Presentation is loading. Please wait.

Presentation is loading. Please wait.

UCB Enterprise Directory February 7, 2002. History Refresher – Commissioning Statement Establish a framework for deploying and maintaining general purpose.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "UCB Enterprise Directory February 7, 2002. History Refresher – Commissioning Statement Establish a framework for deploying and maintaining general purpose."— Presentation transcript:

1 UCB Enterprise Directory February 7, 2002

2 History Refresher – Commissioning Statement Establish a framework for deploying and maintaining general purpose directory services for the University of Colorado at Boulder within the context of the University-wide environment.

3 History Refresher – Goals Develop and implement an enterprise directory service for UCB Status: –UCB enterprise directory initial phase was implemented November 5 th, 2001. –iPlanet Directory Server, running on Solaris 450 at the CC with a replicated directory instance running on a Solaris 450 at Tele.

4 History Refresher – Goals Trusted, authoritative source of data Status: The Enterprise Directory blends data from SIS, HR and Uniquid using business rules, processes and policies agreed upon by campus-wide representatives.

5 History Refresher – Goals Identity, data and relationship management Status: –The Enterprise Directory offers a single entry per person reflecting all CU-related roles. –Identity verification using Employee ID, SID, SSN, Previous SID, Name, DOB, gender –Data population logic is based upon Steering Team- established business rules and policies –Process determines Affiliation, Primary Affiliation and corresponding privileges.

6 History Refresher – Goals Usable by a variety of applications and services Status: –Built upon LDAP standards, maximizing its potential for subsequent use. –Apps/services currently using the directory: White Pages (in production) Printed Directory (produced Fall, 2001 edition) Email address source for various applications Calendar (pilot) Affiliation Verification (local to Service Center) Radius (proof of concept) Mac OS authentication (proof of concept) Attribute load into Active Directory (as needed)

7 History Refresher – Goals Authentication Services Status: –Framework established based upon LDAP standards, eduPerson standards, and affiliation definition. –Solution option testing is in process

8 Directory Structure Today UCB Directory Registry Central (pilot) Identity Recon. Uniquid SIS H/R Directory Build Recon report White Pages (Nov.5, 2001) Authentication testing Calendaring pilot Radius concept MacOS AuthN pilot Email Addresses Affiliation Check Printed Directory

9 Directory and Data Distinct sources for distinct roles (students, employees, faculty, electronic accounts, etc.) Unique identifiers for each system Blending together to build a CU Person HR fac/staff; empID SIS student; SID FIS faculty; SSN Uniquid accounts; unix ID IDcard photos; ISO Telecom phone locn phone # CU Person

10 Student Data For Identity Matching: - Student ID, Previous ID - Name, Birth date, Gender For Affiliation Logic, Authorization & Data Access -Enrollment Status, Withdraw Code, Expected Return -Fees Paid Indicator -Privacy Flag For Directory Publication - Name - Local Address and Telephone - Major(s), Minor(s), College(s) - Class Level SIS Registry/ Directory (java)

11 Faculty and Staff Data For Identity Matching: - Employee Number, SSN - Name, Birth date, Gender PS HR Registry/ Directory For Employee and Job Selection - Job status - Employment end date For Directory Publication - Name - Campus Box and Campus Phone - Job Department(s), Home Department - Job Class Title(s) - Business Title(s) sql via db link

12 Campus-Specific Data or Systems Registry/ Directory Telecom Office building/room data FIS Faculty Research and Degree data ID Card ISO and jpeg Uniquid Account & Email data (person) (Java)

13 Registry person email au job seealso pw cert activities research degree org unit given name surname cn job code affiliation org college major ucb email exceptions campus

14 Registry Logic Affiliation Building - Students Enrollment status code = E Withdraw code null or Expected return date in the future Type of student affiliation is based upon Academic Unit –Student (= “Student” affiliation) –Continuing Ed Credit Student (= “Student” affiliation) –Continuing Ed Non-Credit Student (= “Affiliate” affiliation) Campus Affiliation based upon first character of AU

15 Registry Logic Affiliation Building - Employees Appropriate employment status code Appointment end date in the future Type of employee affiliation is based upon Job Code –Faculty, Clinical Faculty, Research Faculty, Medical Resident, Fellowship/Trainee = “Faculty” –Student Faculty = “Student” and “Faculty” –Officer/Exempt Professional = “Officer/Professional” & “Staff” –Student Employee = “Affiliate” or “Employee” –Retiree = “Retiree” or “Affiliate” –Staff = “staff” Campus Affiliation based upon first character of department code

16 Registry Logic Name Building LastName, FirstName MiddleName  FirstName MiddleName LastName FirstName LastName LastName FirstName Watch for II, III, IV, Jr., Sr. Remove spaces in the last name; build another variation Purpose: To facilitate name searching Build displayName use name associated with primaryAffiliation (employee = HR; student = SIS) use most current version

17 Directory Build Logic Find people in Affiliation Table Find corresponding records in Job Table –Select the job data related to affiliation Find corresponding records in AU Table –Select the academic unit data related to affiliation Find all other tables/data related to the affiliation people (person, name(s), email, etc.) Is person in directory? –If yes, modify. If no, create Is person in directory no longer affiliated? –If so, delete from directory.

18 Directory cn description seeAlso sn telephoneNumber userPassword uuid au activities & research alternateContact campus degreeInstitution & Year employmentStartDate Expertise feesIndicator highestDegree homeDepartment ISO major, minor, class Privacy SID, SSN cuEduPerson organizational Person person inetOrgPerson o & departmentNumber displayName, givenName employeeNumber employeeType homePhone,homePostalAddress jpegPhoto & labeledURI mail, uid mobile & pager roomNumber userCertificate eduPerson affiliation jobClassification nickName orgDN orgUnitDN primaryAffiliation principalName schoolCollegeName facsimileTelephoneNumber ou physicalDeliveryOfficeName postalAddress street, st, postsalCode, l postOfficeBox preferredDeliveryMethod title

19 Directory Uses – Queries Directory Anonymous query controls: -Search based on name & variations (cn) -Server controls “max” returns (80) -Access Controls to ensure: No display of privacy-enacted students No display of employee home phone/address -Public data displayed: Student local phone/address Student major, minor, college, class Faculty/staff office phone/address, title, department Email address, URL Tomcat/ cocoon White Pages Address Book LDAP query Apache

20 Directory Uses – Applications Directory Directory and application extensions: -Authenticated application -Currently login ID and password -Moving to identikey authN, application-based authZ. - Access to directory based on application rights - Use standard directory attributes (name, email) - Extend directory attributes (preferences) - Use application-specific attributes (schedule) Cal db Calendar

21 Directory Uses – Authorization Directory and authorization for services/resources: - Request resource - Authenticate (you are who you say you are) - Authorize (you can do what you want to do) - Determine affiliation (faculty, staff, student, etc.) - Pass affiliation to requested service/resource - Pass additional attributes as needed by application Login server authN User Request Digital Service/Resource Directory

22 ID Card (ISO/jpg) Tele (bldg/rm) Directory Structure Phase 2 Data verification Birthday Message Account Mgt Project Initiate Send Mail project Sponsor Create Attribute update Radius pilot Identity Recon. Directory Build UCB Directory Calendaring pilot White Pages Registry Uniquid SIS H/R Recon report Central (pilot) Printed Directory Authentication test Authentication Implementation Central Dir. Affil Ck Email Addresses

23 Project Contacts Project Manager, Paula Vaughan Paula.Vaughan@colorado.edu Paula.Vaughan@colorado.edu Directory Manager, Melinda Jones Melinda.Jones@colorado.edu Melinda.Jones@colorado.edu Project Web Page http://www.Colorado.EDU/committees/DirectoryServices/ or from the UCB - ITS home page (“About ITS”  “Projects & Initiatives”  “Architecture and Infrastructure Initiatives”) http://www.Colorado.EDU/committees/DirectoryServices/

24 Directory and Data

Download ppt "UCB Enterprise Directory February 7, 2002. History Refresher – Commissioning Statement Establish a framework for deploying and maintaining general purpose."

Similar presentations

HRMS 8.9 Upgrade Person Model. Introduction One of the significant changes to HRMS with the upgrade to 8.9 is the new Person Model. This course provides.

HRMS 8.9 Upgrade Person Model. Introduction One of the significant changes to HRMS with the upgrade to 8.9 is the new Person Model. This course provides.
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.

Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
Ontario College Online Application Your future starts here...

Ontario College Online Application Your future starts here...
Graduate Application Project Design Concept Walkthrough

Graduate Application Project Design Concept Walkthrough
Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.
Presenters (East to West): Suresh Balakrishnan, University System of Maryland Dennis Cromwell, Indiana University - Bloomington Melinda Jones, University.

Presenters (East to West): Suresh Balakrishnan, University System of Maryland Dennis Cromwell, Indiana University - Bloomington Melinda Jones, University.
On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.

On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.
1 Collaborators at the Gates of Troy: Extending eServices at USC.

1 Collaborators at the Gates of Troy: Extending eServices at USC.
Welcome to P.A.S.S. People Advantage Self Service March 1, 2007.

Welcome to P.A.S.S. People Advantage Self Service March 1, 2007.
Provisioning of Services Authentication Requirements David Henry Office of Information Technology University of Maryland

Provisioning of Services Authentication Requirements David Henry Office of Information Technology University of Maryland
Technical Primer: Identifiers Internet2 Base CAMP Boulder, Colorado June, 2002.

Technical Primer: Identifiers Internet2 Base CAMP Boulder, Colorado June, 2002.
SciVal Experts & SciVal Funding Information Sessions.

SciVal Experts & SciVal Funding Information Sessions.
Online Demonstration You will be required to request a password prior to accessing Employee Online. The interactive password request forms are found.

Online Demonstration You will be required to request a password prior to accessing Employee Online. The interactive password request forms are found.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park

June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park
BUT… When was the last time you checked your Medical Center Directory entry? Is the information about you correct? Have you moved your office? Do you have.

BUT… When was the last time you checked your Medical Center Directory entry? Is the information about you correct? Have you moved your office? Do you have.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Directory Services Project University of Colorado at Boulder.

Directory Services Project University of Colorado at Boulder.
On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.

On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.

Similar presentations

Ads by Google