Recent Developments in Directories Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin.

Slides:



Advertisements
Similar presentations
04 June 2002, TERENA, Limerick MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.
Advertisements

EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
1 Extending Authenticated Online Services with "Friend Accounts" at Washington State University Brian Foley Technology Architect/Application Developer.
Welcome to CAMP! Ken Klingenstein, Director, Internet2 Middleware Initiative.
Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.
Schema: eduPerson views Michael R Gettes Duke University EuroCAMP, November 2005.
Copyright Jill M. Forrester This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
Identity Management: The Legacy and Real Solutions Project Overview.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
MIT ROLES DB Internet 2 Authority Architectures CAMP, June 2004.
Unraveling Web Development PRESENTERS: Bob Nakles and Paras Kaul, George Mason University.
Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, This work is the intellectual property of the.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
Sharing Information and Controlling Content: Continuing Challenges for Higher Education Susanna Frederick Fischer Assistant Professor Columbus School of.
Educause 2006, Dallas TX What does a University need from Access Management? John Paschoud InfoSystems Engineer, LSE Library London School of Economics.
Introduction to Group Management Tom Barton, Blair Christensen University of Chicago.
Directories Update: Status & Next Steps Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin.
07 May 2002, I2 Member Meeting MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Georgia State University Case.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.
01 February 2002 Directories are Fundamental Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect University.
Enterprise Directories: Design, Implementation, and Operational Strategies Dr. Tom Barton.
Access Management with Grouper Tom Barton University of Chicago.
Welcome to CAMP: Charting Your Authentication Roadmap Mike Grady Senior Technology Architect and Strategist Campus Information Technologies and Educational.
Recent Developments in Directories Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin.
Directories Keith Hazelton, University of Wisconsin Brendan Bellina, University of Notre Dame Tom Barton, University of Chicago.
Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.
Schema: eduPerson views Michael R Gettes Duke University EuroCAMP, March 2005.
19 May 2003, TERENA, Zagreb Civilizing eduPerson Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group Keith Hazelton,
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 NMI R3 Enterprise Directory Components.
Digital Diversity: Multi- institutional Access to Distributed Course Resources Barry Ribbeck UT HSC - Houston.
Grouper Tom Barton University of Chicago. I2MM Spring Outline  Grouper’s place in the world  Some Grouper guts  Deployment scenarios.
Portals and Web Standards Lessons Learned and Applied David Cook Copyright The University of Texas at Austin This work is the.
1 Effective Incident Response Presented by Greg Hedrick, Manager of Security Services Copyright Purdue University This work is the intellectual property.
05 October 2001 Directories: The Next Stage Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect University.
Topics in Directories: Groups Dr. Tom Barton The University of Memphis.
Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.
Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago.
Moving Forward in Stages Tom Barton, University of Chicago.
NSF Middleware Initiative and Enterprise Middleware: What Can It Do for My Campus? Renee Woodten Frost Internet2/University of Michigan.
2-Oct-0101 October 2001 Directories as Middleware Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect.
WebISO, Single Sign-On & Authorization General Overview Shelley Henderson Project Manager, Grid Software USC Information Services Copyright.
Bringing it All Together: Charting Your Roadmap CAMP: Charting Your Authentication Roadmap February 8, 2007 Paul Caskey Copyright Paul Caskey This.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
Resources to CAMP: Charting Your Authentication Roadmap.
NSF Middleware Initiative and Enterprise Middleware: What Can It Do for My Campus? Mark Luker, EDUCAUSE Copyright Mark Luker, This work is the intellectual.
University of Southern California Identity and Access Management (IAM)
Federated Identity Management at Virginia Tech
John O’Keefe Director of Academic Technology & Network Services
Identity and Access Management:
Copyright Notice Copyright Bob Bailey This work is the intellectual property of the author. Permission is granted for this material to be shared.
University of Southern California Identity and Access Management (IAM)
Privilege Management: the Big Picture
Project for OnLine Instructional Support (POLIS)
Open Source Web Initial Sign-On Packages
myIS.neu.edu – presentation screen shots accompany:
Technical Topics in Privilege Management
1/18/2019 Transforming the Way the DoD Manages Data Implementing the Net Centric Data Strategy using Communities of Interest Introduction
Identity Management: Shibboleth Activity Update
2/15/2019 Transforming the Way the DoD Manages Data Implementing the Net Centric Data Strategy using Communities of Interest Introduction
Shibboleth Deployment Overview
Managing Enterprise Directories: Operational Issues
The Attribute and the ecosystem
Presentation transcript:

Recent Developments in Directories Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin

5 June 2003CAMP 2 Copyright Keith Hazelton and Tom Barton This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the authors.

5 June 2003CAMP 3 Outline 1.Tag team - current threads in mace-dir 2.Tom - SAGE 3.Keith - DEEP Pipe up with questions or comments at any time!!

5 June 2003CAMP 4 Mace-dir currents Internet2/MACE working group on directories Keith Hazelton, WG Chair eduPerson –eduPersonScopedAffiliation attribute –eduPersonAffiliation value vocabulary growth –eduPersonEntitlement value syntax isMemberOf eduCourse Privacy metadata

5 June 2003CAMP 5 Mace-dir currents (cont’d) Approaches to federated identity management –eduPersonXref proposal –Taxonomy of approaches to federated identity management Plumb core middleware to Grid & other types of “Virtual Organizations” Utilities –Look (Directory Service Agent performance monitoring tool) –LDAP Analyzer (LDAP Recipe compliance tool) –SAGE (groups/roles manager)

5 June 2003CAMP 6 Trends in Internet2 schema and directory work eduPersonScopedAffiliation –Driven by Shibboleth needs –Syntax like eduPersonPrincipalName (!?!) –Raises problems about who is authorized to assert what An “inter-realm metadirectory function” A field full of ratholes and land mines…

5 June 2003CAMP 7 Trends in Internet2 schema and directory work Cautious and stringently limited expansion of controlled vocabulary for eduPersonAffiliation –prospect –parent …and maybe no more than that There’s value in local attribute with more values And value in agreeing across institutions on syntax & semantics; but maybe not a single shared attribute

5 June 2003CAMP 8 Trends in Internet2 schema and directory work eduPersonEntitlement –Values are URIs (URL or URN) –urn:mace: prefixed values proliferating after acceptance by IETF and upcoming registration with IANA –Gives us a way to make values unique in the entitlement namespace without elaborate registry mechanism urn:mace:wisc.edu:bucky-bundle urn:mace:oclc:org:autho:NNNN urn:mace:duke.edu:library:oclc:contract-NNN –If you want to get a namespace registered, contact eduPersonEntitlement attribute

5 June 2003CAMP 9 Trends in Internet2 schema and directory work It’s a tough nut, federated identity management is Taxonomy of federated identity management approaches –From point of view of a service looking for federated identity management information, there is a spectrum from Looks like a “Big Directory in the Sky” (BDIS) To hint-based foraging through digital space (“Good hunting, mate!”) “Field of Forage” (FOF)

5 June 2003CAMP 10 Trends in Internet2 schema and directory work Spectrum: –From More BDIS-like Persistent, near real-time sync of identity stores based on shared identifiers (state u systems) Persistent, occasional sync based on shared identifiers Persistent link based on shared identifier (AAMC for med staff across sites) Persistent link based on directory referrals or eduPersonXref –One-stop shopping for client via intermediary gateway –“So, client, here’s a set of places to look for info on X” Persistent link based on user mediated decision (Liberty Alliance) Transient link based on user mediated decision??? No links, “Good hunting, mate!” –…to more FOF-like

5 June 2003CAMP 11 SAGE: problem statement Operational issues attend deployments of groups: –Coordinating multiple sources of information –Supporting multiple styles of access to group information –Provisioning groups in multiple locations –Aging –Use of subgroups vs. indirect membership –Referring to set theoretic combinations of groups –Maintaining referential integrity –Meeting security, privacy, & visibility requirements

5 June 2003CAMP 12 SAGE: capabilities Life cycle management of groups –Creation –Update –Aging –Deletion Provisioning of groups into consumer systems Referential integrity mechanism Handles direct & indirect membership & multiple membership attributes Maintenance of ordering of groups (e.g., role hierarchies) Support for “complex” groups (group math) Code library, web services, & batch interfaces Art of SAGE: management of group metadata

5 June 2003CAMP 13 SAGE: Interfaces & integration

5 June 2003CAMP 14 (potential) SAGE scenarios “Typical” groups deployment –Provisioning of group information (including referential integrity, forward referencing, aging, security within SAGE, passthru security for consumers, …) –Interfaces for Homegrown apps (code library) Nouveau apps (web services interface) legacy apps (limited batch import/export) Build “complex” groups from existing ones Manager of role structure for an RBAC system –Partially ordered structure on a set of groups –Multiple “membership” attributes (for users/groups, privileges, obligations, constraints)

5 June 2003CAMP 15 SAGE development process Subgroup of mace-dir with biweekly conference calls Scenarios doc released with NMI R3. Architecture & design process to commence soon (next call is Wed June 18, announced on Coders hired who will … … hope to deliver beta code supporting some functional requirements within ___ months. 10

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.