Central Authorization System (Grouper) June 2009

Slides:



Advertisements
Similar presentations
DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.
Advertisements

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Netcentives Inc. 475 Brannan St. San Francisco, CA NASDAQ: NCNT Netcentives Inc. 475 Brannan St. San Francisco,
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park
Accelerate Business Success With CRM CRM Interoperability.
PENN Community Project SUG Presentation April 8, 2002.
1 NETWORK PLANNING TASK FORCE FY’07 “ Setting the Rates” 11/20/06.
Employee Central Presentation
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
1 Data Strategy Overview Keith Wilson Session 15.
NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.
Electronically approve and create Suppliers in Oracle Financials using a combination of APEX and Oracle Workflow. NZOUG Conference 2010 Brad Sayer Team.
Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.
1 Kuali Identity Management Advanced CAMP: Identity Services Summit for Higher Ed Open / Community-Source Projects.
Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.
Kuali Rice at Indiana University Rice Setup Options July 29-30, 2008 Eric Westfall.
DATA GOVERNANCE Presentation to CSG September 27, 2007 Mary Weisse Manager, MIT Data & Reporting Services
Integrating Applications with the Directory Andrea Beesing CIT/Integration and Delivery June 25, 2002.
The University of Wisconsin University Directory Service UDS A repository of people information Has been in production for about a year. Serves White pages,
Chapter 6: Foundations of Business Intelligence - Databases and Information Management Dr. Andrew P. Ciganek, Ph.D.
RECALL THE MAIN COMPONENTS OF KIM Functional User Interfaces We just looked at these Reference Implementation We will talk about these later Service Interface.
Penn Groups PennGroups Central Authorization System June 2009.
University of Michigan Enterprise Directory Services Appendix A Conceptual Architecture.
Intro to Grouper There’s nothing fishy about Identity Management with Grouper.
Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?
Siteman Cancer Center at Barnes-Jewish Hospital and Washington University School of Medicine Cancer Center Administration Database.
Grouper after Groups Enabling Net+ Services with PAP, PEP, and PDP...Oh My! October 3rd, 2012 Bill Thompson IAM Architect, Unicon Chris Hyzer Grouper Developer,
…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Shibboleth as Attribute Delivery for Authorization Renee Shuey Penn State University June 27, 2006.
The DSpace Course Module – User management and authentication options.
UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma
Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
PS Security By Deviprasad. Agenda Components of PS Security Security Model User Profiles Roles Permission List. Dynamic Roles Static Roles Building Roles/Rules.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Stanford Authorization Existing mainframe based authority –homegrown, in operation since the 80’s –primarily for financial and personnel authority for.
Shibboleth: An Introduction
6.1 © 2010 by Prentice Hall 6 Chapter Foundations of Business Intelligence: Databases and Information Management.
Getting Started with Chatter Nina Jameson Senior Business Analyst, ISU-ITS (office)
Grouper Tom Barton University of Chicago. I2MM Spring Outline  Grouper’s place in the world  Some Grouper guts  Deployment scenarios.
Penn Groups PennGroups Central Authorization System January 2009.
KIM: Kuali Abstraction Layer for Identities, Groups, Roles, and Permissions.
ISC-ASTT PennGroups Central Authorization System (Grouper) June 2009.
Grouper: A Toolkit for Managing Groups Tom Barton blair christensen University of Chicago.
Data Integration with Veracross Wednesday, June 23 rd Lauren Banks.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
OpenRegistry MACE-Dir 5/18/09 1 OpenRegistry Initiative Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University May 2009.
Architecture Review 10/11/2004
Stop Those Prying Eyes Getting to Your Data
Group Services CIO Council Update
Project Management: Messages
LIGO Identity and Access Management
Introducing Access Management
Intercompany Project Time and Expenses Scenario Overview
TPM and TPM Security Technologies
Using the Banner Workflow Process to Validate Security Roles
Identity Management Integration CAMP
THE STEPS TO MANAGE THE GRID
Implementation Specialists Presents
EMA :Collaboration Session
asset: Academic Survey System & Evaluation Tool
Shibboleth as Attribute Delivery for Authorization
POP: Building Automation Around Secure Server Deployment
Getting Started with UCSF Chatter
Identity & Access Management
Course: Module: Lesson # & Name Instructional Material 1 of 32 Lesson Delivery Mode: Lesson Duration: Document Name: 1. Professional Diploma in ERP Systems.
Grouper: A Toolkit for Managing Groups
Hire Xpress User’s Training A Human Resources guide to Hire Xpress
Project Manager Application
Presentation transcript:

Central Authorization System (Grouper) June 2009 PennGroups Central Authorization System (Grouper) June 2009

Identity Management at Penn Goal: To protect the confidentiality and privacy of information at Penn by: Uniquely identifying entities associated with Penn Providing access to appropriate facilities, services, and systems Preventing unauthorized access to facilities, services, and systems 12/3/2018 Central Authorization at the University of Pennsylvania

Elements of Identity Management Components of identity management Penn Community – central repository for a person’s bio/demo data as fed by core business systems (SRS, HR/Payroll, Atlas, UPHS) and entered directly for ancillary affiliates Penn Directory – system that holds the preferred name and contact info for all Penn affiliates Penn Card – system used to generate the physical ID card that is used for building access and commercial transactions across the university PennNames - system used to associate a unique username to each individual at Penn, providing a common and consistent University namespace for online services PennKey – unique identifier for Penn’s central authentication system; with associated password, provides an electronic means to authenticate an individual and provide access to systems across the university PennGroups – system for creating and managing groups to facilitate authorization decisions by applications with hooks to LDAP or web services 12/3/2018 Central Authorization at the University of Pennsylvania

Penn’s Identity Management Strategy PennCard HR Penn Directory Home Grown App SRS Penn Community UPHS 3 rd Party App PennGroups Penn Names Atlas AuthZ Decisions via LDAP or WS Ancillary Affiliates (Temp, VFAC, CHOP, etc..) PennKey 12/3/2018 Central Authorization at the University of Pennsylvania

Central Authorization at the University of Pennsylvania What Is PennGroups PennGroups is derived from the Internet2 open source Grouper initiative Has been adopted and deployed at other ivy league universities (Brown, Cornell, Yale) Penn has worked with the Grouper team to enhance the baseline product Better meets the needs of Penn Provides additional useful functionality to other grouper users Allows Penn to benefit from future grouper enhancements without maintaining a separate source code instance 12/3/2018 Central Authorization at the University of Pennsylvania

Central Authorization at the University of Pennsylvania Benefits Facilitates consistent application of University business rules Managed through a common UI and web services Streamlines maintenance of authorization data Brings scattered redundant groups together for re-use Allows useful actions on these groups -- group math, group nesting, exclusion criteria Leverages Penn Community data for accurate, up to date authorization decisions Can leverage existing attribute information Distributed/delegated model of control Supports the creation of new groups by schools and centers 12/3/2018 Central Authorization at the University of Pennsylvania

Central Authorization at the University of Pennsylvania How It Works Authorization by application After authentication the application can interrogate PennGroups for access to group membership data Web services LDAP Changes to group membership are reflected automatically and propagate to the application dynamically 12/3/2018 Central Authorization at the University of Pennsylvania

Central Authorization at the University of Pennsylvania Managing PennGroups Two modes for creating and managing groups Automated Web services - build and run a query from your data store and send group membership information to PennGroups via the web service API Stored SQL – Configure a SQL query within the PennGroups UI to run on a scheduled basis to modify group membership Manual UI – log onto the PennGroups UI to manually manage your group membership You cannot manually add members to or remove members from a group that is managed in an automated fashion 12/3/2018 Central Authorization at the University of Pennsylvania

Central Authorization at the University of Pennsylvania PennGroups Hierarchy 12/3/2018 Central Authorization at the University of Pennsylvania

PennGroups in a Decentralized Environment When School/Center is purchasing or developing a new system LSP/ application developer contacts Central IT LSP/developer and Central IT collaborate to: Establish authorization use cases for the specific application Determine access method (LDAP or Web Services) Determine best approach for group creation and maintenance School/Center fills out access forms Central IT consults with LSP/developer on group hierarchy structure 12/3/2018 Central Authorization at the University of Pennsylvania

Central Authorization at the University of Pennsylvania Use Cases PTO – Paid Time Off Provides ability to select a person that doesn’t manage their time off through PTO as a supervisor/approver ISC Warehouse Apps Provides a feed from the warehouse for employees in 3 orgs.  If you are active in the org, you will be in the group, and the app will let you in Abramson's Cancer Center Builds custom research related applications and needs an means to confirm that users who log in currently have an active status School of Engineering and Applied Science Affiliate level groups - faculty members, staff members, students, undergrads, grads, PhD students Class level groups - everyone enrolled in every SEAS course, and several ad-hoc groups. Kept up to date via a SEAS data store and propagated to PennGroups via the SQL loader Group hierarchy (groups such as freshman, sophomore, etc are members in the group uGrad). Ad hoc groups generated and maintained via specific applications and business rules.  Use of groups to determine access to various resources such as SSH (with different groups allowed to access different machines), IMAP, POP, SMTP, etc. 12/3/2018 Central Authorization at the University of Pennsylvania

Central Authorization at the University of Pennsylvania More Information For technical documentation see the Internet2 Grouper wiki at: General info https://wiki.internet2.edu/confluence/display/GrouperWG/Grouper+Project Web services info https://wiki.internet2.edu/confluence/display/GrouperWG/Grouper+-+Web+Services 12/3/2018 Central Authorization at the University of Pennsylvania

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.