Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Management: Services, Tools and Processes Cal Racey

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Identity Management: Services, Tools and Processes Cal Racey"— Presentation transcript:

1 Identity Management: Services, Tools and Processes Cal Racey Caleb.Racey@ncl.ac.uk

2 Context: Who I am Cal Racey – System Architecture Manager: 9 years experience of Middleware application provision Particular focus on issues of single sign on and access control Project Manager on JISC funded GFIVO, IDMAPS and GRAND projects Collaborate with Internet2/EDUCAUSE on IdM Experienced in use of open source tools C

3 Presentation Overview Theme: Practical examples of IdM solutions Background: The challenge of IdM Newcastle’s IdM review –Audit –Architectural Gaps Tools and services to enhance IdM –Data integration –Group management –Authentication –Combined integration service

4 Overview of IDM The Challenge of Implementing IdM Architectures (Thanks to Jens Haeusser UBC.ca for the IKEA Metaphor and slides)

5

6

7

8

9

10 What this workshop is trying to achieve Help add pages to that instructions booklet Build community knowledge and practice around IdM Build portfolio of case studies around IdM Find out what the community needs Provide reusable examples of IdM solutions

11 Newcastle’s IdM Example Focussed on exploiting our Existing IdM data SAP HR + student data good enough –Poor use in Teaching and Learning apps –needed better integration with applications What we Did: Audit application practice and desired usage Understand requirement – Gap analyses Deploy tools and services to enhance architecture Focus on early benefit realisation

12 Audit: Systems requiring IdM data AccommodationGrouperS3P Active DirectoryIndividuals project (DMS)Service centre (helpdesk) BlackboardIntralibraryShibboleth CAMAListsSite manager (CMS) DspaceModule Outline formsSmartcard ePortfoliosMyprofiles/My ImpactStudent homepage ePrintsNESS (VLE)Regulations EmailNUcontactsTelecoms Estates ticketing systemPrint creditsTimetabling Exam papersRecapUNIX FMSC VLEsSakai (VRE)Wireless

13

14 Initial Architecture: Flow of Identity Data

15 Desired Architecture

16 SAP Campus management HR Data warehouse, CAMA Grouper Shibboleth, Grouper, Active Directory Talend

17 Filling the gaps - Architecture Data warehouse –Combines Identity data from multiple sources –Makes “sense” of data Group management –Adds structure to user population Arranges users into “usable” units Data integration tools –Processes data + Puts it where it needs to be –Captures and expresses business logic Authentication and Authorization service –Based on good user data

18

19 Tools: Talend Integration suite Data integration tool Open source like MySQL –Free version + paid for enhancements Replaced many bespoke scripts Supported Existing and desired approaches –Excellent file support –Excellent database connectivity –Excellent Application connectivity (e.g. SAP) –Web services Resources available at http://research.ncl.ac.uk/idmaps/

20 Tools: Talend Integration suite Why Talend? “Visionary” in Gartner’s data management Also Offers Data quality and Master data management solutions Training and consultancy offerings “Middle Man” means they have to integrate with everything ETL and IdM share many problems Data quality, duplicate removal, incomplete data Resources available at http://research.ncl.ac.uk/idmaps/

21 Talend Example

22 Tools: Talend Benefits End to end connectivity –Control of flow all way through –Transparency of process –No more fragile chains of scheduled tasks Allows team responsibility –Easy to see what a job does –Job stored in versioned store (svn) Many data connectors Interacts with windows and unix (including login) Data integration logic in one place.

23 Institutional data feed service (IDFS) Single point of contact for IdM data Consultancy Process for asking for data: Meeting to discuss requirements Data integration form (Capture, record data flows) Make application owners aware of responsibilities: Security DPA Freedom of information Data integration tool (Talend)

24 Tools: Grouper GRAND project Grouper used to structure and enhance IdM data –Organisational Structure –Module enrolment –User maintained e.g. Research teams Groups are the way the university works –“modules, departments, research teams – not users” Use case documents available at http://research.ncl.ac.uk/grand/resources.php

25 Tools: Grouper Enables use of composite groups Mixing of static institutional groups and user edited groups management interfaces –Web based: “heavy” and “lite” –Web services –Scripts (grouper shell) –Java API Data usable multiple ways –Data exports –Shibboleth attributes –LDAP-PC

26 Grouper – wireless access

27 Grouper – Room booking

28

29 Tools: Shibboleth Built for Federated use case Provides Authentication and Authorisation Used extensively internally Rich attributes –People on accountancy can access acc101 podcast –People in chemistry can access chemistry wiki –Provides framework for targeted personalisation e.g. Here are your podcasts + exam papers Standards based, allows integration – e.g. Google Apps

30 Tools: Shibboleth use cases Lecture capture authorisation Portal page personalisation Mailing lists Wikis blogs VREs Reading lists Personal portfolios e.g. MyImpact Don’t have to understand shib to integrate shib’d apps have less to worry about

31 Systems integration service One place to talk about domesticating applications Combines: –Institutional data feed service –Group management service –Shibboleth service Mix and match services depending on requirement –Focus on need rather than architectural “purity” Goal: –Ease application development and deployment –Make IT applications appear “joined up”

32 Realising benefits from IdM Problem: Benefit realisation dependant on influencing application owners – Apps Spread across political boundaries e.g. Library, careers, medical school – Apps spread across platforms – good tools not enough Solution: –Wrap tools and processes in a service –Campaign of outreach –Listen to application owners

33 Realising benefits from IdM Service more important than architecture or tools –Builds relationships better understanding of real service barriers easy future integration –1Hour conversation > 2 weeks work Delivery best influencing technique –Effective IdM dependant on influence Even centralised IT can’t enforce

34 IDM resources IDMAPS http://research.ncl.ac.uk/idmaps/ GRAND http://research.ncl.ac.uk/grand Identity Management toolkit http://www.identity-project.org Identity Management EDUCAUSE email list: IDM@LISTSERV.EDUCAUSE.EDU IT architects in academia (ITANA): http://www.itana.org/

35 Any Questions?

Download ppt "Identity Management: Services, Tools and Processes Cal Racey"

Similar presentations

The Ward Group 31 December 2013. Agenda Introduction The business problem Sharepoint Q&A.

The Ward Group 31 December Agenda Introduction The business problem Sharepoint Q&A.
Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.
April 22nd 2008 Internet2 Spring member meeting Caleb Racey Newcastle University UK Studies in Advanced Access Management.

April 22nd 2008 Internet2 Spring member meeting Caleb Racey Newcastle University UK Studies in Advanced Access Management.
Microsoft Learning Gateway for HE Rob Miles – Hull University, Lecturer Romola Ganguli – Microsoft Education Technology Advisor.

Microsoft Learning Gateway for HE Rob Miles – Hull University, Lecturer Romola Ganguli – Microsoft Education Technology Advisor.
WHY CMS? WHY NOW? CONTENT MANAGEMENT SYSTEM. CMS OVERVIEW Why CMS? What is it? What are the benefits and how can it help me? Centralia College web content.

WHY CMS? WHY NOW? CONTENT MANAGEMENT SYSTEM. CMS OVERVIEW Why CMS? What is it? What are the benefits and how can it help me? Centralia College web content.
1 Integration Made Easy Agile Integration: Connecting Salesforce With Your Enterprise.

1 Integration Made Easy Agile Integration: Connecting Salesforce With Your Enterprise.
Practical Experiences of IAM and Distributed Services Richard James Newcastle University 15 th November 2013.

Practical Experiences of IAM and Distributed Services Richard James Newcastle University 15 th November 2013.
Shibboleth at Newcastle Caleb Racey Webteam ISS Shibboleth experiences Program  Background  What shib has enabled  Benefits of shib  How to do shib.

Shibboleth at Newcastle Caleb Racey Webteam ISS Shibboleth experiences Program  Background  What shib has enabled  Benefits of shib  How to do shib.
1. Failure is when users do not feel they get what they paid for. 2. Failure is when the overall organization fails to adopt the solution.

1. Failure is when users do not feel they get what they paid for. 2. Failure is when the overall organization fails to adopt the solution.
Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.

Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.
Thee-Framework for Education & Research The e-Framework for Education & Research an Overview TEN Competence, Jan 2007 Bill Olivier,

Thee-Framework for Education & Research The e-Framework for Education & Research an Overview TEN Competence, Jan 2007 Bill Olivier,
Case Study: Newcastle University

Case Study: Newcastle University
Academic Services Interactive Media Managing the Web with Java JA-SIG Winter 2002 Robert Sherratt Academic Services, Interactive Media.

Academic Services Interactive Media Managing the Web with Java JA-SIG Winter 2002 Robert Sherratt Academic Services, Interactive Media.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
NMI-EDIT Outreach: The first five years. Topics for Today  NMI-EDIT background  Activities  Outcomes  Resources.

NMI-EDIT Outreach: The first five years. Topics for Today  NMI-EDIT background  Activities  Outcomes  Resources.
Avaya Contact Center Control Manager. © 2010 Avaya Inc. All rights reserved. What if you could… 1 Requires purchase of additional connectors  Enable.

Avaya Contact Center Control Manager. © 2010 Avaya Inc. All rights reserved. What if you could… 1 Requires purchase of additional connectors  Enable.
Create with SharePoint 2010 Jen Dodd Sr. Solutions Consultant

Create with SharePoint 2010 Jen Dodd Sr. Solutions Consultant
Colin Clark, Fluid Project Technical Lead, Adaptive Technology Resource Centre, University of Toronto Bridging the Gap: Design & Development in Sakai.

Colin Clark, Fluid Project Technical Lead, Adaptive Technology Resource Centre, University of Toronto Bridging the Gap: Design & Development in Sakai.
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,
Athens Building Communities Ed Zedlewski & Lyn Norris UKSG, Warwick, April 2002.

Athens Building Communities Ed Zedlewski & Lyn Norris UKSG, Warwick, April 2002.

Similar presentations

Ads by Google