1. Cal Poly Pomona Identity Management
Management Infrastructure
CPP Identity Management web app, used by community and IT Support staff
automatic (nightly)
manual
idmgmt.pl Scan
Reconcile
a v
RESTful Web API
Scan authoritative information sources, and model affiliated users and groups.
Identity::REST
The Web API exposes the Management API functionality through RESTful HTTPS, with integrated authentication and authorization.
Assure that identity information from authoritative sources is synchronized across production servers.
Object-Oriented Management API
The Management API provides methods for constructing Identity, User, and Group objects, and getting or setting their identity information.
Identity
a v
Identity, User, and Group are Perl object classes. User and Group objects inherit Identity information and methods.
Identity::User `
a v
Identity::Group
a v
The Service APIs manage connections to production servers, and synchronize identity information from authoritative sources to production servers.
Identity information is represented by attribute-value pairs.
Identity::Kerberos
Identity::ZFS
Service APIs
a v
Identity::LDAP
Identity::MySQL
a v
Kerberos
a v
Identity::AD
Identity::Oracle
a v
ZFS
LDAP
a v
a v
MySQL
file system
authentication AD
Oracle
authentication & authorization
database system
authentication & authorization
database system
Dr. Craig A. Rich Computer Science Department Cal Poly Pomona
Service Infrastructure