Directory of Directories for Higher Education (DoDHE) October 5, 2001 Michael R. Gettes Principal Technologist Georgetown University Project Leader, DoDHE.

Slides:



Advertisements
Similar presentations
04 June 2002, TERENA, Limerick MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.
Advertisements

Welcome to Middleware Joseph Amrithraj
ICS 434 Advanced Database Systems
Grouper Training Developers and Architects LDAP Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial 3.0.
Building Consensus on Middleware for Digital Video
Internet2 Middleware BASE CAMP slides Michael R. Gettes Principal Technologist Georgetown University
Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.
A Presentation Management System for Collaborative Meetings Krzysztof Wrona (ZEUS) DESY Hamburg 24 March, 2003 ZEUS Electronic Meeting Management System.
Schema: eduPerson views Michael R Gettes Duke University EuroCAMP, November 2005.
1 Internet2 EduPerson 2nd TF-LSD meeting, Amsterdam, 2. February 2001 Peter Gietz
Active Directory: Final Solution to Enterprise System Integration
CS603 Active Directory February 1, 2001.
Grid Computing, B. Wilkinson, 20046c.1 Globus III - Information Services.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
Understanding Active Directory
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
The Co-op Database Project Who It's For At Northeastern University cooperative education is an integral part of the education experience. There is a continuous.
I2-MI Middleware 2011 CSG WORKSHOP OPERATIONAL AND DYS-FUNCTIONAL DIRECTORIES Agenda Georgetown, Stanford, Burton Group, iPlanet, Michigan, Minnesota,
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
LHC Experiment Dashboard Main areas covered by the Experiment Dashboard: Data processing monitoring (job monitoring) Data transfer monitoring Site/service.
03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.
Research on cloud computing application in the peer-to-peer based video-on-demand systems Speaker : 吳靖緯 MA0G rd International Workshop.
All Experimenters Meetings Windows 7 Migration 1 April 18, 2011 W7 AEM Presentation.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.
01 February 2002 Directories are Fundamental Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect University.
GRID Centralized management of the Globus grid-mapfile Carlo Rocca INFN, Catania.
Introduction To OpenLDAP Directory Services. What is a Directory Service? A specialized database optimized for reading, browsing, and searching. No complicated.
The Directory A distributed database Distributed maintenance.
XHTML Introductory1 Linking and Publishing Basic Web Pages Chapter 3.
M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.
DoDHE: Data Submission via Architech Michael R Gettes Lead Application Systems Integrator Georgetown University f Technologist, University.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 5: Active Directory Logical Design.
HTML ~ Web Design.
Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Implementing LDAP Client/Server System for Directory Service By Maochun Sun Project Advisor: Dr. Chung-E Wang Department of Computer Science California.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Schema: eduPerson views Michael R Gettes Duke University EuroCAMP, March 2005.
Sonoma State White Pages Implementation Barry Blackburn Andru Luvisi Brian Biggs.
LDAP Authentication Copyright © Liferay, Inc. All Rights Reserved. No material may be reproduced electronically or in print without written permission.
LDAP (Lightweight Directory Access Protocol ) Speaker: Chang-Yu Wu Adviser: Quincy Wu Date:2007/08/22.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Cyberinfrastructure What is it? Russ Hobby Internet2 Joint Techs, 18 July 2007.
The HEP White Pages Project Ray Jackson CERN / IT - Internet Services Group 23rd April HEPiX/HEPNT Conference, LAL-Orsay, France.
4 October 2001 Tuning in to H.323 / LDAP security What this presentation is about - RADvision ECS registration control via LDAP - information and configs.
Enterprise Network Systems Client/ Server Mark Clements.
Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago.
May 12, 1999Common Solutions Group, DS Workshop1 Directory Design & Operations at Princeton University Michael R. Gettes Collaboration Services Group (CSG)
Review on Active Directory. Aim Enable users to find network resources easily Central and easy administration of users and resources in a domain Improve.
2-Oct-0101 October 2001 Directories as Middleware Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect.
Recent Developments in Directories: Performance Monitoring with “Look” Brendan Bellina, University of Notre Dame Spring 2003 Internet2 Member Meeting.
May I introduce you to eduPerson? Keith Hazelton Sr. IT Architect, UW-Madison TNC 2001, Antalya, Turkey, 15-May-2001.
Windows 2003 Architecture, Active Directory & DNS Lecture # 3 Hassan Shuja 02/14/2006.
Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
1 Directory Services  What is a Directory Service?  Directory Services model  Directory Services naming model  X.500 and LDAP  Implementations of.
CollegeSource Security Application &
Vidmid Session Overview
Introduction to LDAP Frank A. Kuse.
Current Activities in Middleware
gLite Information System
ICT Communications Lesson 1: Using the Internet and the World Wide Web
Index Object Schema and Replication Infrastructure
gLite Information System
Design Unit 26 Design a small or home office network
Introduction to Name and Directory Services
EGEE Middleware: gLite Information Systems (IS)
Operational Issues in Directories (selected)
Internet Vocabulary Terms
Presentation transcript:

Directory of Directories for Higher Education (DoDHE) October 5, 2001 Michael R. Gettes Principal Technologist Georgetown University Project Leader, DoDHE f Technologist, University of Colorado at Boulder

Is DoDHE anything new? A Web of People vs. A Web of Data Linking people to applications and organizations Early 1990’s X.500 World-wide Directory System (DAP) Slow Computers, expensive memory Slow Networks Large memory footprint and relatively slow server Before its time (probably) Now Fast Computers, cheap memory Fast Networks Lightweight (DAP), Fast server, lean and mean.

Is DoDHE anything new? Exposes common schema issues. eduPerson applicability. Performance issues for massively parallel searches. Interesting lessons learned about LDAP API. Worked with iPlanet/Netscape to use DSGW for this project. (Mark Smith) Prototype from April, A search of 500 simulated dirs getting about 15,000 responses in approximately 30 seconds. Is this viable?

Where Are We Now? Michael Gettes working 50% time Internet2 and this project. MACE-DIR provides oversight of the project Sun Microsystems has contributed hardware and assisted with software procurement (iPlanet DS 5, 6 million DNs for Central Deposit Service). Also, access to intellectual capital. Sun E450, 4x400Mhz CPU, 4GB RAM + disk. Using Metamerge to assist in submitting data to the Central Deposit for those sites wishing to do so.

Where Are We Now? (cont.) eduPerson specification for common schema LDAP-Recipe for similar config and operations and further recommendations for use of common schema i.e. RL “Bob” Morgan’s advice for handling names. DoDHE is functional. Now ready to accept new schools to participate. Can search enterprise directories real-time or handle data submitted centrally for searching – the decision is for each site. UI issues needed development… working with I-schools. Have requested EDUCAUSE for directory.edu to be used by DoDHE

Site Dir Site Dir Site Dir DoDHE Architecture Web Page Site Dir Site Dir Site Dir CDS Dir CDS Dir... Parallel Search Engine Central Deposit Service Gratuitous Architectural Graphic (GAG) DoD Config Dir Real-time Search of Site Dirs Data supplied By Site Dirs. Updated periodically LDAP Front-end

Inputs: Local Site View Local Data Source CDS LDAP Generate LDIF Data Submit final LDIF to CDS using authenticated POST via HTTPS. Filter LDIF according to local policy. Generate new LDIF for submission. DODHEDODHE

CDS Input Standardized input is LDIF Using Metamerge as filter and submission mechanism Sites can always roll their own but will have to comply with Metamerge implementation rules Site always submits full dataset. No worry of reconciling. Easier site participation in the DoDHE service. CDS handles reconciliation and controls data updates. Can provide feedback. Georgetown using CDS with Metamerge: 8/ K DNs reduced to 18K for CDS in 45 min

Central Deposit Service dc=edu dc=georgetowndc=washingtondc=virginiadc=memphis dn: uid=gettes,ou=People,dc=georgetown,dc=edu objectclass: {person, organizationalPerson, inetOrgPerson, eduPerson} cn: Michael Gettes sn: Gettes mail: displayName: Michael R Gettes eduPersonPrimaryAffiliation: Employee eduPersonAffiliation: Employee …

DoDConfig Directory dn: dc=georgetown,dc=edu objectclass: {organizationalUnit, domain, referral, DoDEntry } cn: Georgetown University ref: ldap://directory.georgetown.edu/dc=georgetown,dc=edu dodRefSearch: ldap://cds1.dodhe.internet2.edu/dc=georgetown,dc=edu dodCarnegieClass: Research-1 uid: georgetown.edu dc=edu dc=georgetowndc=washingtondc=virginiadc=memphis

Disclaimers and Project Participation Of 13 sites that participated in the initial testing and analysis by allowing access to searching their directories, 11 have replied to give permission in participating in the project. Some say “Didn’t realize the data was going to be THAT public!?!?” Splash page of DoDHE has necessary legal disclaimers Open for further participants in the experiment.

Common Configuration While the LDAP Recipe is intended to promote reasonable practice for configuration and operation – reality is different Now only searching commonName due to disparity of indexing Todd Piket (Michigan Tech) has been working on an LDAP Analyzer which will connect to a directory and figure out indexing settings, schema usage and compliance with eduPerson (including vocabularies), performance issues, DIT structure issues and so on. Availability unknown.

Heuristics and capabilities? What should be available to search? By Affiliation Carnegie Classification Geography Institution Job Classification Area of Research or specialty

Human Interface What should the web interface look like? Response analysis? What to do with 10,000 hits? Human Interface work with the I-schools mw-dodhe-ui project started summer 2001 see see Eisenberg Middleware Plenary at VIMM-2001 What will we learn from them? How will we have to change our Enterprise directories? What will we learn together?

The Mundane Server Configuration Scalability Statistical Analysis Security Monitoring Threat response (anti-slurpers) Management & Maintenance Self-Registration and Configuration - proceeding Participation Requirements – DIT root suffix, etc. Meta Directory functionality for central deposit (done?)

Issues Displaying Org structure in DoDHE using eduPersonOrgDN and eduPersonOrgUnitDN eduOrganization – attributes for projects (shibboleth). A place to specify eduPerson version usage? Hints about Affiliated Directory configuration? How can DoDHE display and use it? Scalability across multiple CDS servers. Going beyond 6 million? Regionalized DoDHE – a DoDHE hierarchy. Example: CSU system wants a DoDHE for them – separate or integrated? A DoDHE Tree? An LDAP interface (not just a web interface) to DoDHE – clients? Include European Large Scale Directory projects in DoDHE searches

Metamerge Product Info Higher Education Contact for USA Keith Hazelton, University of Wisconsin – Madison This product is available free of charge to Higher Ed in USA Source code will be in escrow. See Keith for further details.

DoDHE Location So, here’s the URL for DoDHE Be gentle. Please. Project web page

Affiliated Directories and DoDHE How to link Person X in one directory with Person X in another separate directory We need to solve this problem for various applications and communities: Video, Community of Science, Inter-institutional faculty/staff/students, Enterprise Directories and GRID, etc… Solve this problem for the Enterprise Directory and it propogates to DoDHE for free – theoretically.

A Video Scenario using DoDHE and Affiliated Directories Keith Hazelton wishes to make a video conference call with Tyler Johnson. Keith uses DoDHE to search for Tyler because he can’t seem to remember where he works (Keith has trouble remembering things). Using DoDHE he finds Tyler. Remember, Tyler’s entry in DoDHE is supplied by his enterprise directory at the University of North Carolina. Keith sees a hyperlink that says Tyler is video enabled. Clicking the hyperlink takes Keith over to the “video world” which accurately describes Tyler’s video capabilities for that day. Keith then likely clicks a link to initiate a video connection with Tyler. The UNC Enterprise directory only knows about an affiliation with “video world” for Tyler because he created the affiliation in the UNC directory and the “video world”. (a metadir problem?)