The University of Wisconsin University Directory Service UDS A repository of people information Has been in production for about a year. Serves White pages, portal, and a growing number of other applications. Laying track ahead of the train.

Photo IDWiscWorldOthers? Human Resources ISIS Special Authorizations Registry Database JOIN RULES Registry Transactions LDAP Directory Mail Clients Authentication Requests Portal Services Others? UDS Conceptual Overview

Components of the UDS The Registry Registry Database JOIN RULES Registry Transactions

Components of the UDS: Registry A relational database in Oracle Design principles: –Accept data as-is –Don’t make assumptions about correctness. –Don’t try to determine whose element is the “most correct” –Keep it as flexible and open to change as possible

Components of the UDS: Registry What’s in there: –Data to validate a person’s claim of identity (authentication) –Role information and other data helpful to determine eligibility –Contact information.

Components of the UDS: Registry What it feeds: –Extracts for applications like Photo ID and WiscWorld –Extracts that are better suited to a SQL environment than to LDAP –Data warehouse. –The LDAP Directory

Components of the UDS The Directory LDAP Directory

Components of the UDS: Directory Purpose: –Designed to make Registry data accessible via LDAP –Optimized for very high read volumes, relatively few writes –Intended for high-speed response to small queries (authentication sessions, contact lookups, etc)

Components of the UDS: Directory Environment: –Accessed via LDAP v3 –wiscEduPVI, wiscEduPerson, wiscEduDepartment –Some elements require authentication prior to access

Components of the UDS: Directory What’s in there: –Contact information that is generally accessible –Person-related information and security info netid, campusid, pvi, affiliation info, password hash, –Attributes needed by certain vendor-supplied applications

UDS: Uses Applications including –Portal –Mail –Calendar –Other portal delivered services –Rec Sports, Photo ID –On-line student services. (authN via portal)

UDS: Current Status Accomplished so far: –Authentication services for the My UW-Madison portal and services delivered through it including mail and calendar. –Role information to My UW-Madison portal –Interface for apps to get authorization attributes. –LDAP-accessible white pages –pH data through an LDAP gateway

UDS: Yet to do Address waiting list of applications wishing to user the directory Expand the portal application Integrate with PeopleSoft 8 Integrate with new HR system Former student/employee

UDS: Yet to do Enhance role information “Fourth Source:” new groups of people who are not affiliated by being enrolled or paid. –Delegated admin/RA function. Policy and possibly API (Shib Attribute Authority?) for “other” apps. Integrating people info distributed across many directories.

Directory Services: Ongoing Policy: We are continually examining and revising data access policy Scalability: the directory services team is placed at the convergence point of all project critical paths. –To some extent this is unavoidable. Each vendor-supplied LDAP application will create its own demands for attributes –But we need to commoditize UDS services for our own applications.