registered student Identifiers maintained for continued support for outsourced services Alum, id retained Steps between these and oblivion Notification of impending doom Access denied Resources deleted Base CAMP - February 5-7, 2003 5

Independent variables for state transitions substate date the present state was reached date by which the present state might end (expiration date) major affiliation (faculty, staff, enrolled student, accepted student, registered student, alum, id retained) multivalued attribute holding the identifiers of resources being managed for this account. Base CAMP - February 5-7, 2003 6

Not shown: transitions to prospective state from grace, limbo, slide, IDonly. Base CAMP - February 5-7, 2003 7

Benefits Smooth over issues with feeds from source systems (grace state). Provide continuity of service to persons who temporarily drop out of source systems. Absence from a source system need not imply absence from University community. Avoid deletion of resources for persons not in fact departed (limbo state). Organizing principle for business logic that determines provisioning. Base CAMP - February 5-7, 2003 8

Benefits Authorization policy in applications can leverage knowledge of user’s “state”. Details of how to determine “standing” of a person from data in source systems is only instantiated once. Administrative exceptions need only be represented once, in the metadirectory. Source of IT resource management policy. Increases value of integrated architecture (cf. “Middleware Business Case” – middleware value proposition) Base CAMP - February 5-7, 2003 9

Issues Expression of former affiliation Guest account management Exposed during graceful removal? “accidental” nature of residual affiliation Guest account management manageGuest – thumbs up Sponsored account management Managed by humans – well, supposed to be.. Base CAMP - February 5-7, 2003 10

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.