Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.

Slides:



Advertisements
Similar presentations
Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.
Advertisements

Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
Planning: Project Readiness and Costs Mike Conlon Director of Data Infrastructure University of Florida Copyright Michael Conlon, This work is the.
Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.
FSU Directory Project The Issue of Identity Management Jeff Bauer Florida State University
Emory University Case Study I2 Day Camp November 5, 2010 John Ellis & Elliot Kendall.
Password?. Project CLASP: Common Login and Access rights across Services Plan
Password?. Project CLASP: Common Login and Access rights across Services Plan
LLNL and LANL Portal Update Cathy Aaron, Lawrence Livermore National Laboratory Katherine Norskog, Los Alamos National Laboratory Presented at InterLab.
Active Directory: Final Solution to Enterprise System Integration
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Integrating Oracle Collaboration Suite into the Identity Management Infrastructure Dan Malone Cal Poly, San Luis Obispo Integrating.
Enterprise Directory Services A Common Registry (Identity Management) & Common Source of Authoritative Attributes Presentation to the Office of the President.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Directory Services Project University of Colorado at Boulder.
Peter Deutsch Director, I&IT Systems July 12, 2005
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Directory Services Project University of Colorado at Boulder.
System Architecture University of Maryland David Henry Office of Information Technology December 6, 2002.
Identity Management: The Legacy and Real Solutions Project Overview.
GatorAid: Identity Management at the University of Florida Mike Conlon Director of Data Infrastructure
Application Security Management Functional Project Manager (s) ERP Project Director ERP Campus Executive University & Campus Administration Security Policy.
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.
1 No More Paper, No More Stamps: Targeted myWSU Communications Lavon R. Frazier April 27, 2005 Copyright Lavon R. Frazier, This work is the intellectual.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Georgia State University Case.
What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin – Medicity/THSA.
The UF Directory Project Project Leader: Warren Curry, Information Systems Project Project Web Site:
Who’s Who and What’s What in the University Directory at Georgetown Common Solutions Group Spring Meeting University of Chicago May 9, 2002 Charles F.
Integrating Applications with the Directory Andrea Beesing CIT/Integration and Delivery June 25, 2002.
Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
Uniting Cultures, Technology & Applications A Case Study University of New Hampshire.
USM Regional PeopleSoft Conference
ROUND 3 User Security Set Up Presented by: Shirley Criscillis, Frank Green and Mollie Alberts.
Federated Identity and the International Research Community Dr Ken Klingenstein Director, Internet2 Middleware and Security.
GatorLink Password Management Policy March 31, 2004.
KUALI IDENTITY MANAGEMENT Provides services for Identity and Access Management in Kuali Integrated Reference Implementations User Interfaces An “integration.
Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.
USERS Implementers Target Communities NMI Integration Testbed The NMI Integration Testbed NMI Participation Developed and managed by SURA Evaluate NMI.
GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,
PubCookie Strategy and Tactics Mike Conlon Director of Data Infrastructure University of Florida.
March 27, 2000GSU/IST/Advanced Campus Services 1 Enterprise Directory Strategy & Recommendations Georgia State University.
Requirement for Enterprise Directory Services A Customer Influenced Perspective TOG DCE Program Group ® Brian Breton Gradient Technologies, Inc.
Erie 1 BOCES / WNYRIC eBOCES applications Visit us at:
Stanford Authorization Existing mainframe based authority –homegrown, in operation since the 80’s –primarily for financial and personnel authority for.
Identity and Access Management Roadmap Presentations for Committee on Technology and Architecture March 21, 2012 Amy Day, MBA Director of GME IAM Committee.
Password? CLASP Project FOCUS Meeting, 12 October 2000 Denise Heagerty, IT/IS.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 NMI R3 Enterprise Directory Components.
FSU Metadirectory Project The Issue of Identity Management Executive Overview.
Information Technology Current Work in System Architecture January 2004 Tom Board Director, NUIT Information Systems Architecture.
FSU Metadirectory Project The Issue of Identity Management Executive Overview
IEEE IT (Information Technology) Strategy – 2005 Unapproved.
Registry & Directory Infrastructure at Stanford Note! This talk was superseded by.. Registry & Directory Infrastructure: A Case History..as of 31-Mar-1999.
Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Portal Services & Credentials at UT Austin CAMP Identity and Access Management Integration Workshop June 27, 2005.
Microsoft Identity Integration Server & Role Base Access Theo Kostelijk Consultant Microsoft BV
2-Oct-0101 October 2001 Directories as Middleware Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect.
What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin - Medicity.
1 Name of Meeting Location Date - Change in Slide Master Authentication & Authorization Technologies for LSST Data Access Jim Basney
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Identity Management at the University of Florida
Supporting Institutions Towards a Shibbolized Infrastructure
UF Directory Coordinator Training
Data, Policy, Stakeholders, and Governance
Presentation transcript:

Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida

Desired State  One person, one identity  Identity management across UF systems – desktop, web-based, enterprise  Support multiple modalities for directory services – LAN-based, web-based, enterprise  Provide public and private identifiers, not SSN  Authoritative source for identity and directory information  Move toward single sign-on

Some History  Registry since 1988  Kerberos since 1997  LDAP since 1998  Directory Strategy process 6/00-8/01. White paper. nteam.htm nteam.htm  Directory Project 9/01-January 21, Largest UF IT Project.

Strategy Process  Fourteen months 6/00-8/01  Visit by Ken Klingenstein 4/01  Student ID Process 2/01-8/01 ID recommendation: UFID for entire community. Follow I2 guidelines. Integrate with directory project  Strategy white paper for directory services at UF – why, what, how, who, when (18 months)

Directory Project Timeline  IT Review complete 3/01  Directory white paper 8/01  Project launch 10/01  Original target date 4/03  Actual go-live January 21, 2003  Seven FTE on core team  Over 150 participants from across UF

Directory Project Charge  Use of models and standards developed by the Internet2 Initiative including the EduPerson schema.Internet2 Initiative  Update to database schema in DB2 and LDAP.  Provide a support mechanism for unit level extensions as desired.  Improve infrastructure of LDAP facility.  Develop processes and policies to ensure maintenance of accurate directory data.  Develop of standard interfaces to reduce need for duplicate databases and enhance accessibility of directory data.  Develop a middleware connection in support of a new UF identifier strategy.  Develop effective data flows to and from existing data systems such as the Registrar and Personnel.  Provide a data model, LDAP schema and set of API's to support functional expansion and growth of new idea.

UF Directory Project  Overhaul Registry  Overhaul LDAP. eduPerson, eduPersonAffiliation  Introduce UFID. Publicly visible identifier (nnnn- nnnn) used in place of SSN for business transactions.  Introduce UUID. Private identifier used as key in core systems  SSN as attribute  GatorLink as attribute  Over 1,500 legacy apps modified  All SSN-based processes refactored  Self-service directory access

Consequences  1,272,228 objects in UF LDAP People, Organizations, Groups, Relationships  Better data through new processes Old: Local admin + reconciliation New: Central, self-service + replication  Positioned for new services PeopleSoft, Active Directory, Single Sign On

Current State  Five production middleware data systems – LDAP, UF Registry, Kerberos, Netware Directory Services (NDS), PeopleSoft Portal  Active Directory (AD) to be added  Existing integration between PeopleSoft, LDAP, Kerberos and UF Registry  Adhoc integration with Kerberos and NDS  UF Registry provides authoritative source  GatorLink ( , netid), UFID (publicly visible), UUID (private) identifiers

Why Six Systems?  LDAP is the open standard for web-based applications  Active Directory is the standard for desktop users  NDS is the legacy system for desktop users  PeopleSoft is the future enterprise system  Kerberos is the open standard for authentication  UF Registry is the current authoritative source with a known data model and service provider for legacy systems

Middleware Roadmap  Use LDAP and Kerberos to authenticate PeopleSoft (in place today)  Provide standards-based authentication mechanism for free-standing web apps (in place today via GL Auth)  Implement AD based on Kerberos identity – provide a foundation for future desktop integration. Spring 2003 through 2005  Consider the future of NDS  Migrate UF Registry to PeopleSoft Campus Community. Analysis complete, design in progress, go-live 7/04  7/04: Integrated enterprise middleware systems – AD, LDAP, PeopleSoft, Kerberos

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.