uPortal Meets Campus-wide Login at UBC Paul Zablosky ITServices The University of British Columbia Slide 1
The Portal and the Institution Introducing a portal to an institution Fitting a portal to existing infrastructure Technical Organizational Functional Institutional Identities and Roles Slide 2
About UBC Departments, Services, Customers Individual service mandates Diverse identity repositories Diverse authentication mechanisms Slide 3
Institutional Services Institutional E-Business Spanning constituencies Individual-centred Portals Slide 4
The Problem Diverse identities No unifying service Slide 5
So what can a Portal do? Expose the problem A target for the solution Slide 6
Solution Components Identity repository Authentication service (CWL) Links between the two Slide 7
The Institution needs Central identity repository Institution-wide “ID’s” Central authentication service Central “Roles” repository Slide 8
The Portal framework Needs Access to: A mechanism for authentication of principals (logins) A repository of roles associated with each login An immutable key associated with each login name Slide 9
The Portal is a repository for: The user’s layout and channel set Profile information (customize) What roles enable access to each channel (authorize) Slide 10
The Channel Applications Need Access to: A mechanism for proxy authentication (SSO) Roles associated with the current login An immutable key for the current login A key for each channel instance Identity information (for personalization) Profile information (for customization) Ticket service Slide 11
The Framework Doesn’t Need The portal framework does not needs access to: The User’s name Identity information Slide 12
What is the Campus-wide Login? Institution-wide login names Authentication Connection to identity repositories Central roles repository Single signon Slide 13
Architecture uPortal CWL UBC Identity myUBC Layouts Profiles Channels CWL Login Names Roles UBC People Affiliations Job Functions Channel applications Slide 14 Identity HR Information Student Information
Limitations in the models We have users We have logins We have roles Slide 15:
Implementation with Uportal 1.6 Modified roles support Replaced keys Modified authentication to use external service Added channel-roles channel Added ticket support Slide 16
Problems Problems mainly with transition All users need to subscribe to CWL Parallel running (move from two old principals to one new principal) Call 3 different authentication services Channels still use old ID’s Slide 17
Ticket Support in the CWL In the Portal Framework In the channels Supports Single-Signon proxy authetication for channels services referenced by channels Slide 18
Why are we doing all this? Identities and Roles are fundamental Institution wide Authentication Authorization and privacy Slide 19
Lessons Learned Fitting uPortal to existing conventions Architecture: What’s in and what’s out Local decisions Theory doesn’t always have the scope of the real world It’s not hard to do, technically Slide 20
Conclusion Architectural design goal Maintain clean interfaces to embedded services so that they can be locally replaced with external services Slide 21
Visit us at my.ubc.ca Slide 22: Paul.Zablosky@ubc.ca