Presentation is loading. Please wait.

Presentation is loading. Please wait.

Integrating Applications with the Directory Andrea Beesing CIT/Integration and Delivery June 25, 2002.

Published byRobert Beasley Modified over 8 years ago

Similar presentations

Presentation on theme: "Integrating Applications with the Directory Andrea Beesing CIT/Integration and Delivery June 25, 2002."— Presentation transcript:

1 Integrating Applications with the Directory Andrea Beesing CIT/Integration and Delivery June 25, 2002

2 Authentication/Authorization/ Access Authentication Authentication –What: Verifying the identity of the user –How: Kerberos Authorization Authorization –What: Verifying user has authority to run application or business process –How: Permit Server/Application (current)  Directory (future) Access (to Data) Access (to Data) –What: Determining data user can manipulate/view with the application or business process –How: Application-specific

3 Directory for Authorization – How Directory has a “Group” object which holds a membership list Directory has a “Group” object which holds a membership list Need to map each role to one or more groups Need to map each role to one or more groups Application simply queries directory (via LDAP) as to groups user is a member of to learn what roles a user has Application simply queries directory (via LDAP) as to groups user is a member of to learn what roles a user has

4 Directory for Authorization – Benefits Streamlines the maintenance of application security across campus Streamlines the maintenance of application security across campus –Associating a person with a role or group is done once, not within each application –Simplifies task of removing access when an individual changes status

5 Best Practices to Start With Keep it simple Keep it simple –Use directory to define membership –Data access rules defined within application Begin with definition of global groups/roles (student, staff, faculty, payrep) Begin with definition of global groups/roles (student, staff, faculty, payrep) Avoid proprietary schemas Avoid proprietary schemas

6 Issues Directory must be more fully populated Directory must be more fully populated How is membership in groups/roles maintained How is membership in groups/roles maintained –Driven from central system –Determined by local unit –To what extent can it be automated? Can a generic distributed application be designed for memberships that require manual maintenance? Can a generic distributed application be designed for memberships that require manual maintenance?

7 Big Issue – The NetID Question What about people who don’t qualify for NetIDs? What about people who don’t qualify for NetIDs? What is “legitimizing” ID for inclusion in the directory? What is “legitimizing” ID for inclusion in the directory? –NetID –PeopleSoft EmplID –Guest or temporary (“dirty”) ID

8 Driver is HR/Payroll/Alumni Affairs suite of Applications This suite includes This suite includes –PeopleSoft HR/Payroll/Contributor Relations –Actuate, Brio –Colts, Kronos, PEDL, SES, EE –CU Connect PeopleSoft 8, Actuate and Brio allow mapping of roles to directory groups PeopleSoft 8, Actuate and Brio allow mapping of roles to directory groups

9 Getting Started Admin units must agree on definitions of global groups and roles Admin units must agree on definitions of global groups and roles Admin units must agree on how membership in groups and roles is maintained Admin units must agree on how membership in groups and roles is maintained Technical team must work with developers and security administrators to help them understand how each application interfaces with the directory Technical team must work with developers and security administrators to help them understand how each application interfaces with the directory

Download ppt "Integrating Applications with the Directory Andrea Beesing CIT/Integration and Delivery June 25, 2002."

Similar presentations

AD Child Domains By: Joan Carter 05/29/2003. Who can bring up a child domain in AD.ASU.EDU?  Campus/college/VP level units  Considerations: Is there.

AD Child Domains By: Joan Carter 05/29/2003. Who can bring up a child domain in AD.ASU.EDU?  Campus/college/VP level units  Considerations: Is there.
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau 2004. This work is the intellectual property of the authors. Permission is granted for.

Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.

On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.
Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.

Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
UPortal.Cornell Using uPortal to integrate disparate campus systems Jon Atherton, Cornell Information Technologies

UPortal.Cornell Using uPortal to integrate disparate campus systems Jon Atherton, Cornell Information Technologies
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Integrating Oracle Collaboration Suite into the Identity Management Infrastructure Dan Malone Cal Poly, San Luis Obispo Integrating.

Integrating Oracle Collaboration Suite into the Identity Management Infrastructure Dan Malone Cal Poly, San Luis Obispo Integrating.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.

On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.
1 No More Paper, No More Stamps: Targeted myWSU Communications Jack Alilunas, Lavon Frazier October 20, 2004.

1 No More Paper, No More Stamps: Targeted myWSU Communications Jack Alilunas, Lavon Frazier October 20, 2004.
LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.

LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.
1 No More Paper, No More Stamps: Targeted myWSU Communications Lavon R. Frazier April 27, 2005 Copyright Lavon R. Frazier, 2005. This work is the intellectual.

1 No More Paper, No More Stamps: Targeted myWSU Communications Lavon R. Frazier April 27, 2005 Copyright Lavon R. Frazier, This work is the intellectual.
Active Directory at the University of Michigan Data Population and Kerberos Interoperability MaryBeth Stuenkel LAN/NOS/Groupware Services.

Active Directory at the University of Michigan Data Population and Kerberos Interoperability MaryBeth Stuenkel LAN/NOS/Groupware Services.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.

A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.
NERCOMP 2007 - Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.

NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.
Overview of Active Directory Domain Services Lesson 1.

Overview of Active Directory Domain Services Lesson 1.
Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram.

Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram.

Similar presentations

Ads by Google