Presentation is loading. Please wait.

Presentation is loading. Please wait.

OpenRegistry Initiative

Published byPatrick Ferguson Modified over 6 years ago

Similar presentations

Presentation on theme: "OpenRegistry Initiative"— Presentation transcript:

1 OpenRegistry Initiative
Revisiting the Management of Electronic Identity Benjamin Oshrin OIT Identity Management Group Rutgers University October 2008

2 I2 Identity & Access Management Model

3 OpenSource Identity Management Cloud
JBoss Rules Kerberos OpenLDAP OpenCA OPIE HausKeys OpenMetaDir OpenSPML OpenPTK Kuali CAS Shibboleth PubCookie CoSign OpenSSO Grouper Signet

4 I2 Identity & Access Management Model
OpenRegistry Core OpenRegistry Periphery

5 What Is OpenRegistry? An OpenSource Identity Registry, a place for data about people affiliated with your institution Core functionality Interfaces for web, batch, and real-time data transfer Identity data store Identity reconciliation from multiple systems of record Identifier assignment for new, unique individuals Additional functionality Data beyond Persons: Groups, Courses, Credentials, Accounts Business Rule based data transformations More than just a Registry, some periphery too Directory Builder Provisioning and Deprovisioning

6 Why OpenRegistry? “Off the shelf” solutions usually end up requiring significant customizations and integration work and/or solve only a portion of an institution's needs Lots of institutions still rolling their own Combined institutional efforts better leverage scant resources and allow for learning from others' experience (eg: Sakai, uPortal, CAS, Shibboleth, Kuali) OpenRegistry is tailored to the needs of higher ed

7 Inspirations Columbia University Identity Management System
Rutgers People Database Georgetown Model* Higher Ed Standards (eg: eduPerson) Evolving Standards (eg: NIST LoA) Review of interested peer institutions Decades of combined experience from before the field was called “Identity Management”

8 OpenRegistry @ Rutgers University
Capture Identity Data for all populations affiliated with the University, including regular students, continuing ed students, joint program students, alumni, new employees, faculty, staff, retirees, and guests Now: Primarily students, faculty/staff, and some “guests” Faster propagation of data, real time where possible Now: Nightly to biweekly batch feeds Consistent data definitions, contracted via versions Now: Hard to find definitions, unclear when they change Delegated operations where possible Now: Heavy dependency on Help Desk and Central IT

9 OpenRegistry (Select) Use Cases
Fast identity creation for new hires (provisional hire) Real-time System of Record (SOR) data where SOR is capable, batch otherwise Guest sponsorship Directory construction, including real-time updates Provisioning/deprovisioning Data dictionary and versioned attribute definitions Password trust/levels of assurance ID Card integration Activation keys Roles and role specific data Audit history

10 Data Model Generic enough to work for multiple institutions
Specific enough to work for yours Internationalized Well documented

11 Data Model Overview

12 Data Model Excerpt

13 Component Architecture

14 Component Architecture

15 Component Architecture

16

17

18

19

20

21

22 OpenRegistry Initiative Milestones
R1M1: Requirements R1M2: Design R1M3: Project Infrastructure R1M4: Project Services R1M5: Person Registry R1M6: Business Rules Registry R1M7: Batch Interface R1M8: Web Interface R1: First Production Functionality Meets Rutgers RIAR-1 requirements

23 How You Can Help Vet the data model and architecture against your institution's specifics Contribute resources to the initiative Consider adopting the product as it matures

24 Additional Information
(for now)

Download ppt "OpenRegistry Initiative"

Similar presentations

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
June 10-15, 2012 Growing Community; Growing Possibilities Benn Oshrin, The Oshrinium, LLC Keith Hazelton, UW-Madison, Internet2 CIFER Community Identity.

June 10-15, 2012 Growing Community; Growing Possibilities Benn Oshrin, The Oshrinium, LLC Keith Hazelton, UW-Madison, Internet2 CIFER Community Identity.
Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.

Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.

Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.

NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.
Copyright Dave Steiner and Jeremy Rosenberg 2010. This work is the intellectual property of the authors. Permission is granted for this material to be.

Copyright Dave Steiner and Jeremy Rosenberg This work is the intellectual property of the authors. Permission is granted for this material to be.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Outsourcing IAM in North Carolina

Outsourcing IAM in North Carolina
Emory University Case Study I2 Day Camp November 5, 2010 John Ellis & Elliot Kendall.

Emory University Case Study I2 Day Camp November 5, 2010 John Ellis & Elliot Kendall.
June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park

June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.

LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.
 Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user.

 Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user.
NERCOMP 2007 - Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.

NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.
Identity and Access Management (IAM) What’s in it for Me? NC State University - Computer Security Day October 26, 2009 Mark Scheible Manager, Identity.

Identity and Access Management (IAM) What’s in it for Me? NC State University - Computer Security Day October 26, 2009 Mark Scheible Manager, Identity.
June 10-15, 2012 Growing Community; Growing Possibilities Dedra Chamberlin, UCSF/UC Berkeley Eric Westfall, Indiana University.

June 10-15, 2012 Growing Community; Growing Possibilities Dedra Chamberlin, UCSF/UC Berkeley Eric Westfall, Indiana University.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Georgia State University Case.

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Georgia State University Case.
Rev Jul-o6 Oracle Identity Management Automate Provisioning to Oracle Applications and Beyond Kenny Gilbert Director of Technology Services.

Rev Jul-o6 Oracle Identity Management Automate Provisioning to Oracle Applications and Beyond Kenny Gilbert Director of Technology Services.
University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy

University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy

Similar presentations

Ads by Google