CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington.

Slides:



Advertisements
Similar presentations
Yammer Technical Solutions Overview
Advertisements

Towards Common Identity Services Tom Barton University of Chicago.
Kuali Rice at Indiana University Plans for KFS and KC Deployments in Rice July 29-30, 2008 Eric Westfall.
The Lifecycle of an IRB Protocol in KC
By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.
Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.
Introduction to Kuali Rice ITANA Screen2Screen: Kuali on Campus May 2009 Eric Westfall – Kuali Rice Project Manager.
Kuali Rice at Indiana University Important Workflow Concepts Leveraged in Production Environments July 29-30, 2008 Eric Westfall.
Chapter 3 Database Management
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Peter Deutsch Director, I&IT Systems July 12, 2005
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
Databases and Database Management Systems
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Chapter 7 Managing Data Sources. ASP.NET 2.0, Third Edition2.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
CASE STUDY: UNIVERSITY OF CALIFORNIA, DAVIS. UNIVERSITY OF CALIFORNIA, DAVIS Implemented Rice in October 2009 Integrated home-grown Faculty Merit.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Open source administration software for education software development simplified KRAD Kuali Application Development Framework.
Implementing Kuali Identity Management at your Institution Kuali Days VIII San Antonio Texas Pre-conference Workshop Monday, November 16, a.m. -
Introduction to Kuali Rice Presented at Internet2 April 2009 Eric Westfall – Kuali Rice Project Manager Bill Yock – Vice Chair, Kuali Rice Board of Directors.
Technical Overview of Kuali Rice UC Davis, Information & Educational Technology January 2009.
James Smith, University of Arizona Barbara Sutton, Cornell University
Kuali Rice Technical Overview February Components of Rice  KEWKuali Enterprise Workflow  KNSKuali Nervous System  KRADKuali Rapid Application.
1 Kuali Identity Management Advanced CAMP: Identity Services Summit for Higher Ed Open / Community-Source Projects.
Kuali Rice at Indiana University Rice Setup Options July 29-30, 2008 Eric Westfall.
Technical Overview for “Functionals” (Kuali-eze…It’s a Foreign Language!) Ailish Byrne, Indiana University Barbara Sutton, Cornell University.
Eric Westfall – Indiana University Jeremy Hanson – Iowa State University Building Applications with the KNS.
Rice Status Update University of California July 20, 2009 Eric Westfall – Kuali Rice Project Manager.
Eric Westfall – Indiana University James Bennett – Indiana University ADMINISTERING A PRODUCTION KUALI RICE INFRASTRUCTURE.
Kuali Nervous System Aaron Godert, Cornell University Jonathan Keller, University of California, Davis.
RECALL THE MAIN COMPONENTS OF KIM Functional User Interfaces We just looked at these Reference Implementation We will talk about these later Service Interface.
Identity Management Access control / access management
INTEGRATION WITH OTHER IDM SOLUTIONS Remember… The primary goal of KIM was to build a service- oriented abstraction layer for Identity and Access Management.
Case Study: DirXML Implementation at Waste Management Rick Wagner Systems Engineer Novell, Inc.
Developing Applications for SSO Justen Stepka Authentisoft, LLC
Kuali Nervous System Aaron Godert, Cornell University Jonathan Keller, University of California, Davis.
Kuali Enterprise Workflow Presented at ITANA October 2009 Eric Westfall – Kuali Rice Project Manager.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Business Intelligence Zamaneh Jahed. What is Business Intelligence? Business Intelligence (BI) is a broad category of applications and technologies for.
KUALI IDENTITY MANAGEMENT Provides services for Identity and Access Management in Kuali Integrated Reference Implementations User Interfaces An “integration.
National Center for Supercomputing Applications NCSA OPIE Presentation November 2000.
Building Applications with the KNS. The History of the KNS KFS spent a large amount of development time up front, using the best talent from each of the.
PS Security By Deviprasad. Agenda Components of PS Security Security Model User Profiles Roles Permission List. Dynamic Roles Static Roles Building Roles/Rules.
Emerson David – University of California Davis David Elyea – San Joaquin Delta College Scott Gibson – University of Maryland Jeremy Hanson – Iowa State.
ArcGIS Server for Administrators
Stanford Authorization Existing mainframe based authority –homegrown, in operation since the 80’s –primarily for financial and personnel authority for.
Kuali Identity Management Overview. Why did we write KIM? Common Interface for Kuali Applications Provide a Fully-Functional Product A Single API for:
Kuali Rice A basic overview…. Kuali Rice Mission First and foremost to provide a consistent development framework and common middleware layer for Kuali.
Capital Asset Management May 14, 2008 Today’s Presenters: Anna Jensen, Director of Auxiliary Accounting, Capital Asset Management, Accounts Receivable,
Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, am.
Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.
Sakai Authentication and Directory Architecture for 1.0 and Beyond A response to an by Albert Wu and Thomas Bush 8/28/2004 Charles Severance.
8th Sakai Conference4-7 December 2007 Newport Beach Integration: Users and Groups Mark J. Norton Nolaria Consulting.
Kuali Rice: General Overview Brian McGough Kuali Rice Project Manager Kuali Lead Architect Director, Enterprise Software, IU May 13, 2008.
Imagining a Community Source Student Services System Leo Fernig Richard Spencer SOA Workshop Vancouver March 24, 2006.
KEW Definitions Document Type The Document Type defines the routing definition and other properties for a set of documents. Each document is an instance.
KIM: Kuali Abstraction Layer for Identities, Groups, Roles, and Permissions.
February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.
Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.
Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, am.
Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.
What’s new with Grouper 26-April-2010, Spring Member Meeting Chris Hyzer, Grouper developer.
Introduction to Terra Dotta Applications Integration with Campus Data Systems for institutions beginning their software implementation.
Overview of the BI Tools – Enterprise CoE Scope of Services
October 2014 HYBRIS ARCHITECTURE & TECHNOLOGY 01 OVERVIEW.
Implementing Kuali Identity Management at Your Institution
Identity and Access Management Challenges in uPortal
Module 1: Introduction to Administering Accounts and Resources
Presentation transcript:

CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington 1

CASE STUDY: INDIANA UNIVERSITY

INDIANA UNIVERSITY Implemented Rice in May 2010 Kuali Financial System - partial implementation – May 2010 Implementation of KIM includes a hybrid of data loading into KIM database tables and service overrides KIM provides the primary IdM services for many of our enterprise software applications 3

IDENTITY DATA Indiana University uses a tool from Microsoft called Identity Lifecycle Management (ILM) ILM aggregates identity data from various sources – HR, PeopleSoft, etc. It can then feed that data in close to real time to other systems At IU, Kuali Identity Management is one of those systems Built a web service that sits on top of KIM that implements CRUD operations for identity data 4

ILM-KIM ARCHITECTURE 5

PRINCIPAL ID AND PRINCIPAL NAME In KIM the Principal ID must be unique across the implementation At IU we are using our PeopleSoft “Employee ID” for both our principal and entity ids We are using the user’s “network id” for their principal name 6

HISTORICAL DATA IU has a large historical data set of users Many of these could have participated in workflow transactions as long as 7 years ago KIM has the “IdentityArchiveService” that can be used to retrieve historical entity data – A subset of the full entity data We pull this historical data into the designated KIM table from an external source when it is requested 7

GROUPS AND ACTIVE DIRECTORY IU has a large Microsoft Active Directory implementation Contains many, many groups that customers want to use for role assignment and routing We override the GroupService so that it pulls from both the KIM database and from ADS (via LDAP) We identify ADS groups by giving them an “ADS” namespace Generate group ID based on ADS group name 8

ADS – KIM GROUP REQUIREMENTS Should be able to use ADS groups in addition to the out-of-the-box KIM group store Groups must have a unique ID Groups are also uniquely identified by a combination of Namespace and Name Group membership can be nested

ADS GROUP INTEGRATION – IMPLEMENTATION ADS groups are assigned a namespace of “ADS” which allows the GroupService to determine how to load the Group ADS groups have an ID assigned to them consisting of “ADS” and the group name i.e. ADS:MyAdsGroupName

ADS GROUP INTEGRATION – GROUPSERVICE Override the GroupService so that it loads groups from both ADS (via LDAP) and the KIM database IF - id starts with “ADS” or namespace equals “ADS”, query ADS ELSE - delegate to reference implementation Various operations need to be customized including operations to load GroupInfo objects as well as checking Group membership Also customize the Group Lookup screen so that it can search for Groups in ADS

AUTHENTICATION Use a customized version of CAS Override the default AuthenticationService implementation Pulls authenticated principal name from our custom CAS filter which we use for Java applications 12

USER INTERFACES Person – isn’t used to maintain person data, but does permit role/group assignment Group – can be used to create and edit groups unless their namespace is “ADS” Accomplished using permissions Role –using out-of-the-box implementation 13

FUTURE PLANS Upgrade to Rice – early 2011 Kuali Coeus 3.0 – coming July 2011 Kuali Financial System – full implementation – Q Integrate Role assignment with our HR system at time of hire or position change Integrate KIM roles and permissions with our Decision Support and reporting environments Begin modeling more Roles at IU using KIM to facilitate authz and role-based routing 14

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.