3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Georgia State University Case.

Slides:



Advertisements
Similar presentations
Experiences in Middleware Deployment: Teach a man to fish… Mary Fran Yafchak NMI Integration Testbed Manager SURA IT Program Coordinator.
Advertisements

Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,
Evaluating a Mass Notification Service for Campus Wide Communication Lori Sundal Georgia Institute of Technology EDUCAUSE Southeast Regional Conference.
Copyright Ann West This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.
Seeing the Forest and the Acorns in the Decision Tree Sandy Burke Computing Center HelpDesk Manager Copyright Sandy Burke, This work is the intellectual.
Copyright Dickinson College This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Emergency Notification Systems - ISU Alert EDUCAUSE Midwest Regional ISU Alert Carol McDonald Information Systems Leader Information Technology.
1 Extending Authenticated Online Services with "Friend Accounts" at Washington State University Brian Foley Technology Architect/Application Developer.
Purdue University Calumet Enrollment Services Center Integrated Service Delivery In-person and on the Web Beth Pellicciotti Assistant Vice Chancellor Academic.
Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Peter Deutsch Director, I&IT Systems July 12, 2005
Directory Services Project University of Colorado at Boulder.
Identity Management: The Legacy and Real Solutions Project Overview.
Procurement From the 20 th to the 21 st Century Copyright Byron Honoré This work is the intellectual property of the author. Permission is granted.
Copyright Statement © Jason Rhode and Carol Scheidenhelm This work is the intellectual property of the authors. Permission is granted for this material.
Copyright C. Grier Yartz This work is the intellectual property of the author. Permission is granted for this material to be shared.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
Western Illinois University - Electronic Student Services Copyright Statement Copyright Western Illinois University – Electronic Student Services 2001.
West Virginia University Office of Information Technology Support Services One Stop Shopping For IT Support Services Sid Morrison Director, OIT Support.
Jumping Into the Frying Pan Lessons learned deploying and supporting Sakai in a liberal arts environment Mary P. Glackin & Julie Habjan Boisselle Mount.
Moving Your Paperwork Online Western Washington University E-Sign Web Forms Copyright Western Washington University, This work is the intellectual.
GatorAid: Identity Management at the University of Florida Mike Conlon Director of Data Infrastructure
Darrel S. Huish Katherine J. Ranes Arizona State University Lessons Learned During the First Year of myASU, a Large Institution Portal Copyright Darrel.
Art VandenbergNMI Integration Testbed – “Finale” Results Workshop, Sept 30-Oct 1, 2004 Austin, Texas 1 Georgia State University Sharing Resources – Sharing.
Unified Messaging at Williams College A Cost Model Analysis By Mark Berman Copyright Mark Berman, This work is the intellectual property of the author.
Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
1 No More Paper, No More Stamps: Targeted myWSU Communications Lavon R. Frazier April 27, 2005 Copyright Lavon R. Frazier, This work is the intellectual.
Beyond the Campus Gates: Bringing Alumni, Parents, and Prospects into the Campus Portal William P. Wilson Mark R. Albert John C. Duffy Gettysburg College.
NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.
University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy
Managing Intellectual Property for Distance Learning Liz Johnson Project Manager Advanced Learning Technologies Board of Regents of the University System.
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.
Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.
EDUCAUSE Midwest Regional March 24, 2003 Copyright Ann West This work is the intellectual property of the author. Permission is granted for this.
Enterprise Directories: Design, Implementation, and Operational Strategies Dr. Tom Barton.
A.Vandenberg October 21, 2001 Internet2 Fall Member Meeting1 Georgia State University – Case Study 1 Middleware: Working with Policy Makers, Data Owners,
Center for Planning and Information Technology T HE C ATHOLIC U NIVERSITY of A MERICA ERP Systems: Ongoing Support Challenges and Opportunities Copyright.
UWM CIO Office Where Did These Customizations Come From? Do We Need Them? March 14, 2007 Jill Unglaub, Senior Application Analyst Information and Media.
USERS Implementers Target Communities NMI Integration Testbed The NMI Integration Testbed NMI Participation Developed and managed by SURA Evaluate NMI.
A.Vandenberg October 24, 2001 University System of Georgia Annual Computing Conference 1 Directory and Person Registry Implementation Details Art Vandenberg.
Authority Process & Policy   Advanced CAMP July 9, 2003 Copyright Sandra Senti This work is the intellectual property of the author. Permission.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 NMI R3 Enterprise Directory Components.
6 Nov 2003 A. Vandenberg © Teach A Man to Fish Educause 2003 Anaheim, CA 1 Enterprise Directory Implementation Roadmap – Directions Provided Art Vandenberg.
Implementing a Role Management System Mair é ad Martin Carrie Regenstein Internet2 Fall Meeting September 20, 2005.
Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.
Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale This.
WebISO, Single Sign-On & Authorization General Overview Shelley Henderson Project Manager, Grid Software USC Information Services Copyright.
Bringing it All Together: Charting Your Roadmap CAMP: Charting Your Authentication Roadmap February 8, 2007 Paul Caskey Copyright Paul Caskey This.
Internet2 Spring Meeting, Washington DC April NMI R2 Directory Services Components Overview Art Vandenberg Director, Advanced Campus Services Information.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
© Scottsdale Community College Leveraging the Power of E-Learning Taking your course to a higher level Presented by Sidne Tate Director, Instructional.
University of Southern California Identity and Access Management (IAM)
How to Use Social Media, Identity Management, and Your Campus Portal to Efficiently and Effectively Communicate with Students Sarah Alpert, Senior Project.
SupportU 24x7: Implementing and Maintaining a Co-Managed Help Desk
Jill Forrester and David Kelly| October 20, 2011
OpenRegistry Initiative
Shibboleth Project at GSU
Applying Data Governance in Identity Management: To Serve and Protect
Decentralization in a Centralized IT Environment
University of Southern California Identity and Access Management (IAM)
Technical Topics in Privilege Management
Managing Enterprise Directories: Operational Issues
Presentation transcript:

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Georgia State University Case Study of A Person Registry Art Vandenberg Director, Advanced Campus Services Georgia State University “Copyright Art Vandenberg This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.”

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 2 Person Registry to Campus Directory Enterprise “directory architecture” Synchronizes data from different sources Provisions data to other applications A view of “authoritative sources” data Resolves identity Supports authentication & authorization –(directly, indirectly…) Supported by: NMI Middleware components

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 3 Critical Success Factors Top level sponsorship – CIO Steering Group – CIO + IT Directors Working groups – data stewards, technical Stepwise approach, let it evolve Take advantage of opportunity –Student was a prime driver in early 2001 –New Rec Center was showcase opportunity: how to provide automated access... synchronized with campus onecard –WebCT, Campus Directory, Library feeds, groups, check advice via … Supported by: Roadmap components

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 4 NMI Components We Used Internet2 Middleware – –Site, lists, working groups – Good overview and starting point, generally accessible – Introduces schema issues – “Hey, whoa, this is exactly what we’re facing…!!” Identifiers, authentication, authorization, synchronization [Tim Howes: Understanding and Deploying LDAP Directory Services ( 2nd Edition, Addison-Wesley, 2003 )] LDAP Recipe eduPerson schema Metadirectory Practices for Enterprise Directories in HE

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 5 We Had (Too Many) Solutions Student Student Rec Center OneCard WebCT class rolls lists Open Record requests ElementK access College request for data load Library Staff Alumni Student Financial HR/PR Sponsored Research LDAP Directory ??

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 6 (We Needed) person registry Staff data Student data PERSON REGISTRY Name, ID, Address, Phone… Title, Department, College, Dept, Major, Course, Term WebCT class rolls Campus directory Student Rec Center access Supported by: Metadirectory Practices… (and R.L.“Bob” Morgan)

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 7 Person Registry: Synchronizes HR/PPS feed nightly –(name, title, phone, department…) Student feed nightly –(name, college, dept, major, course…) Rec Center Affiliates being added –(name, sponsor, paid status…) Resolves into a single Person Registry core record –Effectively provides cross-walk back to source ERP systems Supported by: Metadirectory Practices…

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 8 Person Registry: Provisions Student (PR assigns) –Sends nightly updates to Novell Netmail (LDAP) Student Rec Center gate access (via PantherCard) –Sends nightly update on eligibility (rec fee paid) to card office WebCT (PR provides course enrollment feeds) Library –Sends periodic updates on eligibility Banner (passes back student assigned by registry…) Campus Directory –Nightly update of faculty, staff, student, affiliates, retirees... Supported by: Metadirectory Practices…

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 9 Business Rules: authoritative sources Basic Principle of authoritative sources –KEY: data stewards involved Day 1 (or earlier) Employee data has precedence over student –Establish campus policy Merge identity data to one person record Data stewards address policy issues –FERPA requires access control Person registry is also authoritative source – , PantherCard id, library barcode, campusId –it’s about identity management Supported by: Metadirectory Practices for Enterprise Directories In Higher Education

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 10 Ongoing results… Campus Directory (classic LDAP recipe issues) –online January 18, 2003 Self-service Profile Manager (metadirectory enabled) –Select CampusId, set pw, set routing Campus communication (metadirectory enabled) – (not postal) for payroll/check advices –Leave balances, check & deposit history online (bonus benefit) Student groups in progress (SAGE group editing?) –working groups engaged (College reps, technical, policy…) –automated standard groups (if N = #people, 2 N = possible groups) –employee groups in queue (objects in mirror appear closer than…)

Georgia State Campus Directory Novell eGuide provides rich interface: Compound Boolean searches Find: All Employee Student Affiliate Retired other String Match options Supported by: LDAP recipe eduPerson Metadirectory…

Georgia State Campus Directory... HR data: Name Dept Phone Mailstop Affiliations are “calculated”; eduPersonAffiliation attributes Person registry data: CampusID, eduPersonPrincipalName Supported by: eduPerson Metadirectory… (provisioning, identifiers)

Georgia State Campus Directory... Student Data: Robinson College of Business gsuPersonCollege Current Policy limits directory data for students. IF FERPA invoked, NO student data at all Student Affiliation added; however eduPersonPrimaryAffiliation set to employee due to precedence Business rule Supported by: eduPerson, LDAP recipe (access control)

Georgia State Online Advice View Identity Management: Unique identifier For everyone at Georgia State Middleware makes it possible (metadirectory architecture=legacy HR/PR on web!) Supported by: LDAP recipe (ids, authentication, pw management)

Georgia State Online Advice View… Provides link to Student refunds History Data! Application enabled by: NMI Middleware infrastructure

Georgia State Profile Manager Key Concept: Identity management involves user. Provide the means for users to manage their electronic profile. Concept by: NMI Middleware

Georgia State Profile Manager… Default options: Designate Target In-Box Change Password Other options available to Helpcenter or others cf. General Access Menu Everyone can use eduPersonPrincipalName for (it’s mapped it to Target in-box) Key function: follows NMI Middleware Recommendation for eduPersonPrincipalName

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 18 Phased Approach… and issues groups faculty/staff [personal groups?] (SAGE…) LDAP authentication (LDAP Recipe) Record added to registry at “first touch” - then pulled by SCT, Peoplesoft…!? (cf. BC metadirectory model) –New hires become “provisional employee” –“day one” start… “last day” stop More Self-service options ( nickname, url, addresses… ) Campus ID as network id –unified name space (Metadirectory Practices for Enterprise…) –Is the hurdle a)Technical b)Policy c)sheer effort d)All…? Maintaining momentum is key

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 19 Very important links Internet2 Middleware – Enterprise Directory Implementation Roadmap – LDAP Recipe – eduPerson – Metadirectory Practices for Enterprise Directories in HE – mace-dir-metadirectories-practices htmhttp://middleware.internet2.edu/dir/metadirectories/internet2- mace-dir-metadirectories-practices htm

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 20 Contact Art Vandenberg Thank you

Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment Anaheim, CA Monday November 3, :30 am – 5:00 pm

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.