Presentation is loading. Please wait.

Presentation is loading. Please wait.

Recent Developments in Directories Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin.

Published byAntonia Murphy Modified over 9 years ago

Similar presentations

Presentation on theme: "Recent Developments in Directories Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin."— Presentation transcript:

1 Recent Developments in Directories Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin

2 5 June 2003CAMP 2 Copyright Keith Hazelton and Tom Barton 2003. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the authors.

3 5 June 2003CAMP 3 Outline 1.Tag team - current threads in mace-dir 2.Tom - SAGE 3.Keith - DEEP Pipe up with questions or comments at any time!!

4 5 June 2003CAMP 4 Mace-dir currents Internet2/MACE working group on directories Keith Hazelton, WG Chair eduPerson –eduPersonScopedAffiliation attribute –eduPersonAffiliation value vocabulary growth –eduPersonEntitlement value syntax isMemberOf eduCourse Privacy metadata

5 5 June 2003CAMP 5 Mace-dir currents (cont’d) Approaches to federated identity management –eduPersonXref proposal –Taxonomy of approaches to federated identity management Plumb core middleware to Grid & other types of “Virtual Organizations” Utilities –Look (Directory Service Agent performance monitoring tool) –LDAP Analyzer (LDAP Recipe compliance tool) –SAGE (groups/roles manager)

6 5 June 2003CAMP 6 Trends in Internet2 schema and directory work eduPersonScopedAffiliation –Driven by Shibboleth needs –Syntax like eduPersonPrincipalName student@brown.edu alum@duke.edu subscriber@nytimes.com (!?!) –Raises problems about who is authorized to assert what An “inter-realm metadirectory function” A field full of ratholes and land mines…

7 5 June 2003CAMP 7 Trends in Internet2 schema and directory work Cautious and stringently limited expansion of controlled vocabulary for eduPersonAffiliation –prospect –parent …and maybe no more than that There’s value in local attribute with more values And value in agreeing across institutions on syntax & semantics; but maybe not a single shared attribute

8 5 June 2003CAMP 8 Trends in Internet2 schema and directory work eduPersonEntitlement –Values are URIs (URL or URN) –urn:mace: prefixed values proliferating after acceptance by IETF and upcoming registration with IANA –Gives us a way to make values unique in the entitlement namespace without elaborate registry mechanism urn:mace:wisc.edu:bucky-bundle urn:mace:oclc:org:autho:NNNN urn:mace:duke.edu:library:oclc:contract-NNN –If you want to get a namespace registered, contact mace-submit@internet2.edu eduPersonEntitlement attribute

9 5 June 2003CAMP 9 Trends in Internet2 schema and directory work It’s a tough nut, federated identity management is Taxonomy of federated identity management approaches –From point of view of a service looking for federated identity management information, there is a spectrum from Looks like a “Big Directory in the Sky” (BDIS) To hint-based foraging through digital space (“Good hunting, mate!”) “Field of Forage” (FOF)

10 5 June 2003CAMP 10 Trends in Internet2 schema and directory work Spectrum: –From More BDIS-like Persistent, near real-time sync of identity stores based on shared identifiers (state u systems) Persistent, occasional sync based on shared identifiers Persistent link based on shared identifier (AAMC for med staff across sites) Persistent link based on directory referrals or eduPersonXref –One-stop shopping for client via intermediary gateway –“So, client, here’s a set of places to look for info on X” Persistent link based on user mediated decision (Liberty Alliance) Transient link based on user mediated decision??? No links, “Good hunting, mate!” –…to more FOF-like

11 5 June 2003CAMP 11 SAGE: problem statement Operational issues attend deployments of groups: –Coordinating multiple sources of information –Supporting multiple styles of access to group information –Provisioning groups in multiple locations –Aging –Use of subgroups vs. indirect membership –Referring to set theoretic combinations of groups –Maintaining referential integrity –Meeting security, privacy, & visibility requirements

12 5 June 2003CAMP 12 SAGE: capabilities Life cycle management of groups –Creation –Update –Aging –Deletion Provisioning of groups into consumer systems Referential integrity mechanism Handles direct & indirect membership & multiple membership attributes Maintenance of ordering of groups (e.g., role hierarchies) Support for “complex” groups (group math) Code library, web services, & batch interfaces Art of SAGE: management of group metadata

13 5 June 2003CAMP 13 SAGE: Interfaces & integration

14 5 June 2003CAMP 14 (potential) SAGE scenarios “Typical” groups deployment –Provisioning of group information (including referential integrity, forward referencing, aging, security within SAGE, passthru security for consumers, …) –Interfaces for Homegrown apps (code library) Nouveau apps (web services interface) legacy apps (limited batch import/export) Build “complex” groups from existing ones Manager of role structure for an RBAC system –Partially ordered structure on a set of groups –Multiple “membership” attributes (for users/groups, privileges, obligations, constraints)

15 5 June 2003CAMP 15 SAGE development process Subgroup of mace-dir with biweekly conference calls Scenarios doc released with NMI R3. Architecture & design process to commence soon (next call is Wed June 18, announced on mace-dir@internet2.edu) Coders hired who will … … hope to deliver beta code supporting some functional requirements within ___ months. 10

Download ppt "Recent Developments in Directories Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin."

Similar presentations

04 June 2002, TERENA, Limerick MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.

04 June 2002, TERENA, Limerick MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.

EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau 2004. This work is the intellectual property of the authors. Permission is granted for.

Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
1 Extending Authenticated Online Services with Friend Accounts at Washington State University Brian Foley Technology Architect/Application Developer.

1 Extending Authenticated Online Services with "Friend Accounts" at Washington State University Brian Foley Technology Architect/Application Developer.
Welcome to CAMP! Ken Klingenstein, Director, Internet2 Middleware Initiative.

Welcome to CAMP! Ken Klingenstein, Director, Internet2 Middleware Initiative.
Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.

Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.
Schema: eduPerson views Michael R Gettes Duke University EuroCAMP, November 2005.

Schema: eduPerson views Michael R Gettes Duke University EuroCAMP, November 2005.
Copyright Jill M. Forrester 2008. This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,

Copyright Jill M. Forrester This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
Identity Management: The Legacy and Real Solutions Project Overview.

Identity Management: The Legacy and Real Solutions Project Overview.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
MIT ROLES DB Internet 2 Authority Architectures CAMP, June 2004.

MIT ROLES DB Internet 2 Authority Architectures CAMP, June 2004.
Unraveling Web Development PRESENTERS: Bob Nakles and Paras Kaul, George Mason University.

Unraveling Web Development PRESENTERS: Bob Nakles and Paras Kaul, George Mason University.
Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, 2004. This work is the intellectual property of the.

Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, This work is the intellectual property of the.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.

Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
Sharing Information and Controlling Content: Continuing Challenges for Higher Education Susanna Frederick Fischer Assistant Professor Columbus School of.

Sharing Information and Controlling Content: Continuing Challenges for Higher Education Susanna Frederick Fischer Assistant Professor Columbus School of.
Educause 2006, Dallas TX What does a University need from Access Management? John Paschoud InfoSystems Engineer, LSE Library London School of Economics.

Educause 2006, Dallas TX What does a University need from Access Management? John Paschoud InfoSystems Engineer, LSE Library London School of Economics.
Introduction to Group Management Tom Barton, Blair Christensen University of Chicago.

Introduction to Group Management Tom Barton, Blair Christensen University of Chicago.

Similar presentations

Ads by Google