Integrating Applications with the Directory Andrea Beesing CIT/Integration and Delivery June 25, 2002.

Slides:



Advertisements
Similar presentations
AD Child Domains By: Joan Carter 05/29/2003. Who can bring up a child domain in AD.ASU.EDU?  Campus/college/VP level units  Considerations: Is there.
Advertisements

Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.
Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.
Active Directory: Final Solution to Enterprise System Integration
UPortal.Cornell Using uPortal to integrate disparate campus systems Jon Atherton, Cornell Information Technologies
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Integrating Oracle Collaboration Suite into the Identity Management Infrastructure Dan Malone Cal Poly, San Luis Obispo Integrating.
Peter Deutsch Director, I&IT Systems July 12, 2005
On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.
1 No More Paper, No More Stamps: Targeted myWSU Communications Jack Alilunas, Lavon Frazier October 20, 2004.
LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.
Chapter 7 WORKING WITH GROUPS.
1 No More Paper, No More Stamps: Targeted myWSU Communications Lavon R. Frazier April 27, 2005 Copyright Lavon R. Frazier, This work is the intellectual.
Active Directory at the University of Michigan Data Population and Kerberos Interoperability MaryBeth Stuenkel LAN/NOS/Groupware Services.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.
NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.
Overview of Active Directory Domain Services Lesson 1.
Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram.
1 A Case for Collaborative Identity Management in a Complex Decentralized Environment Andrea Beesing Assistant Director, IT Security and David Yeh Assistant.
Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.
Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.
The University of Wisconsin University Directory Service UDS A repository of people information Has been in production for about a year. Serves White pages,
GRID Centralized management of the Globus grid-mapfile Carlo Rocca INFN, Catania.
Group Management at Brown James Cramton Brown University April 24, 2007.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
USM Regional PeopleSoft Conference
U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.
Penn Groups PennGroups Central Authorization System June 2009.
NMI-EDIT CAMP Synopsis, ISCSI Storage Solution, Linux Blade Cluster, And Current State Of NetID By Jonathan Higgins Presentation Template available from.
Signet and Grouper A Use Case Study for Central Authorization at Cornell University March 2006.
Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee.
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
Shibboleth as Attribute Delivery for Authorization Renee Shuey Penn State University June 27, 2006.
The DSpace Course Module – User management and authentication options.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
PS Security By Deviprasad. Agenda Components of PS Security Security Model User Profiles Roles Permission List. Dynamic Roles Static Roles Building Roles/Rules.
ArcGIS Server for Administrators
A Networked Machine Management System 16, 1999.
FSU Metadirectory Project The Issue of Identity Management Executive Overview.
Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.
Chapter 8 Configuring and Managing Shared Folder Security.
Windows Role-Based Access Control Longhorn Update
Information Technology Current Work in System Architecture January 2004 Tom Board Director, NUIT Information Systems Architecture.
ISC-ASTT PennGroups Central Authorization System (Grouper) June 2009.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
For integration with Aptify/Sitefinity
Last update 22/02/ :54 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD VO Registration procedure Presented by.
VOX Project Status T. Levshina. 5/7/2003LCG SEC meetings2 Goals, team and collaborators Purpose: To facilitate the remote participation of US based physicists.
RAPT RFID based Asset and Personnel Tracker Team 24.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Education Solution.
Software sales at U Waterloo Successfully moved software sales online Handle purchases from university accounts Integrated with our Active Directory and.
Al Lilianstrom and Dr. Olga Terlyga NLIT 2016 May 4 th, 2016 Under the Hood of Fermilab’s Identity Management Service.
Justin Scheitlin Daisey Fahringer
University of Southern California Identity and Access Management (IAM)
Sakai ID & Access Management
Introducing Access Management
Campus Administrator Training March 2, 2012
Overview of Active Directory Domain Services
Current Campus Issues – From My Horizon
Management of users at UNIL
University of Southern California Identity and Access Management (IAM)
Central Authorization System (Grouper) June 2009
Shibboleth as Attribute Delivery for Authorization
Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini.
Managing Enterprise Directories: Operational Issues
James Cowling Senior Technical Architect
Presentation transcript:

Integrating Applications with the Directory Andrea Beesing CIT/Integration and Delivery June 25, 2002

Authentication/Authorization/ Access Authentication Authentication –What: Verifying the identity of the user –How: Kerberos Authorization Authorization –What: Verifying user has authority to run application or business process –How: Permit Server/Application (current)  Directory (future) Access (to Data) Access (to Data) –What: Determining data user can manipulate/view with the application or business process –How: Application-specific

Directory for Authorization – How Directory has a “Group” object which holds a membership list Directory has a “Group” object which holds a membership list Need to map each role to one or more groups Need to map each role to one or more groups Application simply queries directory (via LDAP) as to groups user is a member of to learn what roles a user has Application simply queries directory (via LDAP) as to groups user is a member of to learn what roles a user has

Directory for Authorization – Benefits Streamlines the maintenance of application security across campus Streamlines the maintenance of application security across campus –Associating a person with a role or group is done once, not within each application –Simplifies task of removing access when an individual changes status

Best Practices to Start With Keep it simple Keep it simple –Use directory to define membership –Data access rules defined within application Begin with definition of global groups/roles (student, staff, faculty, payrep) Begin with definition of global groups/roles (student, staff, faculty, payrep) Avoid proprietary schemas Avoid proprietary schemas

Issues Directory must be more fully populated Directory must be more fully populated How is membership in groups/roles maintained How is membership in groups/roles maintained –Driven from central system –Determined by local unit –To what extent can it be automated? Can a generic distributed application be designed for memberships that require manual maintenance? Can a generic distributed application be designed for memberships that require manual maintenance?

Big Issue – The NetID Question What about people who don’t qualify for NetIDs? What about people who don’t qualify for NetIDs? What is “legitimizing” ID for inclusion in the directory? What is “legitimizing” ID for inclusion in the directory? –NetID –PeopleSoft EmplID –Guest or temporary (“dirty”) ID

Driver is HR/Payroll/Alumni Affairs suite of Applications This suite includes This suite includes –PeopleSoft HR/Payroll/Contributor Relations –Actuate, Brio –Colts, Kronos, PEDL, SES, EE –CU Connect PeopleSoft 8, Actuate and Brio allow mapping of roles to directory groups PeopleSoft 8, Actuate and Brio allow mapping of roles to directory groups

Getting Started Admin units must agree on definitions of global groups and roles Admin units must agree on definitions of global groups and roles Admin units must agree on how membership in groups and roles is maintained Admin units must agree on how membership in groups and roles is maintained Technical team must work with developers and security administrators to help them understand how each application interfaces with the directory Technical team must work with developers and security administrators to help them understand how each application interfaces with the directory

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.