Directory of Directories for Higher Education (DoDHE) October 5, 2001 Michael R. Gettes Principal Technologist Georgetown University Project Leader, DoDHE f Technologist, University of Colorado at Boulder
Is DoDHE anything new? A Web of People vs. A Web of Data Linking people to applications and organizations Early 1990’s X.500 World-wide Directory System (DAP) Slow Computers, expensive memory Slow Networks Large memory footprint and relatively slow server Before its time (probably) Now Fast Computers, cheap memory Fast Networks Lightweight (DAP), Fast server, lean and mean.
Is DoDHE anything new? Exposes common schema issues. eduPerson applicability. Performance issues for massively parallel searches. Interesting lessons learned about LDAP API. Worked with iPlanet/Netscape to use DSGW for this project. (Mark Smith) Prototype from April, A search of 500 simulated dirs getting about 15,000 responses in approximately 30 seconds. Is this viable?
Where Are We Now? Michael Gettes working 50% time Internet2 and this project. MACE-DIR provides oversight of the project Sun Microsystems has contributed hardware and assisted with software procurement (iPlanet DS 5, 6 million DNs for Central Deposit Service). Also, access to intellectual capital. Sun E450, 4x400Mhz CPU, 4GB RAM + disk. Using Metamerge to assist in submitting data to the Central Deposit for those sites wishing to do so.
Where Are We Now? (cont.) eduPerson specification for common schema LDAP-Recipe for similar config and operations and further recommendations for use of common schema i.e. RL “Bob” Morgan’s advice for handling names. DoDHE is functional. Now ready to accept new schools to participate. Can search enterprise directories real-time or handle data submitted centrally for searching – the decision is for each site. UI issues needed development… working with I-schools. Have requested EDUCAUSE for directory.edu to be used by DoDHE
Site Dir Site Dir Site Dir DoDHE Architecture Web Page Site Dir Site Dir Site Dir CDS Dir CDS Dir... Parallel Search Engine Central Deposit Service Gratuitous Architectural Graphic (GAG) DoD Config Dir Real-time Search of Site Dirs Data supplied By Site Dirs. Updated periodically LDAP Front-end
Inputs: Local Site View Local Data Source CDS LDAP Generate LDIF Data Submit final LDIF to CDS using authenticated POST via HTTPS. Filter LDIF according to local policy. Generate new LDIF for submission. DODHEDODHE
CDS Input Standardized input is LDIF Using Metamerge as filter and submission mechanism Sites can always roll their own but will have to comply with Metamerge implementation rules Site always submits full dataset. No worry of reconciling. Easier site participation in the DoDHE service. CDS handles reconciliation and controls data updates. Can provide feedback. Georgetown using CDS with Metamerge: 8/ K DNs reduced to 18K for CDS in 45 min
Central Deposit Service dc=edu dc=georgetowndc=washingtondc=virginiadc=memphis dn: uid=gettes,ou=People,dc=georgetown,dc=edu objectclass: {person, organizationalPerson, inetOrgPerson, eduPerson} cn: Michael Gettes sn: Gettes mail: displayName: Michael R Gettes eduPersonPrimaryAffiliation: Employee eduPersonAffiliation: Employee …
DoDConfig Directory dn: dc=georgetown,dc=edu objectclass: {organizationalUnit, domain, referral, DoDEntry } cn: Georgetown University ref: ldap://directory.georgetown.edu/dc=georgetown,dc=edu dodRefSearch: ldap://cds1.dodhe.internet2.edu/dc=georgetown,dc=edu dodCarnegieClass: Research-1 uid: georgetown.edu dc=edu dc=georgetowndc=washingtondc=virginiadc=memphis
Disclaimers and Project Participation Of 13 sites that participated in the initial testing and analysis by allowing access to searching their directories, 11 have replied to give permission in participating in the project. Some say “Didn’t realize the data was going to be THAT public!?!?” Splash page of DoDHE has necessary legal disclaimers Open for further participants in the experiment.
Common Configuration While the LDAP Recipe is intended to promote reasonable practice for configuration and operation – reality is different Now only searching commonName due to disparity of indexing Todd Piket (Michigan Tech) has been working on an LDAP Analyzer which will connect to a directory and figure out indexing settings, schema usage and compliance with eduPerson (including vocabularies), performance issues, DIT structure issues and so on. Availability unknown.
Heuristics and capabilities? What should be available to search? By Affiliation Carnegie Classification Geography Institution Job Classification Area of Research or specialty
Human Interface What should the web interface look like? Response analysis? What to do with 10,000 hits? Human Interface work with the I-schools mw-dodhe-ui project started summer 2001 see see Eisenberg Middleware Plenary at VIMM-2001 What will we learn from them? How will we have to change our Enterprise directories? What will we learn together?
The Mundane Server Configuration Scalability Statistical Analysis Security Monitoring Threat response (anti-slurpers) Management & Maintenance Self-Registration and Configuration - proceeding Participation Requirements – DIT root suffix, etc. Meta Directory functionality for central deposit (done?)
Issues Displaying Org structure in DoDHE using eduPersonOrgDN and eduPersonOrgUnitDN eduOrganization – attributes for projects (shibboleth). A place to specify eduPerson version usage? Hints about Affiliated Directory configuration? How can DoDHE display and use it? Scalability across multiple CDS servers. Going beyond 6 million? Regionalized DoDHE – a DoDHE hierarchy. Example: CSU system wants a DoDHE for them – separate or integrated? A DoDHE Tree? An LDAP interface (not just a web interface) to DoDHE – clients? Include European Large Scale Directory projects in DoDHE searches
Metamerge Product Info Higher Education Contact for USA Keith Hazelton, University of Wisconsin – Madison This product is available free of charge to Higher Ed in USA Source code will be in escrow. See Keith for further details.
DoDHE Location So, here’s the URL for DoDHE Be gentle. Please. Project web page
Affiliated Directories and DoDHE How to link Person X in one directory with Person X in another separate directory We need to solve this problem for various applications and communities: Video, Community of Science, Inter-institutional faculty/staff/students, Enterprise Directories and GRID, etc… Solve this problem for the Enterprise Directory and it propogates to DoDHE for free – theoretically.
A Video Scenario using DoDHE and Affiliated Directories Keith Hazelton wishes to make a video conference call with Tyler Johnson. Keith uses DoDHE to search for Tyler because he can’t seem to remember where he works (Keith has trouble remembering things). Using DoDHE he finds Tyler. Remember, Tyler’s entry in DoDHE is supplied by his enterprise directory at the University of North Carolina. Keith sees a hyperlink that says Tyler is video enabled. Clicking the hyperlink takes Keith over to the “video world” which accurately describes Tyler’s video capabilities for that day. Keith then likely clicks a link to initiate a video connection with Tyler. The UNC Enterprise directory only knows about an affiliation with “video world” for Tyler because he created the affiliation in the UNC directory and the “video world”. (a metadir problem?)