A Campus Perspective on Directory Services NMI Testbed Workshop April 8, 2003 Landy Manderson Lead Software/Network Specialist User Services, UAB Telecommunications University of Alabama at Birmingham
Today’s Talk History/Evolution of our campus directory How Middleware efforts helped us Directory Service overview Future plans Closing thoughts
“Stone Age” (ca ) “User Register” created to support ACF2 security system on mainframe Interfaced with employee and student records databases Same ID’s used for after joining BITNET and later Internet Campus printed directory assembled by yearly “census”
“Bronze Age” (ca ) UAB Electronic Phonebook goes online for web forwarding, printed directory Users set up their own aliases (accounts) LDAP configured as mirror, for address book use only Some apps (mostly internal) use EP for authentication
Dawn of our “Iron Age” (ca ) Original impetus for LDAP migration was to support PKI Chose to enhance mirroring of LDAP from qi rather than replacement First testing was with pre-NMI eduPerson schema – finally, some guidance! “LDAP Committee” gave us direction on useful attributes, continuums of association Active Directory enters the picture
“Iron Age” (ca now) Implemented recommendations of “LDAP committee” LDAP migrated to eduPerson schema BlazerIDs/passwords sync’d among different directories (qi, LDAP, AD, Novell), allowing consolidation Number of apps exploding Working with and contributing to NMI
Schema Guidance = Good Thing Existing UAB schema was arbitrary, terribly out-of-date Really too much flexibility in LDAP Standard schema lacking important attributes useful to Educational institutions Opportunity to bring over additional data to support new apps
Continuums of association EmployeesStudents Job applicantAdmissions applicant Job offer extendedAccepted for enrollment HiredEnrolled On leaveNot taking classes TerminatedDropped out RetiredGraduated
The Numbers 26,000+ employees (four different orgs) 56,000+ students (15,500 enrolled) 54,000+ alumni 115,000+ persons in directory 1,500 entities (schools, departments, services, offices, centers, etc.)
The Diagram qi “Official sources” Employees (HURS, HSF, VIVA, EFH) Students Organizational Hierarchy Course info (stu/instr) forwarding “User-input” Alias/BlazerID/password Personal info update ‘Unofficial’ entities Org listings (“bluepages”) VPN ResNet SMTP relay LDAP AD Admin apps Student portals NMI For people and entities alike! Wi-Fi PAM CEDS Libraries Printed Phonebook Computer labs DFS dirXML Desktop Exchange Call Center WebCT clients Official Sources
The Applications For everyone at UAB: addresses · free UAB and Web site (WWW) accounts · Lister Hill Library (LHL) Virtual Desktop · download of certain UAB site-licensed software · access to the UAB Virtual Private Network (VPN) For employees: · alerts from various online administrative applications (e.g., purchase order queue notifications) · update of departmental information in the UAB Electronic Phonebook · login access to some departmental networks and services (with more on the way) · to receive important information ed from your department, school and designated UAB support areas (some of this is already being done, with more applications being discussed) · inter- and intracampus videoconferencing access (under development) · numerous other online administrative and employee portal applications (e.g., Data Warehouse, STEPS) which are currently being deployed, tested, procured, or developed For students: · access to the ResNet residence hall network · some departmental computer labs (with more on the way) · WebCT online courses · DARS Degree Audit system (when it comes online) · class mailing lists, and to receive important information ed from your department, school, and designated UAB support areas · other student online portals which are currently in testing or under development For faculty/researchers, in addition to the employee services listed above: · WebCT online course shell management (tentatively for Fall semester) · automatically generated/managed class mailing lists · grant information/submission (under development) · online grade posting (under development) · DARS Degree Audit system (when it comes online)
What’s Next? Continue bringing new apps, resources on board CampusCards, BlazerID education New HR/Finance systems coming online NMI R2 eval just finished, R3 soon –Push for more continuum, student, entity attributes in eduPerson –Middleware roadmap, validation tools –Do some inter-institutional stuff! “LDAP Committee” still needs to fully address continuum, privacy granularity, workflow What about PKI?
Closing Thoughts Really helps to have a couple of decades of experience with identity management and resource security! Right place, right time At any given time, any given technology has a bleeding, leading and very long trailing edge –This is true for feeder systems, Internet protocols, server software, user interfaces –Middleware can help
More Closing Thoughts Great to finally have some guidelines for attribute schema and population But … more work needs to be done That said, technical considerations are just the tip of the iceberg: –Privacy –Ongoing management, education –Who owns the data? –Continuums of association –Who can vouch for X? –Beware the L-word when committees involved!
Links UAB Electronic Phonebook: ldap://ldap.uab.edu BlazerID Resources: Schema descriptions: