Presentation is loading. Please wait.

Presentation is loading. Please wait.

OpenRegistry Jasig Dallas 2009 1 OpenRegistry Initiative Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University March 2009.

Published byEverett Felix Casey Modified over 8 years ago

Similar presentations

Presentation on theme: "OpenRegistry Jasig Dallas 2009 1 OpenRegistry Initiative Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University March 2009."— Presentation transcript:

1 OpenRegistry Jasig Dallas 2009 1 OpenRegistry Initiative Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University March 2009

2 OpenRegistry Jasig Dallas 2009 2 Table of Contents Background –Identity and Access Management Models –What is a Registry? –Inspirations and Use Cases Objectives Approach Technology –Data Model –Architecture Milestones

3 OpenRegistry Jasig Dallas 2009 3 I2 Identity & Access Management Model

4 OpenRegistry Jasig Dallas 2009 4 I2 Identity & Access Management Model OpenRegistry Core

5 OpenRegistry Jasig Dallas 2009 5 I2 Identity & Access Management Model OpenRegistry Core OpenRegistry Periphery

6 OpenRegistry Jasig Dallas 2009 6 OpenSource Identity Management Cloud OpenMetaDir JBoss Rules OpenSPML OpenPTK OpenSPML OpenPTK Kerberos OpenLDAP OpenCA OPIE HausKeys Kerberos OpenLDAP OpenCA OPIE HausKeys Kuali Grouper Signet CAS Shibboleth PubCookie CoSign OpenSSO CAS Shibboleth PubCookie CoSign OpenSSO

7 OpenRegistry Jasig Dallas 2009 7 What is a “Registry”? A definitive source of information related to a type of entity Person Registry: Definitive set of people affiliated with a given organization Other types of registries: Group, service, account, credential, course, role, business rule Registry vs Repository

8 OpenRegistry Jasig Dallas 2009 8 What Is OpenRegistry? An OpenSource Identity Registry, a place for data about people affiliated with your institution Core functionality –Interfaces for web, batch, and real-time data transfer –Identity data store –Identity reconciliation from multiple systems of record –Identifier assignment for new, unique individuals Additional functionality –Data beyond Persons: Groups, Courses, Credentials, Accounts –Business Rule based data transformations More than just a Registry, some periphery too –Directory Builder –Provisioning and Deprovisioning

9 OpenRegistry Jasig Dallas 2009 9 Why OpenRegistry? “Off the shelf” solutions usually end up requiring significant customizations and integration work and/or solve only a portion of an institution's needs Lots of institutions still rolling their own Combined institutional efforts better leverage scant resources and allow for learning from others' experience (eg: Sakai, uPortal, CAS, Shibboleth, Kuali) OpenRegistry is tailored to the needs of higher ed

10 OpenRegistry Jasig Dallas 2009 10 Why OpenSource Software? In the end, we own the product and have a vested interest in it –Higher ed institutions have been around a lot longer than our vendors Good luck getting a bug fix from a vendor Our institutions exist to expand knowledge — it's the Right Thing To Do

11 OpenRegistry Jasig Dallas 2009 11 Inspirations Columbia University Identity Management System Rutgers People Database Georgetown Model* Higher Ed Standards (eg: eduPerson) Evolving Standards (eg: NIST LoA) Review of interested peer institutions Decades of combined experience from before the field was called “Identity Management”

12 OpenRegistry Jasig Dallas 2009 12 OpenRegistry @ Rutgers University Capture Identity Data for all populations affiliated with the University, including regular students, continuing ed students, joint program students, alumni, new employees, faculty, staff, retirees, and guests –Now: Primarily students, faculty/staff, and some “guests” Faster propagation of data, real time where possible –Now: Nightly to biweekly batch feeds Consistent data definitions, contracted via versions –Now: Hard to find definitions, unclear when they change Delegated operations where possible –Now: Heavy dependency on Help Desk and Central IT

13 OpenRegistry Jasig Dallas 2009 13 OpenRegistry (Select) Use Cases Fast identity creation for new hires (provisional hire) Real-time System of Record (SOR) data where SOR is capable, batch otherwise Guest sponsorship Directory construction, including real-time updates Provisioning/deprovisioning Data dictionary and versioned attribute definitions Password trust/levels of assurance ID Card integration Activation keys Roles and role specific data Audit history

14 OpenRegistry Jasig Dallas 2009 14 OpenRegistry Objectives Meet functional requirements of constituent institutions Highly scalable, highly available, modular architecture Easy to install, easy to configure, easy to adapt, easy to use, easy to maintain Probably not just a registry, but also some periphery

15 OpenRegistry Jasig Dallas 2009 15 OpenRegistry Approach Communicate openly and transparently Design based on supportable, end-user focused, efficient processes and ease of maintenance Adhere to open standards wherever possible Leverage other higher ed efforts Favor iterative development where appropriate Implement highly available, highly scalable, cost efficient technologies

16 OpenRegistry Jasig Dallas 2009 16 OpenRegistry Approach Generic architecture and data model –More than Rutgers needs, but makes OR more useful for others Multiple levels of engagement with the community –Discuss: Review design documents, identify gaps and changes –Develop: Help write code, documentation, etc –Deploy: Run OR as an IDMS (when released) –Donate: Contribute resources to help with development and outreach Transparent, agile development process –Work done on Jasig servers, not Rutgers Get the ball rolling, encourage others to join Build on lessons learned from CAS

17 OpenRegistry Jasig Dallas 2009 17 Data Model Generic enough to work for multiple institutions Specific enough to work for yours Internationalized Well documented

18 OpenRegistry Jasig Dallas 2009 18 Data Model Overview

19 OpenRegistry Jasig Dallas 2009 19 Data Model Excerpt

20 OpenRegistry Jasig Dallas 2009

21 OpenRegistry Jasig Dallas 2009 21 Component Architecture

22 OpenRegistry Jasig Dallas 2009 22

23 OpenRegistry Jasig Dallas 2009 23

24 OpenRegistry Jasig Dallas 2009 24

25 OpenRegistry Jasig Dallas 2009 25

26 OpenRegistry Jasig Dallas 2009 26

27 OpenRegistry Jasig Dallas 2009 27

28 OpenRegistry Jasig Dallas 2009 28 OpenRegistry Initiative Milestones R1M1: Requirements R1M2: Design R1M3: Project Infrastructure R1M4: Project Services R1M5: Person Registry R1M6: Batch Interface R1M7: Web Interface R1: First Production Functionality –Meets Rutgers RIAR-1 requirements

29 OpenRegistry Jasig Dallas 2009 29 Intersection With Your Institution Potential for collaboration could take many forms –Participation in or vetting of OR design Web Interface and Data Model design underway now –Evaluation for migration and adoption as OR matures –Adjustment of OR milestones according to your needs, with your resources Benefits of Migration to OR –Provides long term, sustainable model –Elimination of programmer-specific knowledge concerns –Avoidance of vendor lock-in Commercial solutions aren't drop-in, customization work needed Easier to tailor to future needs –Community of similar institutions in similar situations

30 OpenRegistry Jasig Dallas 2009 30 Additional Information http://www.ja-sig.org/wiki/display/OR

Download ppt "OpenRegistry Jasig Dallas 2009 1 OpenRegistry Initiative Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University March 2009."

Similar presentations

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
Presenter(s): Candace Soderston Matt Sargent Bill Yock Date:November 16, 2011 Time:2:30 to 3:30 pm Help Shape the Future of Open Source Identity and Access.

Presenter(s): Candace Soderston Matt Sargent Bill Yock Date:November 16, 2011 Time:2:30 to 3:30 pm Help Shape the Future of Open Source Identity and Access.
NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.

NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.
Copyright Dave Steiner and Jeremy Rosenberg 2010. This work is the intellectual property of the authors. Permission is granted for this material to be.

Copyright Dave Steiner and Jeremy Rosenberg This work is the intellectual property of the authors. Permission is granted for this material to be.
Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.
Emory University Case Study I2 Day Camp November 5, 2010 John Ellis & Elliot Kendall.

Emory University Case Study I2 Day Camp November 5, 2010 John Ellis & Elliot Kendall.
11.1 Lecture 11 CASE tools IMS2805 - Systems Design and Implementation.

11.1 Lecture 11 CASE tools IMS Systems Design and Implementation.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Academic Services Interactive Media Managing the Web with Java JA-SIG Winter 2002 Robert Sherratt Academic Services, Interactive Media.

Academic Services Interactive Media Managing the Web with Java JA-SIG Winter 2002 Robert Sherratt Academic Services, Interactive Media.
 SAP AG 2000 FAQ.ppt / 1 FAQ LSMW Frequently Asked Questions concerning LSMW.

 SAP AG 2000 FAQ.ppt / 1 FAQ LSMW Frequently Asked Questions concerning LSMW.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 17 Slide 1 Rapid software development.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 17 Slide 1 Rapid software development.
 Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user.

 Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user.
NERCOMP 2007 - Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.

NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.
Configuration Management Process and Environment MACS Review 1 February 5th, 2010 Roland Moser PR-100205-a-RMO, February 5 th, 2010 R. Moser 1 R. Gutleber.

Configuration Management Process and Environment MACS Review 1 February 5th, 2010 Roland Moser PR a-RMO, February 5 th, 2010 R. Moser 1 R. Gutleber.
June 10-15, 2012 Growing Community; Growing Possibilities Dedra Chamberlin, UCSF/UC Berkeley Eric Westfall, Indiana University.

June 10-15, 2012 Growing Community; Growing Possibilities Dedra Chamberlin, UCSF/UC Berkeley Eric Westfall, Indiana University.
ENTERPRISE DATA INTEGRATION APPLICATION ARCHITECTURE COMMITTEE OCTOBER 8, 2012 3-5 Year Strategic Initiatives.

ENTERPRISE DATA INTEGRATION APPLICATION ARCHITECTURE COMMITTEE OCTOBER 8, Year Strategic Initiatives.
Rev Jul-o6 Oracle Identity Management Automate Provisioning to Oracle Applications and Beyond Kenny Gilbert Director of Technology Services.

Rev Jul-o6 Oracle Identity Management Automate Provisioning to Oracle Applications and Beyond Kenny Gilbert Director of Technology Services.
Configuration Management, Logistics, and Universal CM Issues Larry Bauer Boeing Commercial Airplanes NDIA Conference Miami March 4-5, 2005

Configuration Management, Logistics, and Universal CM Issues Larry Bauer Boeing Commercial Airplanes NDIA Conference Miami March 4-5, 2005
University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy

University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy
Technical Overview of Kuali Rice UC Davis, Information & Educational Technology January 2009.

Technical Overview of Kuali Rice UC Davis, Information & Educational Technology January 2009.

Similar presentations

Ads by Google