Enabling Applications to Use Your IdMS

Slides:



Advertisements
Similar presentations
Administrative Data and Curricular Support: The Sum is Greater Than the Parts NERCOMP 2004 Copyright Bret Ingerman, Daniel Green, and Beth DuPont, 2004.
Advertisements

What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.
Data, Policy, Stakeholders, and Governance Amy Brooks, University of Michigan – Ann Arbor Bret Ingerman, Vassar College Copyright Bret Ingerman This.
Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.
USCGrid KX.509& Enterprise Security Shelley Henderson Project Manager, Grid Software USC Information.
Growing a Successful Graduate Application System Presenters Craig Higgins - Director of Administration, School of Electrical and Computer Engineering Mark.
Integrating Oracle Collaboration Suite into the Identity Management Infrastructure Dan Malone Cal Poly, San Luis Obispo Integrating.
The Homegrown Single Sign On (SSO) Project at UM – St. Louis.
Copyright Statement © Jason Rhode and Carol Scheidenhelm This work is the intellectual property of the authors. Permission is granted for this material.
Unraveling Web Development PRESENTERS: Bob Nakles and Paras Kaul, George Mason University.
Jeff McKinney Exchange to Mirapoint Migration January 11, 2006 Securing Exchange to Mirapoint Jeff McKinney University of Maryland Dept of Electrical.
You’ve Built The Pieces, Now Integrate Your Enterprise! Mid-Atlantic Regional Conference January 17, 2003 Patty Gertz, Princeton University
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
Sharing Information and Controlling Content: Continuing Challenges for Higher Education Susanna Frederick Fischer Assistant Professor Columbus School of.
SALTING THE OATS ENGAGING FACULTY IN “IT” BY ENGAGING STUDENTS KENTON ADLER LYON COLLEGE BATESVILLE, AR Copyright Kenton Adler, This work is the.
Ten Thing IT Staff Need to Know About Education Records Privacy Ten Things IT Staff Need to Know About Education Records Privacy Jeff von Munkwitz-Smith.
Educause 2006, Dallas TX What does a University need from Access Management? John Paschoud InfoSystems Engineer, LSE Library London School of Economics.
NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.
Twitter: 1.
Middleware 101 Dave Tomcheck UC Irvine. Overview Drivers and Assumptions Objectives The Components of the Business Architecture Implications for Stakeholders.
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
The "How" and "Why" of a Large-Scale Wireless Deployment  March 3, 2004  EDUCAUSE Western Regional Conference Sacramento, CA Copyright Philip Reese,
NERCOMP 2002 Ten Things IT Staff Need to Know About Education Records Privacy Jeff von Munkwitz-Smith University Registrar University of Connecticut.
Copyright © 2003, The University of Texas at Austin. This work is the intellectual property of the author. Permission is granted for this material to be.
Level 2 IT Users Qualification – Unit 1 Improving Productivity Carl.
Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale This.
Bringing it All Together: Charting Your Roadmap CAMP: Charting Your Authentication Roadmap February 8, 2007 Paul Caskey Copyright Paul Caskey This.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
© 2009 Pittsburgh Supercomputing Center Server Virtualization and Security Kevin Sullivan Copyright Kevin Sullivan, Pittsburgh Supercomputing.
© Scottsdale Community College Leveraging the Power of E-Learning Taking your course to a higher level Presented by Sidne Tate Director, Instructional.
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
Free Software - Introduction to free software and the GPL Copyright © 2007 Marcus Rejås Free Software Foundation Europe I hereby grant everyone the right.
5 TH APRIL 2016 HANNAH SMITH Project Management tips and tricks for Wordpress projects.
University of Southern California Identity and Access Management (IAM)
How to Use Social Media, Identity Management, and Your Campus Portal to Efficiently and Effectively Communicate with Students Sarah Alpert, Senior Project.
Copyright Joel Rosenblatt 2010
Copyright John Broida, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
App Camp Gave written instructions for what we were doing and why.
Hidden Slide for Instructor
Digital Literacy and Online Safety
SIP Protocol overview SIP Workshop APAN Taipei Taiwan 23rd Aug 2005
Federated Identity Management at Virginia Tech
Walking the Line Between Customer Service and Customer Codependency
Julian Hooker Assistant Managing Director Educause Southwest
Beth Schaefer and Mark Rank | March 16, 2010
Applications of Virtualization & Automation
myGettysburg When You Build It And They Don’t Use It Rebuild It
Evolving Academic Computing Offerings: A Successful Strategy
Filelocker: Simplifying Secure File Transfers
John O’Keefe Director of Academic Technology & Network Services
Identity and Access Management:
Defining an IT Workflow, from Request to Support
Beyond Account Creation
Copyright Notice Copyright Bob Bailey This work is the intellectual property of the author. Permission is granted for this material to be shared.
Blaine A. Brownell, President,
University of Southern California Identity and Access Management (IAM)
Privilege Management: the Big Picture
Project for OnLine Instructional Support (POLIS)
Open Source Web Initial Sign-On Packages
myIS.neu.edu – presentation screen shots accompany:
An App A Day Copyright Tina Oestreich and Brian Yuhnke This work is the intellectual property of the author. Permission is granted for this material.
Technical Topics in Privilege Management
Managing Enterprise Directories: Operational Issues
Implementing Security in ASP.NET Core: Claims, Patterns, and Policies
Bad News Messages: How Much and How Often?
Presentation transcript:

Enabling Applications to Use Your IdMS Dan Malone Middleware Architect California Polytechnic State University, San Luis Obispo Take a tootsie pop… How will data be made available to the applications. Copyright Dan Malone, 2004. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

Identity Management The Old Way TAP – Tim’s Accounting Program PH – CSO Directory Server SOAP – Suite Of Accounting Packages First, how we got to where we are at today. Tim was a student… After this is where I came into the picture. In order to support these, I needed to reverse engineer all the pieces. 5/13/2019 2

Identity Management The Old Way SIS Unix TAP HR Email PH Talk quickly about problems we dealt with day-to-day Foundation Calendar SOAP ASI 5/13/2019 3

Something had to change!!! It’s all about the data and managing information We can’t know how every application works Need to know what data we are getting from the sources. And it needs to be clean. Using the data in a new way really shows how bad it really is. Data by itself is not as useful as information derived from it… “full time student” true/false field is much more useful than trying to determine if a “person with 12 units in the current quarter” .. Also useful to have everyone using the same definitions. E.g. if all students get unix accounts and all students get email accounts, then it better be the same list of students. We can’t learn every application, and application administrators don’t want others in their application. Then, another ITS re-org: into Information Management – Data Warehousing 5/13/2019 4

Identity Management The New Way Identity Reconciliation Data Warehouse Directory Services LDAP Authentication Services Trusted Web Authentication (CAS from Yale) LDAP Authentication Password Management Provisioning Services 5/13/2019 5

Provisioning Model It’s all about the data/information Well defined business rules We can’t be expected to know how to provision every application We don’t want to create DAP – Dan’s Accounting Program Started as an email provisioning project. We turned it into a provisioning model project so we could re-use it. The data is what the application needs to create the accounts. The app just wants to create accounts for people and needs some data (like first name and last name) to create them. The apps should be consistent, thus the data should be consistent Business rules for population selection and for data requirements. Not just “give me everything and I’ll use what I need” or “tell me what you have”. Well defined roles and responsibilities between middleware and application administrators. In our case, the middleware gathers and packages the required data. Application administrators process the data by performing the appropriate functions on the application. Must be maintainable by more that one person. Keep it simple. Not focusing on tight code or how long it takes to run. 5/13/2019 6

Build or Buy? Why to build our own Provisioning System. Products are all very proprietary Novell and Active Directory camps will never agree on which one is right Dependent on vendor supplied connectors Or build your own using the language of the vendors choice Who will manage it? Still need to define the business rules What we found: Proprietary – no standards between products Both want to be the center of the world (for more than just provisioning and IdM) Vendor supplied connectors are limited. Since we have a wide variety of applications not one vendor covers them all. So we are going to have to build at least part of it anyway. These are complex applications. Someone has to learn it and manage it. (Not just read the quick start guide and install it) Business rules aren’t something you get “out of the box” 5/13/2019 7

Provisioning Model – Diagram We are now building our provisioning system based on this model. We are running successfully in our development environment now. 5/13/2019 8

What took the most effort Convincing people we are doing the right thing Replacing vs. rebuilding TAP We can not buy a product that will do everything Application owners “We are not programmers” Data request for an application Business rules are not well defined Application owners need help Functional areas/data stewards need help People are worried that they won’t be able to do things the same way… That’s true in some ways. (You can’t just add someone to the directory) Can not buy…: Many are not thinking big picture. Needed a new form for applications, not a person. Data authority needs to approve the use. Then they know who/how people are using it. Asked for definition of student: 7 Faculty: 4 Note that none of these are coding. 5/13/2019 9

What’s working well If 80% up-front planning then 20% coding else 80% coding + 80% rework + … Once the application owners understood the model, they liked the fact they still have full control of their application Data warehouse processes are being improved Data warehouse has the same issues. 5/13/2019 10

The power is in the information Take advantage of the data and information that already exists Business rules are difficult to come by but are worth the effort Keep talking about middleware to make people remember what it will do for them Also, the data warehouse already has policies and procedures around getting data, such as the data request forms and the approval process. If you spend the time to do the business rules (application and data rules) up front, you won’t need to do as much rework. Plus you can reuse them for the next application. Middleware is behind the scenes stuff. If people do notice it, it’s usually because it broken… But, you need support to make it work, so, keep talking about the benefits. Find a way to keep interest (I wouldn’t suggest having a presentation at 2:30, after a big lunch (nap time)) So, before I open this up for questions, I have a question for everyone who has eaten their tootsie-pop: The tootsie-pop has some middleware, right? Did anyone get to the middleware in the tootsie-pop? What would a tootsie-pop be without it’s middleware? Just a sucker. 5/13/2019 11

Dan Malone – dmalone@calpoly.edu Questions Dan Malone – dmalone@calpoly.edu 5/13/2019 12

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.