Presentation is loading. Please wait.

Presentation is loading. Please wait.

CPR Overview 28-April-2011. Agenda Introduction Requirements Data Model Services Model Service Providers Implementation Contact Information.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CPR Overview 28-April-2011. Agenda Introduction Requirements Data Model Services Model Service Providers Implementation Contact Information."— Presentation transcript:

1 CPR Overview 28-April-2011

2 Agenda Introduction Requirements Data Model Services Model Service Providers Implementation Contact Information

3 What is the Central Person Registry? It’s the Foundation of IAM

4 Current Person Registries At its simplest form, a person registry is a data store of user information Examples – Central ID Repository (CIDR) – Friends of Penn State (FPS) – Central Accounts Coordination Tracking of User Services (CACTUS) – Integrated Student Information System (ISIS) – Integrated Business Information System (IBIS) – Many others

5 Central Person Registry From The Identity and Access Management Final Report dated 2/18/2008 A centralized person registry is a single data store that combines and consolidates identity information currently stored in separate and non- integrated sources throughout the University.

6 Central Person Registry Systems of Record Registration Authorities Database Web Services Service Providers Data Views Central Person Registry Systems of Record Registration Authorities Service Providers Data Views Database Web Services

7 CPR Data Flow – Interactive Registration Authority Application Server Oracle 11i 1. SOAP Request 5. SOAP Response 2. JDBC Request 3. JDBC Response SOAP Service Auth Service Provider ISIS Service Provider JMS Request JMS Response 1.RA makes request to CPR via SOAP call 2.Service validates information and makes JDBC request to the database. 3.Database responds to request via JDBC 4.Service determines which service providers need to be notified and does so via JMS 5.Services sends a SOAP response back to RA JMS Request JMS Response 4.

8 CPR Data Flow - Batch Batch Inputs CPR Batch Processor Oracle 11i 1. Upload Request 2. SQL*Loader JDBC Response Service Provider JMS Request JMS Response 1.Batch data is acquired from various sources and uploaded to the CPR batch processor. 2.Batch processor uses a combination of SQL*Loader and stored procedures to load the data. 3.Batch processor determines which service providers need to be notified and does so via JMS JMS Request JMS Response 3.

9 Requirements

10 Requirement Sources Existing Registries – CACTUS, CIDR, FPS Regulations and Legislation University Sources – Survey – Interview Sessions – Use Cases External Sources

11 Regulations and Legislation University Policies – AD11 - University Policy on Confidentiality of Student Records – AD19 - Use of Penn State Identification Number and Social Security Number – AD20 - Computer and Network Security – AD23 - Use of Institutional Data – AD35 - University Archives and Records Management – AD22 - Health Insurance Portability and Accountability Act (HIPAA) HEOA - Higher Education Opportunity Act Red Flag Rules PCI - Payment Card Industry

12 Data Model Design based on concepts derived from CACTUS, FPS and CIDR data models Guiding principles – The data model shall only store information related to identity. – The data model shall store information necessary for matching. – The data model shall store information necessary for life cycle changes. Must support current functionality and include flexibility to change as needed

13 Data Model Contact information – Name(s), addresses, phones and E-Mail addresses (history) Identity Information – Digital identities (PSU ID and credentials) – Date of birth and gender Identity Assurance Profile Information Affiliation Information Account/Person Linking

14 Service Model A Service-Oriented Architecture (SOA) Web Services SOAP Enterprise Service Bus JDBC and stored procedures JMS

15 Service Oriented Architecture IAM will move to SOA from the world of batch processing and flat files SOA Guiding principals – Reuse, granularity, modularity, composability, componentization and interoperability. – Standards-compliance – Services identification and categorization, provisioning and delivery, and monitoring and tracking.

16 Service Oriented Architecture Important features of SOA for IAM: – Standardized service contract between provider and consumer. – Service reusability - services are developed as building blocks in which logic can be reused by other services. – Service abstraction - service logic is hidden from the outside world.

17 Enterprise Service Bus Standard integration platform Multiple event-driven messaging modalities Provides a set of core services: – transformation – routing – proxy – logging – Apache CXF framework for SOAP – Automatic WSDL generation Ease the burden of integration of large number of heterogeneous systems

18 JDBC and Stored Procedures JDBC (Java Database Connectivity) API – Industry standard for database-independent connectivity between Java and SQL databases – For IAM purposes JDBC is only used to call stored procedures. – Geronimo provides a database connection pools Why Stored Procedures? – Enables the encapsulation of complex database logic into a highly optimized database object. – Precompiled enables faster performance than in-line Java code.

19 Java Message Service (JMS) Message Oriented Middleware (MOM) API for sending messages between two or more clients. Supports two models – Point to point (queuing) Will be used to communicate with specific service providers to request actions, for example provision authentication for a user. – Publish and subscribe IAM will provide a facility where entities can subscribe to messages related to user information changes.

20 Service Model All services return a service code and status message indicating the result of executing the service. All service calls are logged for auditing purposes. Messages between a service and service provider(s) can be queued if there are any failures.

21 Service Model The initial set of IAM services will be centered around the CPR and will include: – Applications and system access to the CPR information. – Management services for maintaining: Identities, contact information, affiliations, PSU IDs, Penn State Access Account user ids, sponsored accounts, identity assurance profiles. – Matching services (with the goal of minimizing duplicate identities in central systems). – Address validation services. Additional IAM services will be developed as the project matures

22 Service Providers

23 Service provider – An entity that provides services to other entities. – Examples: authentication, LDAP and so on. Communications between SOAP services and a service provider will be done using Java Messaging Service (JMS). – JMS API is a Java Message Oriented Middleware (MOM) API for sending messages between two or more clients – JMS queuing available is Apache ’ s ActiveMQ.

24 Implementation

25 Stage 1 completed – All of the services were developed using Java. – Services interact with the database using JDBC. – All of the database manipulation is done with Oracle PL/SQL stored procedures. – All Java services are tested using JUnit 4.0 test cases and test coverage of at least 85% is required. – Documentation is done using JavaDoc.

26 Implementation Stage 2 – Currently underway, focus is the completion of the remaining CPR services necessary for production Services include: ID+Card, IAP, Linking, Credentialing, Address Validation, Affiliation, Security, etc. – Moving from test environment to production environment (hardware, database, application server)

27 Contact Information E-Mail: iam@psu.eduiam@psu.edu Web Site: https://iam.psu.edu/https://iam.psu.edu/ – CPR Forum Developer ’ s Web Site: https://iam.psu.edu/developer/ Other places (PennStateIAM): – Del.icio.us – Twitter – Facebook – YouTube

Download ppt "CPR Overview 28-April-2011. Agenda Introduction Requirements Data Model Services Model Service Providers Implementation Contact Information."

Similar presentations

“Creating e-Freight solutions for efficient and sustainable multimodal transport” Takis Katsoulakos INLECOM eFreight12 Delft -19th April 2012.

“Creating e-Freight solutions for efficient and sustainable multimodal transport” Takis Katsoulakos INLECOM eFreight12 Delft -19th April 2012.
DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.
Welcome to Middleware Joseph Amrithraj

Welcome to Middleware Joseph Amrithraj
Database System Concepts and Architecture

Database System Concepts and Architecture
Database Architectures and the Web

Database Architectures and the Web
What is SOA? IT architecture for request - reply applications Application functions are modularized and presented as services Services are loosely coupled.

What is SOA? IT architecture for request - reply applications Application functions are modularized and presented as services Services are loosely coupled.
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.

Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
Security Controls – What Works

Security Controls – What Works
G O B E Y O N D C O N V E N T I O N WORF: Developing DB2 UDB based Web Services on a Websphere Application Server Kris Van Thillo, ABIS Training & Consulting.

G O B E Y O N D C O N V E N T I O N WORF: Developing DB2 UDB based Web Services on a Websphere Application Server Kris Van Thillo, ABIS Training & Consulting.
Integrating SOA and the Application Development Framework Shaun O’Brien Principal Product Manager – Oracle JDeveloper / ADF.

Integrating SOA and the Application Development Framework Shaun O’Brien Principal Product Manager – Oracle JDeveloper / ADF.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Components and Architecture CS 543 – Data Warehousing.

Components and Architecture CS 543 – Data Warehousing.
Ch 12 Distributed Systems Architectures

Ch 12 Distributed Systems Architectures
PENN Community Project SUG Presentation April 8, 2002.

PENN Community Project SUG Presentation April 8, 2002.
The Architecture of Transaction Processing Systems

The Architecture of Transaction Processing Systems
Realising the Potential of Service Oriented Architecture Kris Horrocks Connected Systems Division Microsoft.

Realising the Potential of Service Oriented Architecture Kris Horrocks Connected Systems Division Microsoft.
Managing LOB Applications by Using System Center Operations Manager Published: March 2007.

Managing LOB Applications by Using System Center Operations Manager Published: March 2007.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Messaging Technologies Group: Yuzhou Xia Yi Tan Jianxiao Zhai.

Messaging Technologies Group: Yuzhou Xia Yi Tan Jianxiao Zhai.

Similar presentations

Ads by Google