When Account Management Is Not Enough Identity at RIT Matt Campbell Sr. Infrastructure Engineer

Slides:



Advertisements
Similar presentations
Publication Module using back end interface. Institution Data Entry Add Documents. Edit/Delete Documents that are added but not yet sent to Institution.
Advertisements

The Biosafety Clearing-House of the Cartagena Protocol on Biosafety Tutorial – BCH Resources.
Business Development Suit Presented by Thomas Mathews.
CACORE TOOLS FEATURES. caCORE SDK Features caCORE Workbench Plugin EA/ArgoUML Plug-in development Integrated support of semantic integration in the plugin.
Kentucky Transportation Cabinet: Materials Testing Web Application.
Edoclite and Managing Client Engagements What is Edoclite? How is it used at IU? Development Process?
Chapter 7: Client/Server Computing Business Data Communications, 5e.
PENN Community Project SUG Presentation April 8, 2002.
1 Classification: Genpact Internal.  Tool From Oracle  Works with Oracle Database  PL/SQL Based  Widely Used with Oracle Applications  Can be Used.
Maintaining and Updating Windows Server 2008
Cisco Confidential 1 © Cisco and/or its affiliates. All rights reserved. Last Updated: April 2014 Instructions for Navigating in the Training.
Account Management, The Next Generation Unified Directories at the Rochester Institute of Technology Dan Tobin Matt Campbell.
Live Meeting APIs Robert Devine Program Manager Microsoft Corporation.
FCC Registration Number (FRN) Phase I Enhancements Online FRN Password Reset and ULS FRN Association FCC Commission Meeting Room Washington, D.C. September.
© 2009 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Service Access Management Tool Tour: Bill to ID and Contract Number September 2009.
Chapter 10: Authentication Guide to Computer Network Security.
Upcoming Enhancements to the HST Archive Mark Kyprianou Operations and Engineering Division Data System Branch.
RUG Australia meeting 2012 Feb 6, V Tiers & sequencing suppliers Tiers and sequencing and load balancing  Tiers = groups of suppliers.
Role of Account Management at ERCOT Market Participant Identity Management Overview (MPIM)
Introduction to Databases
Server-side Scripting Powering the webs favourite services.
University of Kentucky Proxy Service Presentation By Kelly Vickery
Tutorial 10 Adding Spry Elements and Database Functionality Dreamweaver CS3 Tutorial 101.
Lecture On Database Analysis and Design By- Jesmin Akhter Lecturer, IIT, Jahangirnagar University.
Windows Azure Team 9 Ben Holland Bao Nguyen Eric Petrowiak Barret Schloerke.
Uniting Cultures, Technology & Applications A Case Study University of New Hampshire.
Archiving Where did I put that mail?. Business criticity Importance to manage : –Authenticity –Integrity –Perennity –Compliance High TCO of mail.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
OCLC Online Computer Library Center Kathy Kie December 2007 OCLC Cataloging & Metadata Services an introduction.
University of Michigan Enterprise Directory Services Appendix A Conceptual Architecture.
Csi315csi315 Client/Server Models. Client/Server Environment LAN or WAN Server Data Berson, Fig 1.4, p.8 clients network.
Moodle (Course Management Systems). Managing Your class In this Lecture, we’ll cover course management, including understanding and using roles, arranging.
.Net and Web Services Security CS795. Web Services A web application Does not have a user interface (as a traditional web application); instead, it exposes.
SunGuide® Software Development Project Release 4.3 Express Lanes Enhancements Design Review December 15, 2009 December 15, 20091R4.3 Design Review.
DEMO - 8/14/2007. R2 Feature List ReceiveDocumentBatch Web Service SendPESCAcknowledgment Web Service Validate Acknowledgment Upload Acknowledgment Transcript.
Computer Emergency Notification System (CENS)
BIRT Deployment Plan BIRT Reporting Server Server to Server Integration Integration with Client Side Scripting.
Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,
Computing Infrastructure for Large Ecommerce Systems -- based on material written by Jacob Lindeman.
Module 10 Administering and Configuring SharePoint Search.
Empowering Campus Communication: The University of Texas at Austin Group System Tim Chamberlain Deanna Bearden.
Overview Managing a DHCP Database Monitoring DHCP
Module 3 Configuring File Access and Printers on Windows ® 7 Clients.
IPortal Bringing your company and your business partners together through customized WEB-based portal software. SanSueB Software Presents iPortal.
Module 3 Configuring File Access and Printers on Windows 7 Clients.
Student Attendance System Requirement Analysis Presentation.
Module 3: Configuring File Access and Printers on Windows 7 Clients
Module 8 : Configuration II Jong S. Bok
Creating and Delivering Web-based Courses WebNet World Conference 2000 Technology support for the development and maintenance of on-line web based courses.
TrainingRegister® Training Management Software Maintain Permanent Training Records for Each Individual Monitor and Track Required Training Know Who Needs.
Chapter 9  2000 by Prentice Hall. 9-1 Client/Server Computing.
Student Centered ODS ETL Processing. Insert Search for rows not previously in the database within a snapshot type for a specific subject and year Search.
ASSIGNMENT 2 Salim Malakouti. Ticketing Website  User submits tickets  Admins answer tickets or take appropriate actions.
1 Options Clearing Corporation Encore Data Distribution Services April 22, 2004.
Databases Salihu Ibrahim Dasuki (PhD) CSC102 INTRODUCTION TO COMPUTER SCIENCE.
Sitecore.net Training, Oct ECM 2.1 UPDATE 2 PART 1 CRAWL BEFORE YOU WALK.
Maintaining and Updating Windows Server 2008 Lesson 8.
CCCTran Technical Implementation for IT CCCApply / CCCTran User Workshops March/April, 2008 Skyline and Pasadena Colleges Richard Oberlin IT Project Leader.
What it is about? © SkillsRate is registered mark of SKILLSRATE SRL It is all about testing, testing skills,
Emdeon Office Batch Management Services This document provides detailed information on Batch Import Services and other Batch features.
Chapter 1: Introduction
GLAST Release Manager Automated code compilation via the Release Manager Navid Golpayegani, GSFC/SSAI Overview The Release Manager is a program responsible.
Creating Novell Portal Services Gadgets: An Architectural Overview
New Features in Fulfillment
HR Technology Support – EIB Training
Lecture 5: Functions and Parameters
Chapter 1: Introduction
Chapter 1: Introduction
Chapter 1: Introduction
Chapter 1: Introduction
Presentation transcript:

When Account Management Is Not Enough Identity at RIT Matt Campbell Sr. Infrastructure Engineer

About RIT RIT is one of the nation’s top comprehensive universities and sets the national standard for career-oriented education. Located in suburban Rochester, N.Y., RIT is a private university that enrolls more than 15,500 students in its eight colleges. RIT is recognized for its programs in business, engineering, art and design, photography, science and mathematics, liberal arts, computing, and many other areas.

The Challenge Students, Faculty, and Staff university ID number was SSN No authoritative system needed since “everyone has one”. International students issued a fake number starting with 999 by the student records system.

What we had to work with: Account Management System Self-Help Clients

What We Needed AMS not standards based, proprietary protocol, limited PHP API. Interfaces with existing systems that needed University IDs (SR, HR) AMS was a real time system with no ability to have an offline update mode. Performance, adequate for interactive use, to slow for large batches that would be necessary.

Standards Based Transition

Subscription Model AMS sent all client requests to all modules. CLAWS utilizes a subscription model that sends only the XML documents that match the subscription for a module. Modules categorized into two types: –Real-time modules (blocking) –Pick-up modules (non-blocking)

Real-Time Modules Modules are subscribed only to documents that they care about. –Ex. ADDIDENTITY, MODIDENTITY Modules are delivered the document and the server waits until they respond. Good for modules that perform work the client cares about.

Pick-up Modules Modules can subscribe to updates and pick them up at their leisure. Useful for antiquated systems that can not effectively provide a web service. Modules that choose to not act in real time sacrifice the ability to return data to the original requestor. These modules require that we keep requests saved in a database until they pick them up. This has a side effect of being useful for debugging purposes.

Modular Is Handy

Duplicate Prevention Identities are “scored” based on how well they match new additions. If the score is above a certain threshold, the add is denied. There is a minimum score required to even attempt the addition. Allows the user to find identities even if they misspell part of an attribute. This method causes very few false positives, usually siblings and spouses.

Affiliation The Most Important Attribute All identities are required to have one or more affiliations. –Student, Alumni, Employee, etc. Any identity lacking an affiliation is purged from the system. Identity system security closely tied to affiliation.

Integration with Account Management Accounts previously linked to SSN or the fake SSN generated by the SR system. Now accounts are linked to the new University ID. Accounts must be linked to an identity with an affiliation that allows the account to exist. –Removal of an authorizing affiliation results in the removal of the account automatically. Using an identity’s affiliation allows for much more granular account level access restrictions.

Technical Challenges Duplicate prevention. Efficiency –Heavy user load –PSAT score file loads –Excessive amounts of data Security. Legacy mainframe application integration.

Other Issues Moving requirements target. Sample data provided during development came not even close to representing production data. Customers unable or unwilling to modify business processes that result in “bad” data. –As a result, a requirement was added for an override function to force the addition of an identity the system would reject. Data possessiveness, fix this first!

Open Source! CLAWS has been released under the GPL at claws.rit.edu Currently only available through subversion, but archives are planned. Very RIT centered at this time, but we are anxious to take patches and updates from other schools. Build environment is in it’s infancy, but is a definite start.

Questions? Get CLAWS at Matt Campbell Sr. Infrastructure Engineer