Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presenters (East to West): Suresh Balakrishnan, University System of Maryland Dennis Cromwell, Indiana University - Bloomington Melinda Jones, University.

Published byLindsay Mulnix Modified over 9 years ago

Similar presentations

Presentation on theme: "Presenters (East to West): Suresh Balakrishnan, University System of Maryland Dennis Cromwell, Indiana University - Bloomington Melinda Jones, University."— Presentation transcript:

1 Presenters (East to West): Suresh Balakrishnan, University System of Maryland Dennis Cromwell, Indiana University - Bloomington Melinda Jones, University of Colorado at Boulder Mark Crase, California State University David Bantz, University of Alaska Strategies for Directory Deployment - Centralized, Distributed, Federated, Decentralized

2 University System of Maryland Identity Management Infrastructure Vision, Architecture, and Strategies Suresh Balakrishnan,

3 Vision Create a unifying layer across autonomous institutions Identification Affiliation Provide transparent access to shared services Authentication Authorization Provide a foundation for more advanced services E.g. PKI Provide vehicle for coordination with K-12 education in the State Integrate education in Maryland into a broader fabric

4 Library Applications Currently in Use/Development Rock-n-Roll Reserves Digital Library Access Future Possibilities Shared and unique resources for institutions Multiple institutional affiliations Auto-populating the patron database

5 Architecture & Collaborative Efforts Highly Decentralized Implementation Context System-wide work group developing guidance materials Tool Kit Demonstrations of local and collaborative apps Testing Shibboleth

6 Indiana University Global Directory Services Centralized Directory Structure Flat name space – 150,000 actual users 100,000 students 20,000 faculty and appointed staff 30,000 others Seven Campuses Provides updates for the two authentication services – Kerberos and ADS Implements the Eduperson schema with extensions

7 Indiana University Directory Entries Directory automatically loaded from SIS, HR systems IU faculty, staff and students Sponsored Accounts Affiliates of IU Data is entered into PeopleSoft system Picked up as part of load. Account can not be created until entry in the Directory

8 Indiana University – Architecture Open LDAP Batch feeds from SIS and HRMS API for LDAP abstracts access ADS used in conjunction for non-enterprise type groups Account Management System and Address Book reads Directory

9 Indiana University Future Directions Real time updates from SIS/HRMS “Guest” stored in directory Cleaning up old technology components and integrate technical components Disaster Recovery replication and automatic failover Better purge procedures Decision Support functions

10 University of Colorado System  4 unique campuses – traditional, non- traditional, and health sciences  + System Services Campus  49,000 students total (28,000 at Boulder campus)  22,000 employees Melinda Jones, University of Colorado at Boulder

11 Directory Services Project: Goals  Develop common infrastructure  Develop UCB Enterprise Directory  Create trusted, authoritative data source  Usable by variety of applications & services  Identity, data & relationship management  Authentication/Authorization

12 cn description seeAlso sn telephoneNumber userPassword Uuid, au activities & research alternateContact campus degreeInstitution & Yr employmentStartDate Expertise feesIndicator highestDegree homeDepartment ISO major, minor, class Privacy, SID, SSN cuEduPerson organizational Person person inetOrgPerson departmentNumber displayName, employeeNumber employeeType homePhone,homePost alAddress jpegPhoto, labeledURI mail, uid eduPerson affiliation jobClassification nickName orgDN orgUnitDN primaryAffiliation principalName schoolCollegeName facsimileTelephoneNumber ou, postalAddress, street, st, postsalCode, l postOfficeBox preferredDeliveryMethod,title colorado Person Macgridnumber Machomelocpath Machomedir cusysPerson Identifiers…

13 Core Team Steering Team Campus Experts Business Rules SISHR Boulder Email 4-Campus Registry Boulder/Central Enterprise Directory

14 Campus-specific University- wide Common Infrastructure WebCT AuthN MacOS AuthN UCB calendar Spons. Entry Card Office AuthN – ITS svcs Bldr Email UCB Directory Identity Recon. Directory Build cu.edu (concept) SISHR Registry White Pages CS Directory CUSYS Directory UCD Directory Faculty “Portal” Student Portal Library – Digital AuthN Identity/ Access Campus File System

15 The California State University 23 Campuses 1 Research Institution (R2) 21 4-year Comprehensive Institutions California Maritime Academy 400,000 Students 60,000 Faculty and Staff Mark Crase, California State University

16 Planning Activities Identified internal and external drivers for multi-campus approach Defined Development Principles: 1.Foster collaborative efforts among CSU campuses 2.Foster collaboration with others (I2, UC, CCC, etc.) 3.Use directories as the starting point for more comprehensive middleware effort 4.Standards-based w/o mandatory apps/tools 5.Initially, campus participation is voluntary, but adoption of eduPerson was mandatory Communicated at all levels of institution

17 Initial Deployment Objectives Maintain appearance of unified directory architecture Adopt a common view (eduPerson, etc.) Define common CSU objects and unique campus objects Adopt a system-wide unique identifier Security of Directory had to be no less that most secure application being supported Standards compliant, but no mandatory tools (LDAP now, others later)

18 Initial Architecture Proposal Distributed directory model (campus directories, LDAP v3 referrals to all others) Domain component naming Adoption of eduPerson 1.0 (now 2.0) Extension to calstateEduPerson (affiliation, major, SecurityFlag, VOIP address) Provision for campusEduPerson attributes Global unique ID based on “uniqueness” algorithm Secure directory servers (SSL )

19 Final Recommendations Central directory servers (redundant and diverse) Submit campus data to system wide directory registry service (like DoDHE CDS) Common view with extensions, unique ID, security, Minimum central attributes option Expanded central attributes option

20 2003.10.14 David.Bantz@Alaska.edu UA Enterprise Directory Centralized core data Campus applications Contacts: self-service

21 University of Alaska

22 UA Directory Status 67,000 students; 10,000 employees; 760 departments Departments fork linked to employees Web gateway interface supports searching, listing, self-service data Scheduled & ad hoc batch updates from multiple sources

23 UA Enterprise Directory Strategy Environmental Challenges Distributed implementation team Complex interface constraints - based on attributes or roles Sub-set vs. super-set philosophies

24 Two phase commit for self-service edits (Registry/EDir) Registry (Oracle db) enforces UA rules (syntax, constraints, validation values) Distributed admin facilitated by attribute-based roles (role-based ACIs) UA Enterprise Directory Responses to Challenges

25 UA Directory Architecture SQL

26 B*ntz Directory Search (Anon.)

27 Directory Search (Auth.)

28 Detailed Results (Anon.)

29 Self-service edits (Auth.)

30 Employee ids, student ids, social security identifiers are not stored in the Directory Web gateway intermediary communicates only via SSL Data changed only by “known” processes (web gateway or MAU IT) Gateway limits bulk harvesting Protecting Information

Download ppt "Presenters (East to West): Suresh Balakrishnan, University System of Maryland Dennis Cromwell, Indiana University - Bloomington Melinda Jones, University."

Similar presentations

Illinois Justice Network Portal Implementation Board Meeting February 11, 2004.

Illinois Justice Network Portal Implementation Board Meeting February 11, 2004.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.

Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.

Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.
Provisioning of Services Authentication Requirements David Henry Office of Information Technology University of Maryland

Provisioning of Services Authentication Requirements David Henry Office of Information Technology University of Maryland
Technical Primer: Identifiers Internet2 Base CAMP Boulder, Colorado June, 2002.

Technical Primer: Identifiers Internet2 Base CAMP Boulder, Colorado June, 2002.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.

May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.
SIMI: Secure Identity Management Infrastructure for the CSU A. Michael Berman, Cal Poly Pomona.

SIMI: Secure Identity Management Infrastructure for the CSU A. Michael Berman, Cal Poly Pomona.
June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park

June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park
Middleware & Enterprise Services at College Park David Henry Office of Information Technology November 16, 2001.

Middleware & Enterprise Services at College Park David Henry Office of Information Technology November 16, 2001.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Directory Services Project University of Colorado at Boulder.

Directory Services Project University of Colorado at Boulder.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Data Sources & Using VIVO Data Visualizing Scholarship VIVO provides network analysis and visualization tools to maximize the benefits afforded by the.

Data Sources & Using VIVO Data Visualizing Scholarship VIVO provides network analysis and visualization tools to maximize the benefits afforded by the.
Directory Services Project University of Colorado at Boulder.

Directory Services Project University of Colorado at Boulder.
UCB Enterprise Directory February 7, 2002. History Refresher – Commissioning Statement Establish a framework for deploying and maintaining general purpose.

UCB Enterprise Directory February 7, History Refresher – Commissioning Statement Establish a framework for deploying and maintaining general purpose.
System Architecture University of Maryland David Henry Office of Information Technology December 6, 2002.

System Architecture University of Maryland David Henry Office of Information Technology December 6, 2002.

Similar presentations

Ads by Google