Kuali Identity Management Overview. Why did we write KIM? Common Interface for Kuali Applications Provide a Fully-Functional Product A Single API for:

Slides:

Advertisements

Similar presentations

CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington.

Advertisements

Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.

Introduction to Kuali Rice ITANA Screen2Screen: Kuali on Campus May 2009 Eric Westfall – Kuali Rice Project Manager.

KUALI ENTERPRISE WORKFLOW OVERVIEW Eric Westfall.

The Last Link in the Chain: Addressing Integration Issues Associated with Enterprise Financial Systems Eric Stine, Vice President Joshua Andrews, Technical.

Kuali Rice at Indiana University Important Workflow Concepts Leveraged in Production Environments July 29-30, 2008 Eric Westfall.

KEW Chart of Accounts – Request new accounts and changes to accounts Catherine Maddaford Director of Training, Kuali Access Manager Office of the Comptroller.

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica Analyzing systems process: Use Case Diagram.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

V v Business Process AMTV Streaming TV Streaming.

Implementing Kuali Identity Management at your Institution Kuali Days VIII San Antonio Texas Pre-conference Workshop Monday, November 16, a.m. -

Introduction to Kuali Rice Presented at Internet2 April 2009 Eric Westfall – Kuali Rice Project Manager Bill Yock – Vice Chair, Kuali Rice Board of Directors.

Technical Overview of Kuali Rice UC Davis, Information & Educational Technology January 2009.

Kuali Rice Technical Overview February Components of Rice  KEWKuali Enterprise Workflow  KNSKuali Nervous System  KRADKuali Rapid Application.

Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.

1 Kuali Identity Management Advanced CAMP: Identity Services Summit for Higher Ed Open / Community-Source Projects.

Extranet Enhancements JTC Spring 2015 May 13, 2015.

Technical Overview for “Functionals” (Kuali-eze…It’s a Foreign Language!) Ailish Byrne, Indiana University Barbara Sutton, Cornell University.

Vince Schimizzi, Michigan State University Claire Tyson, San Joaquin Delta College Kim Yeoh, Cornell University Building a Kuali Chart of Accounts.

Eric Westfall – Indiana University Jeremy Hanson – Iowa State University Building Applications with the KNS.

Module 5: Planning a DNS Strategy. Overview Planning DNS Servers Planning a Namespace Planning Zones Planning Zone Replication and Delegation Integrating.

An XMPP (Extensible Message and Presence Protocol) based implementation for NHIN Direct 1.

Kuali Nervous System Aaron Godert, Cornell University Jonathan Keller, University of California, Davis.

RECALL THE MAIN COMPONENTS OF KIM Functional User Interfaces We just looked at these Reference Implementation We will talk about these later Service Interface.

Kuali Enterprise Workflow Eric Westfall (Indiana University) Aaron Hamid (Cornell University)

Extending Vista The PowerLinks WebServices SDK John Hallett Senior Product Manager WebCT, Inc

INTEGRATION WITH OTHER IDM SOLUTIONS Remember… The primary goal of KIM was to build a service- oriented abstraction layer for Identity and Access Management.

Kuali Nervous System Aaron Godert, Cornell University Jonathan Keller, University of California, Davis.

Kuali Enterprise Workflow Presented at ITANA October 2009 Eric Westfall – Kuali Rice Project Manager.

KUALI IDENTITY MANAGEMENT Provides services for Identity and Access Management in Kuali Integrated Reference Implementations User Interfaces An “integration.

Building Applications with the KNS. The History of the KNS KFS spent a large amount of development time up front, using the best talent from each of the.

Using Grouper and Signet for Access Management Kathryn Huxtable GPN Annual Meeting 30 May 2008

Kuali Enterprise Workflow Kuali Days – November 2008 Scott Gibson, University of Maryland Bryan Hutchinson, Cornell University James Smith, University.

M ODELING B USINESS P ROCESSES IN K UALI E NTERPRISE W ORKFLOW Eric Westfall – Indiana University Claus Niesen – Iowa State University.

Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Kuali Enterprise Workflow Ryan Kirkendall (Indiana University) Brian McGough (Indiana University)

1 Kuali Nervous System (KNS) Part 1 Presented by: Jerry Neal – KFS Development Manager Geoff McGregor – KC Lead Developer Brian McGough – KRice Project.

M ODELING B USINESS P ROCESSES IN K UALI E NTERPRISE W ORKFLOW Eric Westfall – Indiana University Claus Niesen – Iowa State University.

G53SEC 1 Access Control principals, objects and their operations.

Kuali Rice A basic overview…. Kuali Rice Mission First and foremost to provide a consistent development framework and common middleware layer for Kuali.

INFO1408 Database Design Concepts Week 15: Introduction to Database Management Systems.

Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.

© 2006, The Trustees of Cornell University © 2006, The Trustees of Indiana University Kuali Nervous System Aaron Godert, Kuali Development Manager Brian.

8th Sakai Conference4-7 December 2007 Newport Beach Integration: Users and Groups Mark J. Norton Nolaria Consulting.

Kuali Rice: General Overview Brian McGough Kuali Rice Project Manager Kuali Lead Architect Director, Enterprise Software, IU May 13, 2008.

Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.

Design CIS 4800 Kannan Mohan Department of CIS Zicklin School of Business, Baruch College Copyright © 2009 John Wiley & Sons, Inc. Copyright © 2008 Course.

Kuali Nervous System Nate Johnson, Indiana University Jonathan Keller, University of California, Davis.

MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.

KEW Definitions Document Type The Document Type defines the routing definition and other properties for a set of documents. Each document is an instance.

KIM: Kuali Abstraction Layer for Identities, Groups, Roles, and Permissions.

Features INTERFACE  Bug/issue view – the main window for working with separate bugs;  Search view – used for ad-hoc full-text search and narrowing.

Interfacing with KFS. Types of Interfaces From Stores to KFS KFS reference data retrieval Data push into KFS Updating of PURAP Data? Creation of KFS documents?

Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.

Eric Westfall KUALI ENTERPRISE WORKFLOW OVERVIEW.

Kuali Rice Evolving the Infrastructure for Kuali Applications Brian McGough (Indiana University) Aaron Godert (Cornell University)

Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()

Unified Address Book Security Implications. Unified Address Book Overview –What are we talking about –What is the Risk –What are we doing to minimize.

Building KFS using KNS Presented by James SmithJustin Beltran University of ArizonaUniversity of California, Irvine.

October 2014 HYBRIS ARCHITECTURE & TECHNOLOGY 01 OVERVIEW.

Implementing Kuali Identity Management at Your Institution

X-Road as a Platform to Exchange MyData

Community AAI with Check-In

Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini.

Implementing Security in ASP.NET Core: Claims, Patterns, and Policies

(Authentication / Authorization)

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

Kuali Identity Management Overview

Why did we write KIM? Common Interface for Kuali Applications Provide a Fully-Functional Product A Single API for: Identity Retrieval Group Retrieval Authentication Authorization

KIM Features Integrated APIs for Supporting: Authentication Authorization Roles Groups Maintenance User Interfaces Pluggable Architecture Sourcing identity data from external systems Accessing application data when using KIM implementation

KIM Concepts Entities Principals Roles Groups Permissions Responsibilities Types/Attributes Qualified Roles

KIM Services Six Core Services Identity Service Group Service Role Service Permission Service Responsibility Service Authentication Service Primary Interface Services Identity Management Service Role Management Service Person Service Update Services Provides segmentation so that update operations do not have to be implemented

Authentication Service Fairly Simple Provides a hook if additional processing needs to be done E.g., if the principal name returned by the authentication layer needs to be converted to what is in KIM’s tables.

Identity (Entity) Service Everything to do with a person Can be hooked up to an existing user directory

Entities/Principals Represents a single person/vendor/system Entity Types Entities Have: Principals Names Employment Information more... Entity Types Have: Addresses Phone Numbers Addresses more...

Entity Data Model

Group Service General-purpose groups of users Again, this may be attached to an external system

Groups Simple holders for principals and other groups Types Attributes Services

Permissions / Responsibilities Permission: Something you can do within an application Used for granting access Responsibility: Something you must do Used by workflow Additional data specifies the type of action required

Permission Data Model

Responsibility Data Model

Permission/ Responsibility Services Permission Service Core service to check whether a person has a permission Communicates with the role and group services Responsibility Service Used by workflow to find people who need to take an action on a document

Roles Like Groups, but more... Permissions Responsibilities Delegations Qualifications?!?

Role Service Mostly an internal service Handles checking and listing role memberships Resolves role membership qualifications via service calls

Role Types/Qualified Roles Membership in a group may be qualified Qualifiers are defined by the role type Qualifier matching handled by the role type service Allows client application knowledge/data to be applied ex: org structure Application Roles Roles where membership is not stored in KIM but is derived or stored in a client application. E.g., Fiscal Officer in KFS: For a given qualifier set of chart and account, the role will have a single principal who is stored on the KFS account table.

Delegations Delegations are another type of role member Are delegations of the role, not of one person to another Delegates may be principals, groups, or other roles Delegations are not nested

Role Data Model

Interaction with KNS Identity Management Service Caching of core services Runs locally within the client application Person / Person Service Abstraction of Entities and Principals KNS Authorization Service Partial abstraction of the IdentityManagementService

Uses of KIM in the KNS Controlling User Login Document initiation Control Field-level authorizations in maintenance documents hidden/read-only/masking Editing of parts of documents during routing Responsibility-based Routing Mandatory Review Voluntary Review

Questions?