Presentation is loading. Please wait.

Presentation is loading. Please wait.

OpenRegistry MACE-Dir 5/18/09 1 OpenRegistry Initiative Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University May 2009.

Published byMartin Taylor Modified over 7 years ago

Similar presentations

Presentation on theme: "OpenRegistry MACE-Dir 5/18/09 1 OpenRegistry Initiative Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University May 2009."— Presentation transcript:

1 OpenRegistry MACE-Dir 5/18/09 1 OpenRegistry Initiative Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University May 2009

2 OpenRegistry MACE-Dir 5/18/09 2 Table of Contents Background –Identity and Access Management Models –What is a Registry? What is OpenRegistry? –Inspirations and Use Cases Objectives Approach Technology –Data Model –Architecture Milestones

3 OpenRegistry MACE-Dir 5/18/09 3 I2 Identity & Access Management Model

4 OpenRegistry MACE-Dir 5/18/09 4 I2 Identity & Access Management Model OpenRegistry Core

5 OpenRegistry MACE-Dir 5/18/09 5 I2 Identity & Access Management Model OpenRegistry Core OpenRegistry Periphery

6 OpenRegistry MACE-Dir 5/18/09 6 What is a “Registry”? A definitive source of information related to a type of entity Person Registry: Definitive set of people affiliated with a given organization Other types of registries: Group, service, account, credential, course, role, business rule

7 OpenRegistry MACE-Dir 5/18/09 7 What Is OpenRegistry? An OpenSource Identity Management System, a place for data about people affiliated with your institution Core functionality –Interfaces for web, batch, and real-time data transfer –Identity data store –Identity reconciliation from multiple systems of record –Identifier assignment for new, unique individuals Additional functionality –Data beyond Persons: Groups, Courses, Credentials, Accounts –Business Rule based data transformations

8 OpenRegistry MACE-Dir 5/18/09 8 What Is OpenRegistry? More than just a Registry, some periphery too –Directory Builder –Provisioning and Deprovisioning Generally not authoritative for data –SORs are authoritative for most data –OR reflects single, reconciled view of data from multiple SORs –Exceptions include some identifiers, results of business rule calculations, populations with no real SOR (eg: visitors)

9 OpenRegistry MACE-Dir 5/18/09 9 Inspirations Columbia University Identity Management System Rutgers People Database Georgetown Model* Higher Ed Standards (eg: eduPerson) Evolving Standards (eg: NIST LoA) Review of interested peer institutions Decades of combined experience from before the field was called “Identity Management”

10 OpenRegistry MACE-Dir 5/18/09 10 OpenRegistry @ Rutgers University Capture Identity Data for all populations affiliated with the University, including regular students, continuing ed students, joint program students, alumni, new employees, faculty, staff, retirees, and guests –Now: Primarily students, faculty/staff, and some “guests” Faster propagation of data, real time where possible –Now: Nightly to biweekly batch feeds Consistent data definitions, contracted via versions –Now: Hard to find definitions, unclear when they change Delegated operations where possible –Now: Heavy dependency on Help Desk and Central IT

11 OpenRegistry MACE-Dir 5/18/09 11 OpenRegistry (Select) Use Cases Fast identity creation for new hires (provisional hire) Real-time System of Record (SOR) data where SOR is capable, batch otherwise Guest sponsorship Directory construction, including real-time updates Provisioning/deprovisioning Data dictionary and versioned attribute definitions Password trust/levels of assurance ID Card integration Activation keys Roles and role specific data Audit history

12 OpenRegistry MACE-Dir 5/18/09 12 OpenRegistry Objectives Meet functional requirements of constituent institutions Highly scalable, highly available, modular architecture Easy to install, easy to configure, easy to adapt, easy to use, easy to maintain

13 OpenRegistry MACE-Dir 5/18/09 13 OpenRegistry Approach Communicate openly and transparently Design based on supportable, end-user focused, efficient processes and ease of maintenance Adhere to open standards wherever possible Leverage other higher ed efforts Favor iterative development where appropriate Implement highly available, highly scalable, cost efficient technologies

14 OpenRegistry MACE-Dir 5/18/09 14 OpenRegistry Approach Generic architecture and data model –More than Rutgers needs, but makes OR more useful for others Multiple levels of engagement with the community –Discuss: Review design documents, identify gaps and changes –Develop: Help write code, documentation, etc –Deploy: Run OR as an IDMS (when released) –Donate: Contribute resources to help with development and outreach Transparent, agile development process –Work done on Jasig servers, not Rutgers Get the ball rolling, encourage others to join Build on lessons learned from CAS

15 OpenRegistry MACE-Dir 5/18/09 15 Data Model Generic enough to work for multiple institutions Specific enough to work for yours Internationalized Well documented

16 OpenRegistry MACE-Dir 5/18/09 16 Data Model Overview

17 OpenRegistry MACE-Dir 5/18/09 17 Data Model Excerpt

18 OpenRegistry MACE-Dir 5/18/09

19 OpenRegistry MACE-Dir 5/18/09 19 Component Architecture

20 OpenRegistry MACE-Dir 5/18/09 20

21 OpenRegistry MACE-Dir 5/18/09 21

22 OpenRegistry MACE-Dir 5/18/09 22

23 OpenRegistry MACE-Dir 5/18/09 23

24 OpenRegistry MACE-Dir 5/18/09 24

25 OpenRegistry MACE-Dir 5/18/09 25

26 OpenRegistry MACE-Dir 5/18/09 26 OpenRegistry Initiative Milestones √ Requirements √ Design √ Project Infrastructure R1: Core Services, REST API, Initial UI, Initial Business Rules –Meets Rutgers RIAR-1 requirements R2: Enhanced Core Services, UI, Business Rules, Initial Provisioning R3: Batch Interface, Enhanced Business Rules, Enhanced Provisioning

27 OpenRegistry MACE-Dir 5/18/09 27 Intersection With Your Institution Potential for collaboration could take many forms –Participation in or vetting of OR design Web Interface and Data Model design underway now –Evaluation for migration and adoption as OR matures –Adjustment of OR milestones according to your needs, with your resources Benefits of Migration to OR –Provides long term, sustainable model –Elimination of programmer-specific knowledge concerns –Avoidance of vendor lock-in Commercial solutions aren't drop-in, customization work needed Easier to tailor to future needs –Community of similar institutions in similar situations

28 OpenRegistry MACE-Dir 5/18/09 28 Additional Information http://www.ja-sig.org/wiki/display/OR

Download ppt "OpenRegistry MACE-Dir 5/18/09 1 OpenRegistry Initiative Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University May 2009."

Similar presentations

Copyright Dave Steiner and Jeremy Rosenberg 2010. This work is the intellectual property of the authors. Permission is granted for this material to be.

Copyright Dave Steiner and Jeremy Rosenberg This work is the intellectual property of the authors. Permission is granted for this material to be.
Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.
Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.

Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
WORKDAY TECHNOLOGY Stan Swete CTO - Workday 1.

WORKDAY TECHNOLOGY Stan Swete CTO - Workday 1.
Managing Master Data with MDS and Microsoft Excel

Managing Master Data with MDS and Microsoft Excel
 Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user.

 Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user.
NERCOMP 2007 - Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.

NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.
June 10-15, 2012 Growing Community; Growing Possibilities Dedra Chamberlin, UCSF/UC Berkeley Eric Westfall, Indiana University.

June 10-15, 2012 Growing Community; Growing Possibilities Dedra Chamberlin, UCSF/UC Berkeley Eric Westfall, Indiana University.
ENTERPRISE DATA INTEGRATION APPLICATION ARCHITECTURE COMMITTEE OCTOBER 8, 2012 3-5 Year Strategic Initiatives.

ENTERPRISE DATA INTEGRATION APPLICATION ARCHITECTURE COMMITTEE OCTOBER 8, Year Strategic Initiatives.
Rev Jul-o6 Oracle Identity Management Automate Provisioning to Oracle Applications and Beyond Kenny Gilbert Director of Technology Services.

Rev Jul-o6 Oracle Identity Management Automate Provisioning to Oracle Applications and Beyond Kenny Gilbert Director of Technology Services.
Configuration Management, Logistics, and Universal CM Issues Larry Bauer Boeing Commercial Airplanes NDIA Conference Miami March 4-5, 2005

Configuration Management, Logistics, and Universal CM Issues Larry Bauer Boeing Commercial Airplanes NDIA Conference Miami March 4-5, 2005
University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy

University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy
Technical Overview of Kuali Rice UC Davis, Information & Educational Technology January 2009.

Technical Overview of Kuali Rice UC Davis, Information & Educational Technology January 2009.
PayDox Corporate Document Management System Rotech AB Interface Ltd Business Software Integration.

PayDox Corporate Document Management System Rotech AB Interface Ltd Business Software Integration.
1 Building and Maintaining Information Systems. 2 Opening Case: Yahoo! Store Allows small businesses to create their own online store – No programming.

1 Building and Maintaining Information Systems. 2 Opening Case: Yahoo! Store Allows small businesses to create their own online store – No programming.
1 Kuali Identity Management Advanced CAMP: Identity Services Summit for Higher Ed Open / Community-Source Projects.

1 Kuali Identity Management Advanced CAMP: Identity Services Summit for Higher Ed Open / Community-Source Projects.
Powered by Employment Security Department WorkSource Integrated Technology Solution.

Powered by Employment Security Department WorkSource Integrated Technology Solution.
Powered by An overview of the WorkSource Integrated Technology Solution for WEC.

Powered by An overview of the WorkSource Integrated Technology Solution for WEC.
An Online Knowledge Base for Sustainable Military Facilities & Infrastructure Dr. Annie R. Pearce, Branch Head Sustainable Facilities & Infrastructure.

An Online Knowledge Base for Sustainable Military Facilities & Infrastructure Dr. Annie R. Pearce, Branch Head Sustainable Facilities & Infrastructure.

Similar presentations

Ads by Google