Directory Workshop Parallel Sessions Rob Banz, Univ. of Maryland, Baltimore County Tom Barton, University of Memphis Keith Hazelton, University of Wisconsin,

Slides:



Advertisements
Similar presentations
04 June 2002, TERENA, Limerick MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.
Advertisements

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
Internet2 Middleware BASE CAMP slides Michael R. Gettes Principal Technologist Georgetown University
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.
Copyright Ann West This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Prepared by Dept. of Information Technology & Telecommunication, October 24, 2005 Enterprise Directory Services and Identity Management.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Understanding Active Directory
Presented by: Mark Hendricks
June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park
Middleware & Enterprise Services at College Park David Henry Office of Information Technology November 16, 2001.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Directory Services Project University of Colorado at Boulder.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Identity Management: The Legacy and Real Solutions Project Overview.
Identity and Access Management
GatorAid: Identity Management at the University of Florida Mike Conlon Director of Data Infrastructure
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,
Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.
A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.
Turkey IDA Info-Day PM Session, September 25, 2003 CIRCA 1 CIRCA : The IDA Collaborative Software Tool Grzegorz Ambroziewicz European Commission - DG Enterprise.
Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.
University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy
Management Primer on Middleware Louise Miller-Finn, Johns Hopkins University Renee Woodten Frost, Internet2 & University of Michigan.
Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.
Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.
EDUCAUSE Midwest Regional March 24, 2003 Copyright Ann West This work is the intellectual property of the author. Permission is granted for this.
Enterprise Directories: Design, Implementation, and Operational Strategies Dr. Tom Barton.
NMI-EDIT CAMP Synopsis, ISCSI Storage Solution, Linux Blade Cluster, And Current State Of NetID By Jonathan Higgins Presentation Template available from.
Middleware: Addressing the Top IT Issues on Campus Renee Woodten Frost Internet2 and University of Michigan CUMREC May 13, 2003.
Signet and Grouper A Use Case Study for Central Authorization at Cornell University March 2006.
GatorLink Password Management Policy March 31, 2004.
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 NMI R3 Enterprise Directory Components.
FSU Metadirectory Project The Issue of Identity Management Executive Overview.
Middleware CAMP Day 2. Current Research Research that develops th e…
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Grouper Tom Barton University of Chicago. I2MM Spring Outline  Grouper’s place in the world  Some Grouper guts  Deployment scenarios.
Topics in Directories: Groups Dr. Tom Barton The University of Memphis.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Portal Services & Credentials at UT Austin CAMP Identity and Access Management Integration Workshop June 27, 2005.
Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago.
Authorization: Just when you thought middleware was no fun anymore Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Member, Internet2 Middleware.
2-Oct-0101 October 2001 Directories as Middleware Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect.
The Pennsylvania State University © 2007 Web-Based Access Control for ITS Web Services, Present and Future Jeffrey C. D’Angelo, Programmer/Analyst, Enabling.
Unified Address Book Security Implications. Unified Address Book Overview –What are we talking about –What is the Risk –What are we doing to minimize.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
NSF Middleware Initiative and Enterprise Middleware: What Can It Do for My Campus? Mark Luker, EDUCAUSE Copyright Mark Luker, This work is the intellectual.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
University of Southern California Identity and Access Management (IAM)
Identity and Access Management
Secure Connected Infrastructure
Data and database administration
ESA Single Sign On (SSO) and Federated Identity Management
Dartmouth College Status Report
University of Southern California Identity and Access Management (IAM)
Identity Management at the University of Florida
Managing Enterprise Directories: Operational Issues
Presentation transcript:

Directory Workshop Parallel Sessions Rob Banz, Univ. of Maryland, Baltimore County Tom Barton, University of Memphis Keith Hazelton, University of Wisconsin, Madison Richard Jones, University of Colorado, Boulder 02 February 2002

02 Feb 2002I2 CAMP 2 Overview Interactive tour of directory design & implementation issues: Data flow from source systems through enterprise directory to applications Infrastructure services provided to applications & service platforms Directory enabled applications Groups Metadirectories & affiliated directories

02 Feb 2002I2 CAMP 3 Generic Institutional Middleware Architecture Core Business Systems Async sources Object registry Business logic Applications & service platforms authN service attribute & group service Business logic Enterprise directory Metadirectory

02 Feb 2002I2 CAMP 4 Source(s) of Identity What is the system of record for identity data? (trick question) (A)Several. Some of HRS, SIS, Academic Personnel, Med School, Law School, Telecommunications Management System, Alumni System, Library, … are sources, and others must be reconciled. (B)All core business systems obtain identity data from the object registry. Answer B may prove to be fundamental to having substantial online services & programs…

02 Feb 2002I2 CAMP 5 Managed Objects Objects that describe: People Groups Aliases, Roles, Affiliations Network devices Security policies Network services Org structure Application specific objects The object classes and source data to populate them are determined by the applications to be directory enabled, with institutional policy folded in.

02 Feb 2002I2 CAMP 6 Continuous deployment cycle Application requirements Data sources Object definitions Business logic Metadirectory processes Staging of new objects in directory

02 Feb 2002I2 CAMP 7 Authentication Service Models Several authentication services may need to be provided “on the front end”: RADIUS, LDAP, Kerberos, WebISO, basic auth,…. Best practice to work towards is to base them all on a strong system such as Kerberos or PKI, implementing backend callouts from other authN services where possible. (and of course ensure basic auth is only done over encrypted channels in the meanwhile!)

02 Feb 2002I2 CAMP 8 Attribute & group services facilitate… Customization – application UI tailored to user’s affiliation with the organization. Personalization – application UI tailored to user’s preferences. General authorization (but especially affiliation based authZ). Group messaging. Naming services (for unix at least).

02 Feb 2002I2 CAMP 9 Application Examples 1 White & blue pages: find contact info for persons and departments SMTP routing Mailbox access & personalization Group messaging Calendar authN, customization (calendar roles), personalization.

02 Feb 2002I2 CAMP 10 Application Examples 2 Web basic authN, authZ: “require user”, “require group”, and “require filter”. Course management system: authN, customization, personalization. Portal: ditto Generic application server (egs, EJB, J2EE): ditto + authZ. Specialized application server (egs, Brio, Cognos, RightNow, ARS, …): authN, authZ.

02 Feb 2002I2 CAMP 11 Application Examples 3 Account self-maintenance (password, PIN, , personal URL, pager, …) E-provisioning – automated account management. Basic life cycle for accounts and access privileges. Unix naming services

02 Feb 2002I2 CAMP 12 Application examples 4 NAS authN, authZ, customization. Proxy access Network auto-registration Computer lab (& desktop) authN, authZ, customization, personalization. Integration of LAN specific directory…

02 Feb 2002I2 CAMP 13 Active Directory As application specific directory (for LAN management), needs accounts to be synchronized from institutional directory service. A metadirectory problem? Want groups too (for LAN management)?? AD as enterprise directory?

02 Feb 2002I2 CAMP 14 Types of groups: how sourced Institutional Automated Manual Delegated Personal Joinable

02 Feb 2002I2 CAMP 15 Types of groups: content Enterprise (e.g. all faculty, staff & students; all non- exempt employees) Departmental (e.g. History Dept staff; all dept heads and above in College of Education) Academic (e.g. students in PHYS101 section 001 Spring 2002; all seniors in MIS) Application specific (e.g. persons permitted to run special Brio queries; answerers for questions about the Law program) Activity specific (e.g. Chess Club; Helpdesk Team)

02 Feb 2002I2 CAMP 16 Types of groups: representations Static: uniqueMember= Dynamic (&(acadcourse=PHYS101001)(|(state=active)(sta te=grace))) Forward reference isMemberOf: Spatial: children of ou=EE,ou=CollegeOfEngineering,ou=Org,…

02 Feb 2002I2 CAMP 17 Groups: techniques & issues Naming & location Group math Referential integrity Privacy Aging Delegated management Forward referencing

02 Feb 2002I2 CAMP 18 Groups: choosing a representation how the group information is to be maintained how it is to be most commonly accessed (e.g., is X a member of, list all members,…) interactions between the type of representation, the nature of the group (such as size and privacy requirements), and capabilities of the particular directory service agent (DSA) being used.

02 Feb 2002I2 CAMP 19 Metadirectories: why? Replication solves some problems but not all You will need directories with special ACLs special objects or attributes handling multicampus issues etc You WILL end up running multiple (different) directories. How?...

02 Feb 2002I2 CAMP 20 Metadirectory: what it is & isn’t An overworked term Not just a meta-database (not necessarily a directory!) Data transformation among data sources and directories including identity management, organizational policy, and e- provisioning.

02 Feb 2002I2 CAMP 21 Metadirectory tools MetaMerge--a metatool (use free to higher ed) to solve metadirectory problems. Examples: Move data from a person registry to the enterprise directory Transform data from enterprise directory to special application directory DoDHE

02 Feb 2002I2 CAMP 22 Affiliated directories Trying to characterize the problem is itself a problem! E.g.s: currency of information in a personal address book Maintaining integrity of PI contact information at granting agencies Verification/currency of data outside of the bounds of a unified enterprise directory. The things that flow out to target repositories are data + metadata bundles

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.