OpenRegistry Initiative

Slides:

Advertisements

Similar presentations

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Advertisements

June 10-15, 2012 Growing Community; Growing Possibilities Benn Oshrin, The Oshrinium, LLC Keith Hazelton, UW-Madison, Internet2 CIFER Community Identity.

Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.

Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.

NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.

Copyright Dave Steiner and Jeremy Rosenberg This work is the intellectual property of the authors. Permission is granted for this material to be.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Outsourcing IAM in North Carolina

Emory University Case Study I2 Day Camp November 5, 2010 John Ellis & Elliot Kendall.

June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park

Peter Deutsch Director, I&IT Systems July 12, 2005

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.

 Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user.

NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.

Identity and Access Management (IAM) What’s in it for Me? NC State University - Computer Security Day October 26, 2009 Mark Scheible Manager, Identity.

June 10-15, 2012 Growing Community; Growing Possibilities Dedra Chamberlin, UCSF/UC Berkeley Eric Westfall, Indiana University.

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Georgia State University Case.

Rev Jul-o6 Oracle Identity Management Automate Provisioning to Oracle Applications and Beyond Kenny Gilbert Director of Technology Services.

University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy

Technical Overview of Kuali Rice UC Davis, Information & Educational Technology January 2009.

Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.

1 Kuali Identity Management Advanced CAMP: Identity Services Summit for Higher Ed Open / Community-Source Projects.

InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb

Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.

Powered by Employment Security Department WorkSource Integrated Technology Solution.

Powered by An overview of the WorkSource Integrated Technology Solution for WEC.

Access Management with Grouper Tom Barton University of Chicago.

University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy

U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.

NMI-EDIT CAMP Synopsis, ISCSI Storage Solution, Linux Blade Cluster, And Current State Of NetID By Jonathan Higgins Presentation Template available from.

Intro to Grouper There’s nothing fishy about Identity Management with Grouper.

GatorLink Password Management Policy March 31, 2004.

KUALI IDENTITY MANAGEMENT Provides services for Identity and Access Management in Kuali Integrated Reference Implementations User Interfaces An “integration.

HAKA project HAKA User administration inside Finnish Higher Education Institutes results from the KATO project Barbro Sjöblom EDS 2003 Uppsala.

UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma

Kuali Days :: Chicago May Kuali Student Presentation on  Person Identity Module  Curriculum Management Module.

Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.

Building Applications with the KNS. The History of the KNS KFS spent a large amount of development time up front, using the best talent from each of the.

1 Schema Registries Steven Hughes, Lou Reich, Dan Crichton NASA 21 October 2015.

Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications.

Identity Services Technical Briefing Tuesday, November 5, 2013 Nicholas Roy – Technical Manager 11/5/13Identity Services Technical Briefing1.

Grouper Tom Barton University of Chicago. I2MM Spring Outline  Grouper’s place in the world  Some Grouper guts  Deployment scenarios.

The State of Identity Management on Your Campus Session Moderators Jacob Farmer, Indiana University Theresa Semmens, North Dakota State University November.

KIM: Kuali Abstraction Layer for Identities, Groups, Roles, and Permissions.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Portal Services & Credentials at UT Austin CAMP Identity and Access Management Integration Workshop June 27, 2005.

Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago.

Attribute Delivery - Level of Assurance Jack Suess, VP of IT

Information Resource Stewardship A suggested approach for managing the critical information assets of the organization.

1 Name of Meeting Location Date - Change in Slide Master Authentication & Authorization Technologies for LSST Data Access Jim Basney

OpenRegistry MACE-Dir 5/18/09 1 OpenRegistry Initiative Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University May 2009.

Open-Source Identity Management MACE Grouper, Shibboleth and OpenRegistry Benjamin Oshrin Rutgers University Copyright © James Cramton Benjamin Oshrin.

OpenRegistry Jasig Dallas OpenRegistry Initiative Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University March 2009.

OpenRegistry LSM 10/7/09 1 OpenRegistry Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University July 2009.

FIFER Jasig May FIFER: The Free Identity Framework For Education and Research: Blackened Swan Benjamin Oshrin The Oshrinium LLC.

Information Technology  © 2001 The Trustees of Boston College   Slide 1 Call to Action! Bernard W. Gleason JA-SIG uPortal Conference Vancouver, British.

OpenRegistry: What’s New Jasig San Diego 3/10 1 What’s New With OpenRegistry Scott Battaglia Benjamin Oshrin March 2010.

New Developments in Central Directory Service and Account Provisioning Dan Menicucci Enterprise Architect - University of Pittsburgh.

LIGO Identity and Access Management

UW-Madison. BUILDING A DISTRIBUTED ACCESS MANAGEMENT INFRASTRUCTURE Reports from the Real World.

Current Campus Issues – From My Horizon

O S S I D M 4 H E June 2010 ACAMP Benn Oshrin, I2+Jasig Intersection

PASSHE InCommon & Federated Identity Workshop

Shibboleth as Attribute Delivery for Authorization

Identity Management at the University of Florida

Portal and Learning Systems

Technical Issues with Establishing Levels of Assurance

Data, Policy, Stakeholders, and Governance

Presentation transcript:

OpenRegistry Initiative Revisiting the Management of Electronic Identity Benjamin Oshrin OIT Identity Management Group Rutgers University October 2008

I2 Identity & Access Management Model

OpenSource Identity Management Cloud JBoss Rules Kerberos OpenLDAP OpenCA OPIE HausKeys OpenMetaDir OpenSPML OpenPTK Kuali CAS Shibboleth PubCookie CoSign OpenSSO Grouper Signet

I2 Identity & Access Management Model OpenRegistry Core OpenRegistry Periphery

What Is OpenRegistry? An OpenSource Identity Registry, a place for data about people affiliated with your institution Core functionality Interfaces for web, batch, and real-time data transfer Identity data store Identity reconciliation from multiple systems of record Identifier assignment for new, unique individuals Additional functionality Data beyond Persons: Groups, Courses, Credentials, Accounts Business Rule based data transformations More than just a Registry, some periphery too Directory Builder Provisioning and Deprovisioning

Why OpenRegistry? “Off the shelf” solutions usually end up requiring significant customizations and integration work and/or solve only a portion of an institution's needs Lots of institutions still rolling their own Combined institutional efforts better leverage scant resources and allow for learning from others' experience (eg: Sakai, uPortal, CAS, Shibboleth, Kuali) OpenRegistry is tailored to the needs of higher ed

Inspirations Columbia University Identity Management System Rutgers People Database Georgetown Model* Higher Ed Standards (eg: eduPerson) Evolving Standards (eg: NIST LoA) Review of interested peer institutions Decades of combined experience from before the field was called “Identity Management”

OpenRegistry @ Rutgers University Capture Identity Data for all populations affiliated with the University, including regular students, continuing ed students, joint program students, alumni, new employees, faculty, staff, retirees, and guests Now: Primarily students, faculty/staff, and some “guests” Faster propagation of data, real time where possible Now: Nightly to biweekly batch feeds Consistent data definitions, contracted via versions Now: Hard to find definitions, unclear when they change Delegated operations where possible Now: Heavy dependency on Help Desk and Central IT

OpenRegistry (Select) Use Cases Fast identity creation for new hires (provisional hire) Real-time System of Record (SOR) data where SOR is capable, batch otherwise Guest sponsorship Directory construction, including real-time updates Provisioning/deprovisioning Data dictionary and versioned attribute definitions Password trust/levels of assurance ID Card integration Activation keys Roles and role specific data Audit history

Data Model Generic enough to work for multiple institutions Specific enough to work for yours Internationalized Well documented

Data Model Overview

Data Model Excerpt

Component Architecture

Component Architecture

Component Architecture

OpenRegistry Initiative Milestones R1M1: Requirements R1M2: Design R1M3: Project Infrastructure R1M4: Project Services R1M5: Person Registry R1M6: Business Rules Registry R1M7: Batch Interface R1M8: Web Interface R1: First Production Functionality Meets Rutgers RIAR-1 requirements

How You Can Help Vet the data model and architecture against your institution's specifics Contribute resources to the initiative Consider adopting the product as it matures

Additional Information http://idms.rutgers.edu/openregistry (for now)