June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park

Slides:



Advertisements
Similar presentations
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Advertisements

Information Technology and Computing Services One Stop East Carolina University Kari Mills New Technologies Development Group Empowering East Carolina.
Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.
Provisioning of Services Authentication Requirements David Henry Office of Information Technology University of Maryland
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Information Technology Registry Services Security LDAP-based Attributes and Authentication.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Understanding Active Directory
Middleware & Enterprise Services at College Park David Henry Office of Information Technology November 16, 2001.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
KEAS K-State Enterprise Authentication System CITAC April 26, 2002.
Directory Services Project University of Colorado at Boulder.
MCommunity Directory www-sig June 11, What We’ll Cover Today A quick preview of the new directory. Changes in modifying your entry, privacy options,
System Architecture University of Maryland David Henry Office of Information Technology December 6, 2002.
SIMI: ISO Perspective Al ISO CSU Northridge
The Pieces and the Puzzle of IT Policy University Computer Policy and Law Program April 7, 2004.
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
Maricopa Community Colleges Maricopa County is one of the fastest growing population areas in United States.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,
David Henry, CSG - May, 2000 University of Maryland LDAP Directory David Henry Office of Information Technology University of Maryland College Park
Beyond the Campus Gates: Bringing Alumni, Parents, and Prospects into the Campus Portal William P. Wilson Mark R. Albert John C. Duffy Gettysburg College.
NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.
Module 2 Creating Active Directory ® Domain Services User and Computer Objects.
Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.
Unified Student-Centric Authentication and Authorization Nathan Wilder Special Assistant - Technology Office of the CIO.
PKI in Higher Education: Dartmouth PKI Lab Update Internet2 Virtual Meeting 5 October 2001.
The UF Directory Project Project Leader: Warren Curry, Information Systems Project Project Web Site:
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
Information Technologies Jeremy Mortis 1 hi LDAP The Online Directory.
Case Study: DirXML Implementation at Waste Management Rick Wagner Systems Engineer Novell, Inc.
New Web Portal for Digital (PKI) Submissions 1. What is PKI? PKI stands for Public Key Infrastructure For the purpose of the Federal Register, it allows.
USERS Implementers Target Communities NMI Integration Testbed The NMI Integration Testbed NMI Participation Developed and managed by SURA Evaluate NMI.
Personalized Portal A Key Element in a Web Vision Personalized Portal: a Critical Element of a Web Strategy What is a Personalized Institutional Portal?
E-Michigan Web Development 1. 2 What Is It? A web based collaboration tool that is internal to state government and accessible only from within the state.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
ATTC Network Web Administration Training Laurie Krom Part of the “Get to kNOw” Summer 2008 Training Series.
ATTC Network Web Administration Training Laurie Krom Part of the “Get to kNOw” Summer 2008 Training Series.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
ISC-ASTT PennGroups Central Authorization System (Grouper) June 2009.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Non-Student Digital Life Cycle 3/23/2010. Topics Data Life Cycle Affiliations Hershey Medical Center 3/23/20102Non-Student Digital Lifecycle.
Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.
Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale This.
Exploring Access to External Content Providers with Digital Certificates University of Chicago Team Charles Blair James Mouw.
Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:
Introduction to Terra Dotta Applications Integration with Campus Data Systems for institutions beginning their software implementation.
Ad-hoc Lists / Opt-In Problem Definition Access rules for many applications and services cannot be derived from an authoritative source and must therefore.
Microsoft Virtual Academy Chris Oakman | Managing Partner Infrastructure Team | Eastridge Technology Curtis Sawin | Technical Solutions Professional |
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
ESA Single Sign On (SSO) and Federated Identity Management
Dartmouth College Status Report
Central Authorization System (Grouper) June 2009
INFORMATION TECHNOLOGY NEW USER ORIENTATION
Identity Management at the University of Florida
INFORMATION TECHNOLOGY NEW USER ORIENTATION
PLANNING A SECURE BASELINE INSTALLATION
UF Directory Coordinator Training
Provisioning of Services Authentication Requirements
Presentation transcript:

June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park

June 1, 2001 History Umail directory – 1990 faculty/staff only Gopher/CSO directory – 1993 f/s only –Added web page access – short time later –University wide effort to build combined directory X.500 considered, but wasn’t ready Decided on gopher with single search page (umbc) First LDAP – 1995 f/s only Current LDAP – 1999 f/s/students/affiliates

June 1, 2001 Content People –Prospective students –Students –Faculty (current and Emeritus) –Staff –Affiliates ( Visiting faculty, Golden ID, etc.) –Alumni Other things too

June 1, 2001 Where we are now Running IBM Secureway LDAP server Contains faculty, staff, students, affiliates –Does not contain alumni –Access to student data is limited (for now) LDAP is not the primary source of most data Data feeds required –HR, SIS, ARS, affiliates, etc. –Data warehouse simplifies Weekly updates

June 1, 2001 Current work On-the-fly updates of certain data elements –Privacy flags (Buckley) – address Ultimately want to update each data element as appropriate –Instant (e.g., , privacy flags) –Daily (e.g. registration/course info) –Weekly (e.g. address, phone, etc.)

June 1, 2001 Who is involved? LDAP Steering committee –OIT staff only –Involving Administrative and Academic IT support units Team effort Data Warehouse/DBA’s Programming staff –Construct data feeds –Process/consolidate data –Web based tools

June 1, 2001 Why do all this? Single sign-on Common and consistent (standards-based) mechanism for authentication and authorization 24X7 services Can use freely available access tools Don’t need special client tools (e.g. Oracle) Many COTS packages contain hooks for LDAP already

June 1, 2001 Some specifics Distinguished name uses employee number –Everyone in the people databases gets one –It is unique –It never changes once assigned –8 digits plus a check digit Selected attributes –Name, uid, address, phone number, ssn* –Students*: college, major, courses*, class standing* –F/S: title, department, home address*, home phone* * Restricted access

June 1, 2001 A Critical Resource As the directory becomes a critical part of the enterprise infrastructure, it becomes critical to have stable, always available services. –Systems should have redundant components –Should run replicated servers Located on different parts of the network With battery backup –3 replicas Any two should be able to handle load

June 1, 2001 Directory Enabling Applications Permissions required for each application Buckley entries won’t appear otherwise Certain attributes are protected –Ssn, registration info –Optionally home address, phone, etc. Each app should have its own authn id/pwd Authorization to each attribute controlled by the data steward for that attribute

June 1, 2001 Some Directory Enabled Apps –Directory search ( addresses) – – –Central forwarding agent CorporateTime scheduling software –Authorization/authentication –Bunch of attributes – Web sites –Authorization/authentication –

June 1, 2001 Some Potential Directory Enabled Apps Unique ID Portal authorization/authentication Dial-up/DHCP access Card key access Roles based authorization Single sign-on Dynamic lists (e.g., class, department membership) More…

June 1, 2001 Examples Directory Search –Netscape Addressbook –Staff listing – Authn/Authz –Corporatetime –Webpage access –Affiliates DB updates

June 1, 2001 Issues Establishing primary source for each data element Password changes need to be centralized Establishing policies –Who is in –Who isn’t –What types of information to include

June 1, 2001 Security Services PKI requires a directory for publication of the public key –See Encryption Signed documents Secured access to web server –Note secure server does not mean the data is secure on the server, just getting between client and server

June 1, 2001 Conclusion A directory provides the basis for a common set of services needed to support the network/web based applications becoming so commonplace at each of our institutions Significant planning is needed to do it right Resources are available to help Use the available resources

June 1, 2001 That’s IT David Henry OIT University of Maryland

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.