8th Sakai Conference4-7 December 2007 Newport Beach Integration: Users and Groups Mark J. Norton Nolaria Consulting.

Slides:

Advertisements

Similar presentations

Different Approaches to Single-Sign-On Jeff Kahn, Verbena Consulting.

Advertisements

CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington.

Linking External Tools with Sakai David Ross Educational Technology, Albany Medical College.

An Open Source Google Apps Integration (Bboogle) Patricia Goldweic, Sr. Software Engineer, Northwestern University.

Creative Commons Attribution- NonCommercial-ShareAlike 2.5 License Sakai Programmers’ Café Sakai NWU Workshop, South Africa Recap of Sakai Services Antranig.

Lesson 17: Configuring Security Policies

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Integrating Oracle Collaboration Suite into the Identity Management Infrastructure Dan Malone Cal Poly, San Luis Obispo Integrating.

UPortal: A framework for the Personalization of Library Services John Fereira: Programmer/Analyst Cornell University Mann Library.

Graduate Catalog Automation & Publication Project Graduate Catalog Automation & Publication Project.

Important when you launch Yammer Enterprise Create an engaged and trusted community Decide about User Profile Syncs Various User and Admin.

Definitions Collaboration – working together on team projects and sharing information, often through ad-hoc processes, to accomplish project goals. Document.

Understanding Active Directory

Authentication and Authorization in Sakai Charles Severance Sakai Chief Architect

Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.

Towards Bboogle 3.0.0: a Technical Walkthrough Patricia Goldweic Sr. Software Engineer AR&T, Northwestern University Brian Nielsen Manager, Faculty Support.

SAKAI February What is SAKAI? Sakai ≠ Course Management System Sakai = Collaboration & Learning Environment.

Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.

Denise Luther Senior IT Consultant Practical Technology Enablement with Enterprise Integrator.

Lorie Stolarchuk Learning Technology Trainer 1 What has changed with the 2.7.X Upgrade to CLEW?

Using the SAS® Information Delivery Portal

USM Regional PeopleSoft Conference

RECALL THE MAIN COMPONENTS OF KIM Functional User Interfaces We just looked at these Reference Implementation We will talk about these later Service Interface.

Sousa: Content Authoring and Delivery in Sakai Mark J. Norton Nolaria Consulting July 2008.

1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.

Developing Applications for SSO Justen Stepka Authentisoft, LLC

University of Michigan Enterprise Directory Services Appendix A Conceptual Architecture.

RMsis – v Simplify Requirement Management for JIRA.

KUALI IDENTITY MANAGEMENT Provides services for Identity and Access Management in Kuali Integrated Reference Implementations User Interfaces An “integration.

SIMDAT Authentification and Autorisation Matteo Dell’Acqua ET-CTS meeting, Toulouse, May 2008.

The rSmart Group JA-SIG 2007 All Materials © 2007 The rSmart Group Sakai - SIS Integration Using Data Extracts John Bush The rSmart Group JA-SIG June 2007.

The DSpace Course Module – User management and authentication options.

Sakai Course Management Service Ray Davis (most slides by Josh Holtzman & Duffy Gillman) University of California, Berkeley.

Using Grouper and Signet for Access Management Kathryn Huxtable GPN Annual Meeting 30 May 2008

PS Security By Deviprasad. Agenda Components of PS Security Security Model User Profiles Roles Permission List. Dynamic Roles Static Roles Building Roles/Rules.

What’s new in Kentico CMS 5.0 Michal Neuwirth Product Manager Kentico Software.

Kuali Identity Management Overview. Why did we write KIM? Common Interface for Kuali Applications Provide a Fully-Functional Product A Single API for:

8th Sakai Conference4-7 December 2007 Newport Beach POCS – Content Sequencing for Sakai Mark J. Norton Nolaria Consulting.

Enterprise Integration in Sakai 2.4 An overview of what’s new and (hopefully) improved.

What is Web Site Administration Tool ? WAT Allow you to Configure Web Site With Simple Interface –Manage Users –Manage Roles –Manage Access Rules.

Sakai Authentication and Directory Architecture for 1.0 and Beyond A response to an by Albert Wu and Thomas Bush 8/28/2004 Charles Severance.

MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.

1 Using Sakai in Stellar at MIT Mark J. Norton, Nolaria Consulting Craig Counterman, MIT Mark Brown, MIT.

Bridging Sakai and the SIS. Sakai’s Integration Strategy The Group Provider –Benefits Simple ›In which groups is user X a member? ›Who are the members.

Dr. David Roldán Martínez Universidad Politécnica de Valencia, Spain & Nuno Fernandes Universidade Fernando Pessoa, Portugal Site Stats, the power of event.

The Diagnostic Pathfinder System Introduction Getting Started.

 Empowers to your customer  Product Rating and its Management in Ecommerce Framework  Product Reviews and Management: Collecting customer opinion about.

The Sakai Architecture

8th Sakai Conference4-7 December 2007 Newport Beach Sakai Gradebook Tool Michelle Wagner Indiana University.

8 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. BI Publisher Server: Administration and Security.

RMsis – v now with JIRA 5.0 support Simplify Requirement Management for JIRA.

Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()

Query Studio Training MSCD May Introductions Angela Hooper –

Apache Solr Dima Ionut Daniel. Contents What is Apache Solr? Architecture Features Core Solr Concepts Configuration Conclusions Bibliography.

Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.

Introduction to Terra Dotta Applications Integration with Campus Data Systems for institutions beginning their software implementation.

V7 Foundation Series Vignette Education Services.

VOCAB REVIEW. A field that can be computed from other fields Calculated field Click for the answer Next Question.

Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.

Blackboard Learn 9.1 Communicating with Students © 2010 Blackboard Inc. All rights reserved.

The FederID project The First Identity Management and Federation Free Software.

19 Copyright © 2008, Oracle. All rights reserved. Security.

Justin Scheitlin Daisey Fahringer

SQL Database Management

CollegeSource Security Application &

DotNetNuke® Web Application Framework

To Join the Teleconference

EPIC INFOTECH CONSULTING GROUP

SAKAI February 2005.

Presentation transcript:

8th Sakai Conference4-7 December 2007 Newport Beach Integration: Users and Groups Mark J. Norton Nolaria Consulting

1Overview Architectural Review –The Sakai Framework Integration Topics: –User Integration –Group Integration –Course Integration (not covered) –Content Integration (not covered)

2 The Sakai Framework Velocity/JSF/RSF Tools Application Services Portal Framework Services Kernel Most Sakai integration will happen at the services level of the framework, either by replacing the default implementation with a new one, or by using a provider.

3 Enterprise Integration Sakai integration happens in the Sakai services and mostly in kernel services. All Sakai services are implemented against a published API to specifically enable integration. In some cases, additional integration support is included in Sakai service implementations (providers).

4 Integration Approaches Sakai offers four main approaches to campus integration: –Service replacement –Providers –Web Services. –Synchronization tools. This talk is focused on the User and Group Providers

5Providers Providers are a way to “look someplace else” for data. These other place can be a service or a database. In general, Sakai databases should only be accessed through services. Database tables are sometimes modified between Sakai releases so using the API is best.

6 Integration Points Currently (as of 2.4) Sakai has four key integration points: –UserUserDirectoryProvider –GroupGroupProvider –Course CourseManagementProvider –ContentFile System Mapping User Group Course Content

7 User / Person User objects are currently used by Sakai tools whenever information about the current (or other) user is required. Users are managed by the User Directory Service. User Integration org.sakaiproject.user.api.UserDirectoryService

8Users The User service is modeled on a directory service an may include user authentication. Sakai includes default implementations against LDAP, but has also be integrated to other user services like CAS. User provides access to identifiers, name, , user type, etc. User Integration

9 User Integration User integration in Sakai is largely accomplished by writing a user provider. The general model is simple: a UserEdit object is passed to a provider implementation. If the user id included is known to the enterprise system, data is filled in. User Integration

10 Key User Information The following user information should be part of your integration strategy: –Creation and modification times. – address –Display name –Sort name –First and last name –User type Other information can be properties. User Integration

11 User Directory Provider This is the User Directory Provider API: public interface UserDirectoryProvider { boolean authenticateUser(String eid, UserEdit edit, String password); boolean authenticateWithProviderFirst(String eid); boolean createUserRecord(String eid); void destroyAuthentication(); boolean findUserBy (UserEdit edit, String ); boolean getUser(UserEdit edit); void getUsers(Collection users); boolean updateUserAfterAuthentication(); boolean userExists(String eid); } org.sakaiproject.user.api.UserDirectoryService User Integration

12 Policy Functions Some of these provider functions allow the enterprise environment to define policy: These are pretty simple to implement, being booleans. boolean authenticateWithProviderFirst(String eid); boolean createUserRecord(String eid); boolean updateUserAfterAuthentication(); User Integration

13 Information Transfer The remaining functions transfer information from the enterprise system of record to Sakai: Note that Sakai often caches this information. boolean authenticateUser(String eid, UserEdit edit, String password); void destroyAuthentication(); boolean findUserBy (UserEdit edit, String ); boolean getUser(UserEdit edit); void getUsers(Collection users); boolean userExists(String eid); User Integration

14 Implementation Strategies Often, developers will create a private method that updates a UserEdit object. This makes getUser(), getUsers() and findUserBy () simple to implement, all being variants of initialization. The other functions tie the user service to your authentication system. User Integration

15Examples Let’s hear from people who have done some work with the User Directory Provider: –Ray –Seth –Dan

16 Group Integration Groups are widely used in various Sakai services. Most of these services leverage the group structure provided by AuthzGroups. Authorization groups allow groups of users to be defined who share access permissions, usually based on their role. Group Integration

17 The Authorization Model Person Group Role FunctionEntity Collection The Authorization Triple Group Integration

18 Authorization Groups A user may be a member of a particular authorization group. All users in an AuthZGroup are required to have a role. Each group has a set of permissions. The ability to perform a particular function may be specified by a role or membership of a user in a group. Group Integration

19 The Group Provider This is the group provider API: Simpler than a user provider, but also more limited. public interface GroupProvider { String getRole(String gid, String eid); Map getUserRolesForGroup(String gid); Map getGroupRolesForUser(String eid); public String packId(String[] ids); String[ ] unpackId(String gid); String preferredRole(String one, String other); } Group Integration New for Sakai 2.4!

20 Authz Group Roles Roles are simple strings in Sakai. Some pre-defined roles are included: –instructor –student –ta –admin –maintain –user Some Sakai application define their own roles and specific installations are free to define new ones. Part of writing a group provider is mapping external roles to known Sakai roles. Group Integration

21Identifiers Where a user identifier is passed a parameter, it is the enterprise id. Where a group identifier is passed, it is the enterprise group id. Since some schools use compound group ids (perhaps based on course id), an unpack() function is provided to parse out the group id that Sakai uses. Group Integration

22 User Roles for Group Create a Map object which includes pairs of user ids and roles for a given group id. Map getUserRolesForGroup(String gid); Group Integration

23 Group Roles for User Create a Map object that includes pairs of group ids and roles for a given user. Map getGroupRolesForUser(String eid); Group Integration

24 Examples – Group Provider Mark - MIT