2-Oct-0101 October 2001 Directories as Middleware Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect.

Slides:



Advertisements
Similar presentations
Secure Videoconferencing Jill Gemmill, UAB. Room for Improvement… Videoconferencing applications today No resource discovery – need to already know address.
Advertisements

04 June 2002, TERENA, Limerick MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.
1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
Internet2 Middleware BASE CAMP slides Michael R. Gettes Principal Technologist Georgetown University
Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.
Recent Developments in Directories Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Peter Deutsch Director, I&IT Systems July 12, 2005
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
Directories and PKI Keith Hazelton Senior IT Architect, UW-Madison PKI Summit, Snowmass, 9-Aug-01.
EDUCAUSE PKI Working Group Where Are We and Where are We Going.
07 May 2002, I2 Member Meeting MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.
Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.
Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.
Maturation & Convergence in Authentication & Authorization Services in US Higher Education: Keith Hazelton, Sr. IT Architect, University.
01 February 2002 Directories are Fundamental Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect University.
Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.
USERS Implementers Target Communities NMI Integration Testbed The NMI Integration Testbed NMI Participation Developed and managed by SURA Evaluate NMI.
David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.
Directories Keith Hazelton, University of Wisconsin Brendan Bellina, University of Notre Dame Tom Barton, University of Chicago.
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Internet2 CAMP Shibboleth Scott Cantor (Hey, that’s my EPPN too.) Tom Dopirak Scott Cantor (Hey, that’s my.
Internet2 Middleware Initiative. Discussion Outline  What is Middleware why is it important why is it hard  What are the major components of middleware.
Shibboleth: An Introduction
Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.
19 May 2003, TERENA, Zagreb Civilizing eduPerson Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group Keith Hazelton,
Password? CLASP Project FOCUS Meeting, 12 October 2000 Denise Heagerty, IT/IS.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 NMI R3 Enterprise Directory Components.
Going Forward: Year 2 NMI and Higher Ed Middleware.
Information Technology Current Work in System Architecture January 2004 Tom Board Director, NUIT Information Systems Architecture.
1 herbert van de sompel CS 502 Computing Methods for Digital Libraries Cornell University – Computer Science Herbert Van de Sompel
UK Access Management Federation Matthew Dovey Programme Director, Digital Infrastructures (Research) 10 June 2011 CERN.
05 October 2001 Directories: The Next Stage Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect University.
Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck
Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.
1 Internet2 Middleware update Main source Based on I2 Member meeting, Oct 2000 (trip report.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago.
E-Authentication October Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.
Shibboleth Update January, 2001 Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado at Boulder.
Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.
Authorization: Just when you thought middleware was no fun anymore Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Member, Internet2 Middleware.
May I introduce you to eduPerson? Keith Hazelton Sr. IT Architect, UW-Madison TNC 2001, Antalya, Turkey, 15-May-2001.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)
Directory based Middleware Services Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Middleware Architecture Committee for Education, Internet2.
Introduction to Shibboleth Attribute Delivery for Campuses New to Shibboleth Paul Caskey The University of Texas System.
01 October 2001 “...By Any Other Name…”. Consequences and Truths (Ken) The Pieces and the Processes (Bob) Directories (Keith) Shibboleth and SAML (Scott)
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
Middleware: Directories Metadirectories Related Work Brendan Bellina, University of Notre Dame.
OpenRegistry MACE-Dir 5/18/09 1 OpenRegistry Initiative Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University May 2009.
University of Southern California Identity and Access Management (IAM)
LIGO Identity and Access Management
Vidmid Session Overview
Shibboleth Project at GSU
Extending Authentication to Members of Social Networks
Current Activities in Middleware
University of Southern California Identity and Access Management (IAM)
Egon Verharen, SURFnet Vidmid-vc chair
KC-ROLO Project Kidderminster College – Repository Of Learning Objects
Presentation transcript:

2-Oct-0101 October 2001 Directories as Middleware Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect University of Wisconsin-Madison

2-Oct-01 2 Directory Middleware Outline Richer sets of objects in the directory Groups and roles via directories Directories playing nicely together Specific projects: DoDHE, Shibboleth, Digital Video

2-Oct-01 3 MACE-Dir Background Advice on institutional directories: LDAP Recipe, Early Adopter work Clarification of how to use existing attributes New object class for inter- institutional needs: eduPerson 1.0

2-Oct-01 4 Richer sets of objects in the directory Eduperson enhancements: Internationalization New values for eduPersonAffiliation

2-Oct-01 5 Richer sets of objects in the directory eduOrganization object class: Institution-level attributes As needed to support inter- institutional applications

2-Oct-01 6 Richer sets of objects in the directory Other objects in the directory: Applications Services Devices

2-Oct-01 7 Richer sets of objects in the directory Apps, services, devices: Build on pre-existing efforts Grid Information Services CIM Learning Mgmt. Systems

2-Oct-01 8 Groups and roles via directories Key questions: How to represent groups How to create and maintain them

2-Oct-01 9 Groups and roles via directories Current problem: No agreement on how to do this Off-shelf applications hard- wired & mostly wrong servers, portal engines…

2-Oct Groups and roles via directories The two kinds of info requests: Is person x a member of group y? Give me a list of all members of group y (and some additional info re each)

2-Oct Groups and roles via directories Is person x a member of group y: Access control question: Does x belong to the group of people authorized to use this resource or service?

2-Oct Groups and roles via directories List of members of group y: Mailing list creation Provisioning (accounts, class lists)

2-Oct Groups and roles via directories Work plan re groups in directory: Draft a “good practices” doc. Vet draft with stakeholders Encourage adoption of good practices (institutions, vendors)

2-Oct Directories playing nicely together Discarded goal: Single huge institutional directory with all attributes anyone and any application will ever need

2-Oct Directories playing nicely together New goal: One institutional directory that manages identity across IT systems; Plus a federation of special- purpose directories complementary to above

2-Oct Directories playing nicely together Core challenge: managing identity across a collection of directories, each of which is authoritative for a different set of attributes. Even across institutional boundaries

2-Oct Directories playing nicely together The least understood of all the problems on the directory list Video conferencing, video on demand, and Grid applications driving demand for solutions

2-Oct Directories playing nicely together Privacy issues will be central As will the proper division of labor between directories and databases As will metadirectory solutions

2-Oct Specific projects: Directory of Directories for Higher Education White pages application spanning higher education First application to rely on early MACE-Dir work: LDAP Recipe, eduPerson 1.0

2-Oct Specific projects: Directory of Directories for Higher Education Next steps: Expansion of list of participating schools Help on policy concerns re “one stop shopping” for HE directory information on the internet

2-Oct Specific projects: Directory of Directories for Higher Education User interface design (see Eisenberg presentation)

2-Oct Specific projects: Shibboleth Authenticate locally, access resources globally Secure sharing of authorization information between home institution and target site

2-Oct Specific projects: Shibboleth Attribute authority: Draws on institutional directory services Pilot apps will leverage eduPerson, but additional attributes needed for some

2-Oct Specific projects: Shibboleth Person taking a for-credit course at a different institution: Need to define, create and share new data elements Shibboleth will drive directory evolution

2-Oct Specific projects: Video conferencing VIMM will generate long list of what could be done better MACE-VidMid early deliverable: design for authenticated, controlled access to video streams

2-Oct Specific projects: Video conferencing Major vendors working with VidMid: Promise of vendor support for standards that emerge gives directory aspects high priority

2-Oct Conclusion These projects fit the MACE-Dir profile: Directory middleware work must be driven by actual application needs

2-Oct Conclusion Targeted applications are inter- institutional or institution to vendor. But MACE-Dir work generally seems to have immediate local utility as well

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.