Presentation is loading. Please wait.

Presentation is loading. Please wait.

Schema: eduPerson views Michael R Gettes Duke University EuroCAMP, November 2005.

Published byJoshua Leonard Modified over 9 years ago

Similar presentations

Presentation on theme: "Schema: eduPerson views Michael R Gettes Duke University EuroCAMP, November 2005."— Presentation transcript:

1 Schema: eduPerson views Michael R Gettes Duke University EuroCAMP, November 2005

2 Whence we came  Phoenix, Arizona Airport, February 2000  Hazelton/Gettes set ground rules for development of eduPerson objectclass with eye towards DoDHE, “Shibboleth to be” and other inter-institutional applications. Low-hanging fruit and controlled vocabularies. Learn why schools will want more instead of flexibility A better definition than the “standard OCs” (like CN) Assist local directory implementations -- not be the answer! DomainComponent Naming (eduPerson, dukeEduPerson)  eduPerson 1.0 released Jan. 2001 First version July 2000 0.6 (or something like that)

3 Where we are now?  Schema (LDAP) for US Higher Education  Low hanging fruit, interoperable data Easy stuff that we can all agree is true  eduPerson + LDAP-Recipe go together Auxiliary OC extending Person, orgPerson, inetOrgPerson  localEduPerson local attributes are a local problem (clear enough?)  eduOrg (and edu* schemas being developed)  usPerson / govPerson? (work just beginning)  http://middleware.internet2.edu

4 Where are we going?  Use the past as a predictor of the future  Not much change in perspective  Current view is serving well  We are considering some new attributes  We are NOT expanding our vocabularies as much as we thought  Continuing struggle: local vs. non-local  Has been difficult getting Int’l involvement This has been improving over the last 18 months  UML for general schema; LDAP is one expression

5 eduPerson 200312  eduPerson OrgDN, OrgUnitDN, NickName, PrincipalName*, PrimaryAffiliation*, Affiliation* Entitlement*, ScopedAffiliation*,  eduPerson{Primary}Affiliation Values: faculty, student, staff, alumni, employee, member, affiliate Considering: parent, prospect

6 eduPersonPrincipalName  What is a Principal? (think security)  This is NOT a Kerberos Principal  And it is not a Mail Address gettes@duke.edu, pbh@mit.edu  An inter-institutional identifier  SINGLE-VALUE definition  Used by Shibboleth -- this was the intent from the beginning  But, used in ACLs by other tools as well

7 eduPersonScopedAffiliation  Driven by Shibboleth needs  Syntax like eduPersonPrincipalName student@brown.edu alumni@duke.edu subscriber@nytimes.com (!?!)  Raises problems about who is authorized to assert what An “inter-realm metadirectory function” A field full of ratholes and land mines…

8 eduPersonEntitlement  Original problem: how to change schema without changing schema. Needed by GRIDs  Values are URIs (URL or URN)  urn:mace: accepted by IETF and registered with IANA  Gives us a way to make values unique in the entitlement namespace without elaborate registry mechanism urn:mace:wisc.edu:bucky-bundle urn:mace:oclc:org:autho:NNNN urn:mace:duke.edu:library:oclc:contract-NNN  namespace registry by MACE

9 eduPersonTargetedID  Not likely to be found in Directories  Form: id (no context, a problem??)  Persistent, non-reassigned, privacy preserving. At some definition of persistent.  Further discussion in the shibboleth and federation talks at EuroCAMP.

10 eduOrg 200210  Higher Ed Organization object class Basic organizational info attributes from X.520 –Telecomm, postal, locale eduOrgHomePageURI eduOrgIdentityAuthNPolicyURI eduOrgLegalName eduOrgSuperiorURI eduOrgWhitePagesURI

11 LDAP Analyzer (part of NMI)  Todd Piket, Michigan Tech  Web based tool to empirically analyze a directory  eduPerson compliance  Indexing and naming  LDAP-Recipe guidance (good practice)  H.350 compliance  eduOrg compliance http://middleware.internet2.edu/dir/

12 Other related work  eduCourse (200506) eduCourse Data Model (200505) Globally unique identifiers for course offerings (200505) LDAP representations of eduCourse attributes and an auxiliary object class (200505)  H.350 Effort associated with Internet2 Vid-Mid working group. VidMid + MACE-Dir co-developed. Pushed through ITU by Tyler Johnson, UNC

13 LDIF Management  See http://www.educause.edu/eduperson  LDIF used to describe schema and also manage schema. Provides history and technical details in one place.  File File

14  Questions???

Download ppt "Schema: eduPerson views Michael R Gettes Duke University EuroCAMP, November 2005."

Similar presentations

Vidmid-vc: Middleware for Video Conferencing Services

Vidmid-vc: Middleware for Video Conferencing Services
Secure Videoconferencing Jill Gemmill, UAB. Room for Improvement… Videoconferencing applications today No resource discovery – need to already know address.

Secure Videoconferencing Jill Gemmill, UAB. Room for Improvement… Videoconferencing applications today No resource discovery – need to already know address.
04 June 2002, TERENA, Limerick MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.

04 June 2002, TERENA, Limerick MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.
All About Attributes (in federated identity) Nate Klingenstein 30 January 2007 OGF 19 Chapel Hill.

All About Attributes (in federated identity) Nate Klingenstein 30 January 2007 OGF 19 Chapel Hill.
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Directory of Directories for Higher Education (DoDHE) October 5, 2001 Michael R. Gettes Principal Technologist Georgetown University Project Leader, DoDHE.

Directory of Directories for Higher Education (DoDHE) October 5, 2001 Michael R. Gettes Principal Technologist Georgetown University Project Leader, DoDHE.
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.

EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
Internet2 Middleware BASE CAMP slides Michael R. Gettes Principal Technologist Georgetown University

Internet2 Middleware BASE CAMP slides Michael R. Gettes Principal Technologist Georgetown University
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Welcome to CAMP! Ken Klingenstein, Director, Internet2 Middleware Initiative.

Welcome to CAMP! Ken Klingenstein, Director, Internet2 Middleware Initiative.
Recent Developments in Directories Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin.

Recent Developments in Directories Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin.
1 Internet2 EduPerson 2nd TF-LSD meeting, Amsterdam, 2. February 2001 Peter Gietz

1 Internet2 EduPerson 2nd TF-LSD meeting, Amsterdam, 2. February 2001 Peter Gietz
A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.

A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.
CloudAudit Working Group Update April 2011. CloudAudit Charter Provide a common interface and namespace that allows cloud computing providers to automate.

CloudAudit Working Group Update April CloudAudit Charter Provide a common interface and namespace that allows cloud computing providers to automate.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Shibboleth and InCommon Copyright Texas A&M University 2008. This work is the intellectual property of the author. Permission is granted for this material.

Shibboleth and InCommon Copyright Texas A&M University This work is the intellectual property of the author. Permission is granted for this material.
Shibboleth Update a.k.a. “shibble-ware”

Shibboleth Update a.k.a. “shibble-ware”
CAMP Integration Reflect & Join A Case Study The University of Texas Health Science Center at Houston William A. Weems Assistant Vice President Academic.

CAMP Integration Reflect & Join A Case Study The University of Texas Health Science Center at Houston William A. Weems Assistant Vice President Academic.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.

Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.

Similar presentations

Ads by Google