Princeton University The Cast Dan Oberst, Director of OIT Enterprise Services…………Big Hat: No Cattle Donna Tatro, Manager of Collaboration Services………….Makes.

Slides:

Advertisements

Similar presentations

Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.

Advertisements

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

Dartmouth PKI Certificate Deployment June 2004 Fed Ed Meeting.

The University of Illinois at Urbana-Champaign. The Team Ed Krol – Asst Dir. Computing & Communications Bill Mischo – Engineering Librarian Mike Grady.

FSU Directory Project The Issue of Identity Management Jeff Bauer Florida State University

CREN-Mellon conference, December 1, 2001 University of Texas PKI Status.

Authorizing Access to Services at Penn State University

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.

Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

The PKI Lab at Dartmouth. Dartmouth PKI Lab R&D to make PKI a practical component of a campus network Multi-campus collaboration sponsored by the Mellon.

Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.

UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.

UPortal.Cornell Using uPortal to integrate disparate campus systems Jon Atherton, Cornell Information Technologies

June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park

Middleware & Enterprise Services at College Park David Henry Office of Information Technology November 16, 2001.

IACC-ITS.PPT June 1, 2001 Application & Information Mgmt AIM David Ross IACC-ITS Joint Meeting June 1, 2001.

CONTENT: A model for collaborative database building Trevor Bond Alan Cornish Washington State University Libraries.

May 10, 2001An Overview of the Princeton University Web - Portals 1 Enterprise Portals  What’s a portal? –Web page customized for a particular user. E.g.

SIMI: ISO Perspective Al ISO CSU Northridge

LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.

Inside the PKI Framework: * Activating the Puzzle Pieces PKI Summit Snowmass August

Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Unified Student-Centric Authentication and Authorization Nathan Wilder Special Assistant - Technology Office of the CIO.

1 PKI Update September 2002 CSG Meeting Jim Jokl

Who’s Who and What’s What in the University Directory at Georgetown Common Solutions Group Spring Meeting University of Chicago May 9, 2002 Charles F.

Kuali Rice at Indiana University Rice Setup Options July 29-30, 2008 Eric Westfall.

1 Simon: What, How and Why Jon Finke Communication and Middleware Technology.

Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

CREN Certificate Authority Project: Update from Georgia Tech Ron Hutchins 28 March 2000.

Johnson & Johnson’s Public Key Infrastructure Bob Stahl

A detailed look at the Microsoft Windows Infrastructure at UWE including Active Directory (AD), MIIS, Exchange, SMS, IIS, SQL Server, Terminal Services.

Welcome Administrative Computing Services CMS Project Office.

ArcGIS Server and Portal for ArcGIS An Introduction to Security

USERS Implementers Target Communities NMI Integration Testbed The NMI Integration Testbed NMI Participation Developed and managed by SURA Evaluate NMI.

Building Secure, Flexible and Scalable Environments using LDAP - SANS Orlando Sacha Faust PricewaterhouseCoopers

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.

Identity Management in the Environment of Mendel University in Brno Milan Šorm.

1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.

Dartmouth PKI Update Robert Brentrup Internet2 Member Meeting April 21, 2004.

PKI Activities at Virginia September 2000 Jim Jokl

Authentication and the Student Lifecycle (a view from one school) Robert Morley Assoc. Registrar, U. of Southern California State of e-Authentication in.

John Douglass, Developer Ron Hutchins, Dir. Engineering Herbert Baines, Dir. InfoSec.

Single Sign-On in the Danish Educational Sector Per Thorboll Deputy director UNI-C.

How to Deploy and Get the Most Out of Tokens Paul Caskey PKI Deployment Forum 2008.

University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.

Some thoughts on Authentication in general….and Shibboleth in particular James Mouw Asst. Director for Technical and Electronic Services The University.

FROM MIT KERBEROS TO MICROSOFT ACTIVE DIRECTORY The Pennsylvania State University’s move from a lower case MIT Kerberos realm to a Standard Microsoft Active.

Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.

May 12, 1999Common Solutions Group, DS Workshop1 Directory Design & Operations at Princeton University Michael R. Gettes Collaboration Services Group (CSG)

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Exploring Access to External Content Providers with Digital Certificates University of Chicago Team Charles Blair James Mouw.

MGRID Architecture Andy Adamson Center for Information Technology Integration University of Michigan, USA.

Certificate-based Authentication to JSTOR Spencer W. Thomas Dec 1, 2001.

Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.

Network Services. Domain Controllers: – Used for Account management (e.g. user accounts, group accounts Register Hardware like Printers and PC Authentication.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

1 Name of Meeting Location Date - Change in Slide Master Authentication & Authorization Technologies for LSST Data Access Jim Basney

DCE Deployment at PSU Steven Kellogg Director, Advanced Information Technologies Center for Academic Computing

Virtual Directory Services and Directory Synchronization May 13 th, 2008 Bill Claycomb Computer Systems Analyst Infrastructure Computing Systems Department.

1 Directory Services  What is a Directory Service?  Directory Services model  Directory Services naming model  X.500 and LDAP  Implementations of.

New features and customization options

Dartmouth College Status Report

Communications & Computer Networks Resource Notes - Introduction

Designing IIS Security (IIS – Internet Information Service)

Presentation transcript:

Princeton University The Cast Dan Oberst, Director of OIT Enterprise Services…………Big Hat: No Cattle Donna Tatro, Manager of Collaboration Services………….Makes It Happen Bill Sproule, Lead Technical, Analyst, CSG……………………………Mr. PKI Lee Varian, OIT Systems Architect……Knows Where the Bodies are Buried Ted Bross, Manager, OIT Data Integration………………Digs up the Bodies Meghan Weeks, Library Systems Analyst ……….Unindicted Co-Conspirator CREN/Mellon PKI Meeting 12/01/2001

December 1, 2001Princeton University CREN/Mellon PKI Workshop Identity, Authentication, Authorization Campus Community: anyone w/univ. relationship LDAP: Faculty, Staff, Students (subset of CC)  NIS and NT derive from LDAP netid field Separate databases:  Alumni (Advance & LDAP), Library (superset of LDAP) Authentication:  NIS (deprecated), LDAP & Kerberos (direct & via PAM) NT4/AD, PeopleSoft, Oracle Attributes:  LDAP: Status (Fac/Staf/Stud/etc.); OU (Dept), HomeDept (Num.)  (Planned) Certs: DN (name & ) only Access Control: .Princeton.EDU domain, (library) Proxy, VPN, special ID/PW

December 1, 2001Princeton University CREN/Mellon PKI Workshop Current applications linked into database/directory/repository: Remote access  NIS (inc. AUTH SMTP)  LDAP telnet/ftp/ssh  NIS  Kerberos/LDAP via PAM NT file & print VPN  NT4  AD/Kerberos V Directory self-service update  LDAP Library proxy, web apps  cached NIS crypt files Myriad local apps:  e.g. time collection, Student Grades, resume tracking, etc. - LDAP NOT linked: Peoplesoft, Oracle, local Blackboard users

December 1, 2001Princeton University CREN/Mellon PKI Workshop Planned initial uses for certificates? JSTOR Boise Cascade (web ordering) Inter-office signatures/encryption WebISO authentication Administrative Application SingleSignon

December 1, 2001Princeton University CREN/Mellon PKI Workshop Current state of PKI deployment? Servers running in test deployment Vendor: iPlanet CMS 4.2  Registration Authority  Certificate Authority  Key Escrow Authority Hardware: Sun Solaris Considering “junk cert” OpenLDAP server  Students/Mobile/Short-lived  Anonymous Certs

December 1, 2001Princeton University CREN/Mellon PKI Workshop Content providers Broad range (Lexis/Nexus, Journals, Encyclopedias, etc.) Currently restricted to.Princeton.EDU  or via web proxy or VPN or special ID Difficulties using proxy and VPN:  E.g. no VPN client, setup, line speed, etc.

December 1, 2001Princeton University CREN/Mellon PKI Workshop Readiness to issue certificates to select group of 200 faculty/staff? (Hardware) Systems are in place  Legal framework (CPS, etc.) nearly so Need to identify candidate users Biggest effort : setting up certs  Works best for laptop users Cert mobility problem Support issues  e.g. lost cert, forgotten PW, different computer, etc.