1 Kuali Identity Management Advanced CAMP: Identity Services Summit for Higher Ed Open / Community-Source Projects.

Slides:



Advertisements
Similar presentations
Towards Common Identity Services Tom Barton University of Chicago.
Advertisements

HRMS Electronic Documents at Indiana University
CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington.
Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.
Kuali Technology Mark Norton – Nolaria Consulting Zachary Naiman – Member Liaison, Kuali Foundation.
Introduction to Kuali Rice ITANA Screen2Screen: Kuali on Campus May 2009 Eric Westfall – Kuali Rice Project Manager.
Open source administration software for education software development simplified RAD, Rules, and Compatibility: What's Coming in Kuali Rice 2.0 Eric Westfall.
KUALI ENTERPRISE WORKFLOW OVERVIEW Eric Westfall.
Edoclite and Managing Client Engagements What is Edoclite? How is it used at IU? Development Process?
Kuali Rice at Indiana University Important Workflow Concepts Leveraged in Production Environments July 29-30, 2008 Eric Westfall.
© 2004, The Trustees of Indiana University 1 OneStart Workflow Basics Brian McGough, Manager, Systems Integration, UITS Ryan Kirkendall, Lead Developer.
Employee Central Presentation
Rapid Development of Workflow-enabled Forms using eDocLite
Open source administration software for education software development simplified KRAD Kuali Application Development Framework.
Kuali Enterprise Workflow Eric Westfall (Indiana University) Andrew Hollamon (University of Arizona)
Implementing Kuali Identity Management at your Institution Kuali Days VIII San Antonio Texas Pre-conference Workshop Monday, November 16, a.m. -
Contracts & Grants Functionality Paul Sandoval, University of Arizona Jim Becker, Indiana University.
Introduction to Kuali Rice Presented at Internet2 April 2009 Eric Westfall – Kuali Rice Project Manager Bill Yock – Vice Chair, Kuali Rice Board of Directors.
Technical Overview of Kuali Rice UC Davis, Information & Educational Technology January 2009.
James Smith, University of Arizona Barbara Sutton, Cornell University
Architecting and Building KRA using Kuali Rice Terry Durkin, KRA DM/Lead Developer (Indiana University) Bryan Hutchinson, KRA DM/Lead Developer (Cornell)
Kuali Rice Technical Overview February Components of Rice  KEWKuali Enterprise Workflow  KNSKuali Nervous System  KRADKuali Rapid Application.
Kuali Enterprise Workflow Kuali Days – May 2008 Eric Westfall - Indiana University.
Kuali Rice at Indiana University Rice Setup Options July 29-30, 2008 Eric Westfall.
Managing Projects using Oracle Project Management (PJT) & SPREADSHEETS Neeraj Garg Vice President, Client Services.
Technical Overview for “Functionals” (Kuali-eze…It’s a Foreign Language!) Ailish Byrne, Indiana University Barbara Sutton, Cornell University.
Eric Westfall – Indiana University Jeremy Hanson – Iowa State University Building Applications with the KNS.
Rice Status Update University of California July 20, 2009 Eric Westfall – Kuali Rice Project Manager.
Kuali Nervous System Aaron Godert, Cornell University Jonathan Keller, University of California, Davis.
RECALL THE MAIN COMPONENTS OF KIM Functional User Interfaces We just looked at these Reference Implementation We will talk about these later Service Interface.
Kuali Enterprise Notification Aaron Godert (Sr. Software Architect, Cornell University) John Fereira (Programmer/Analyst, Cornell University)
Kuali Rice and Enterprise Workflow May 22, 2008 David Elyea.
Kuali Enterprise Workflow Eric Westfall (Indiana University) Aaron Hamid (Cornell University)
INTEGRATION WITH OTHER IDM SOLUTIONS Remember… The primary goal of KIM was to build a service- oriented abstraction layer for Identity and Access Management.
Kuali Nervous System Aaron Godert, Cornell University Jonathan Keller, University of California, Davis.
Kuali Enterprise Workflow Presented at ITANA October 2009 Eric Westfall – Kuali Rice Project Manager.
KUALI IDENTITY MANAGEMENT Provides services for Identity and Access Management in Kuali Integrated Reference Implementations User Interfaces An “integration.
© 2008 IBM Corporation ® IBM Cognos Business Viewpoint Miguel Garcia - Solutions Architect.
Contracts & Grants Functionality Paul Sandoval, University of Arizona Lori Schultz, University of Arizona.
Building Applications with the KNS. The History of the KNS KFS spent a large amount of development time up front, using the best talent from each of the.
1 UCD Kuali Rice Road Map David Walker Curtis Bray Hampton Sublett Information & Educational Technology University of California, Davis.
Kuali Enterprise Workflow Kuali Days – November 2008 Scott Gibson, University of Maryland Bryan Hutchinson, Cornell University James Smith, University.
M ODELING B USINESS P ROCESSES IN K UALI E NTERPRISE W ORKFLOW Eric Westfall – Indiana University Claus Niesen – Iowa State University.
1 Kuali Nervous System (KNS) Part 2 Presented by: Jerry Neal – KFS Development Manager Geoff McGregor – KC Lead Developer Brian McGough – KRice Project.
Kuali Enterprise Workflow Ryan Kirkendall (Indiana University) Brian McGough (Indiana University)
1 Kuali Nervous System (KNS) Part 1 Presented by: Jerry Neal – KFS Development Manager Geoff McGregor – KC Lead Developer Brian McGough – KRice Project.
M ODELING B USINESS P ROCESSES IN K UALI E NTERPRISE W ORKFLOW Eric Westfall – Indiana University Claus Niesen – Iowa State University.
Kuali Identity Management Overview. Why did we write KIM? Common Interface for Kuali Applications Provide a Fully-Functional Product A Single API for:
Kuali Rice Evolving the Technology Framework for Kuali Applications Brian McGough (Indiana University) Aaron Godert (Cornell University) Warner Onstine.
Kuali Rice A basic overview…. Kuali Rice Mission First and foremost to provide a consistent development framework and common middleware layer for Kuali.
Kuali Rice at Indiana University From the System Owner Perspective July 29-30, 2008 Eric Westfall.
Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, am.
Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.
© 2006, The Trustees of Cornell University © 2006, The Trustees of Indiana University Kuali Nervous System Aaron Godert, Kuali Development Manager Brian.
KS configuration application workshop Kuali Days :: Chicago May 13-14, 2008.
Kuali Rice: General Overview Brian McGough Kuali Rice Project Manager Kuali Lead Architect Director, Enterprise Software, IU May 13, 2008.
Kuali Nervous System Nate Johnson, Indiana University Jonathan Keller, University of California, Davis.
KIM: Kuali Abstraction Layer for Identities, Groups, Roles, and Permissions.
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.
Eric Westfall KUALI ENTERPRISE WORKFLOW OVERVIEW.
Kuali Rice Evolving the Infrastructure for Kuali Applications Brian McGough (Indiana University) Aaron Godert (Cornell University)
What’s new with Grouper 26-April-2010, Spring Member Meeting Chris Hyzer, Grouper developer.
Building KFS using KNS Presented by James SmithJustin Beltran University of ArizonaUniversity of California, Irvine.
Kuali Enterprise Notification Tell Me What I Want And Need To Know Aaron Godert (Sr. Software Architect, Cornell University) John Fereira (Programmer/Analyst,
OpenRegistry MACE-Dir 5/18/09 1 OpenRegistry Initiative Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University May 2009.
Implementing Kuali Identity Management at Your Institution
Contracts & Grants Functionality
Kuali Rice: General Overview
Signet & Privilege Management
Presentation transcript:

1 Kuali Identity Management Advanced CAMP: Identity Services Summit for Higher Ed Open / Community-Source Projects

2 2 Presenters Eric Westfall – Indiana University Kuali Rice Project Manager IU Workflow Technical Lead Ailish Byrne – Indiana University Kuali Financial Systems Development Manager IU Financial Systems Manager Leo Fernig – University of British Columbia Kuali Student Lead Architect

3 Rice Terms KIM: Kuali Identity Management KEW: Kuali Enterprise Workflow KNS: Kuali Nervous System (Web Development Framework) KSB: Kuali Service Bus KEN: Kuali Enterprise Notification 3

4 Overview The Kuali Identity Management module will be included in version 1.0 of Rice Provides identity and access management services to Rice and other applications Includes a service layer as well as a set of maintenance screens Supported Concepts include: –Entities and Principals –Groups –Roles –Responsibilities –Authentication

5 Motivation As more projects began to use the Kuali Rice framework, we identified a need for a common API for Identity and Access Management Wanted to introduce the concept of Roles and Permissions into Kuali, previously groups were used for authz Ease the implementation overhead for implementers working with multiple Kuali projects Results in one-time institutional customization of identity services for all Kuali projects

6 Design Goals Shared identity and access management services that all Kuali projects can use Generic enough to be used by non-Kuali projects Provide a rich and customizable permission- based authorization system All services available on the service bus with both SOAP and Java serialization endpoints Provide a set of GUIs that can be used to maintain the data

7 Design Goals Provide a reference implementation of the services but allow for customization/replacement to facilitate integration with institutional services or other 3 rd party IDM solutions Allow for the core KIM services to be overridden piecemeal –For example: override the Identity Service but not the Role Service

8 Terminology Entity – a Person or System which exists within KIM Principal - represents an Entity that can authenticate into the system Group – consists of one or more principals or other groups Permissions – ability to perform actions Permission Details – additional information on a specific permission used to further qualify it (i.e. permissions that are associated with a particular Document Type in KEW)

9 Terminology Roles – permissions are granted to roles, principals and groups are assigned to roles Role Qualifications – additional attributes on a role assignment that help to qualify the role member’s relationship to the role –i.e. a principal could be assigned the “Account Manager” role with a qualification of “account # 12345” Responsibilities – granted to a role, gives role members responsibilities to perform certain actions (such as approving documents routed by KEW)

10 Services KIM consists of the following services which encompass it’s API –IdentityService –GroupService –PermissionService –RoleService –ResponsibilityService –AuthenticationService These are read-only, there are also “update” services which allow for write operations

11 Services KIM also provides various façade services that sit on top of the other core services and provide features such as caching –Identity Management Service –Role Management Service It is intended that client applications will interface primarily with these services Role Management Service provides on-the-fly assignment of permissions to roles via the API

12 Architecture diagram

13 Kuali Financial System Perspective 13

14 Entity Attribute Requirements Examples (not a comprehensive list) Electronic Invoicing Notifications Tax Identifier: Payments to Research Participants Campus: Workflow, Check Formatting Salary: Budget Construction, Labor Distribution Affiliation: e.g. Faculty, Staff, etc. – Roles 14

15 Role Requirements Collection of primary organization for Affiliates (people without employment records) Ability to differ primary organization by module in use Ability to override primary organization derived from department on job record for Faculty / Staff Recognition of Organization Hierarchy (one of many types of logic) Derived (application) roles, e.g. functional users and applications not using KIM need Fiscal Officer on the account table in the financial system 15

16 Permission Requirements Smarts! –Accomplished via templates & the KNS –Allow functional users to add permissions without code modifications Hooks for logic –Recognition of document type hierarchy –Wildcard matching, e.g. namespace Both of these lead to overriding capabilities that cut the sheer number of permissions by at least 75% 16

17 Responsibility Requirements Workflow actions need to roll up to the same source as permissions, e.g. approve, resolve exception Need same recognition of document type hierarchy and override capabilities as with permissions Functional setup / grants should be similar 17

18 Tremendous Improvements Tying qualifying, application data to assignments rather than the record the permission is associated with Sharing roles that have permissions and responsibilities across multiple applications Maintain all user information in one place –One document for all person setup –Use role or group document for bulk setup –Retain ability for applications to validate their data Significant enhancements to route log Document Type IDM Hierarchy! 18

19 Future Improvements Replace User document with same hooks as we have for removal (inactivation) now At IU, we will be looking at tying positions to role for templating during hires and transfers 19

20 Kuali Student and KIM December 2007 workshop with Kuali folk 2008 Development of core Kuali Student Services June 2009 integration of KIM and Kuali Student. KIM is also viewed by many KS partner Universities as the enterprise solution for authorization: –A set of re-usable interface defintions that existing implementation –As the implementation 20

21 KIM and the Enterprise HR Roles Permissions Roles Attributes Finance Student KIM ERP

22 Aligning Boundaries and definitions

23 Questions? 23

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.