Presentation is loading. Please wait.

Presentation is loading. Please wait.

June 10-15, 2012 Growing Community; Growing Possibilities Dedra Chamberlin, UCSF/UC Berkeley Eric Westfall, Indiana University.

Published byKelley Marsh Modified over 9 years ago

Similar presentations

Presentation on theme: "June 10-15, 2012 Growing Community; Growing Possibilities Dedra Chamberlin, UCSF/UC Berkeley Eric Westfall, Indiana University."— Presentation transcript:

1 June 10-15, 2012 Growing Community; Growing Possibilities Dedra Chamberlin, UCSF/UC Berkeley Eric Westfall, Indiana University

2 An agile, best-of-breed, community governed, comprehensive IAM solution for higher education 2012 Jasig Sakai Conference2

3  Build upon existing open source IAM projects  Create a comprehensive, modular IAM stack  Implement open, standards-based architecture  Reduce ops costs (TCO) through improved integration, automation, QA  Focus on needs, challenges distinctive to HE  Avoid vendor lock-in  Do so by pooling community resources 2012 Jasig Sakai Conference3

4 4

5 Central repository of key information about entities belonging to an organization 2012 Jasig Sakai Conference5

6 6

7  Consumer of data – SOR integration  Reconciler of data – ID match and reconciliation  Producer of data – Global unique ID  Organizer of data – standard representation of person profile data  Provider of data – integration with downstream systems/apps  Other key functions: ◦ Administration – merges, data integrity, reporting ◦ Identity lifecycle management 2012 Jasig Sakai Conference7

8 Why are we involved and what do we need? 2012 Jasig Sakai Conference8

9  UC Berkeley and UCSF have merged IAM oversight and strategy  Both have IAM systems which need significant re-vamping and both need a person registry  Other UC schools also looking at IAM replacements  The UC system is moving to a common SOR for HR data (PeopleSoft in the cloud)  Great opportunity for exploring common person registry solutions 2012 Jasig Sakai Conference9

10  Homegrown “sync code” handles ID match and basic provisioning  All integration from SORs is via nightly pull from EDW views  Person data stored in LDAP (currently Oracle DSEE), no “person registry” 2012 Jasig Sakai Conference10

11 2012 Jasig Sakai Conference11

12  Replace sync code with something more sustainable in the long run – community development and support model  Opportunity to re-evaluate ID match data  Opportunity to introduce real-time integration with SORs (and hence downstream customers)  More integration options for downstream customers 2012 Jasig Sakai Conference12

13  Homegrown, mainframe-based Individual Identifier System (IID) handles ID Match and Person data repo  Creates one global identifier for all Systems of Record upon account creation  Issues many regular batch feeds to downstream systems  Feeds Enterprise Directory Service (OpenDJ), which in turn feeds other downstream customers 2012 Jasig Sakai Conference13

14 2012 Jasig Sakai Conference14

15  Mainframe retiring in about 3 years  Replace IID with something more sustainable in the long run – community development and support model  Opportunity to introduce real-time integration with SORs (and hence downstream customers)  More integration options for downstream customers 2012 Jasig Sakai Conference15

16 2012 Jasig Sakai Conference16

17  Work with CIFER Registry workstream to develop registry solutions that can become part of community supported higher ed suite  Immediate future – decide on ID match solution and hopefully develop new ID match tools in partnership with Kuali  Near term – begin deploying a new Registry solution (jasig’s Open Registry or Penn State’s Central Person Registry)  Medium term – establish standard outbound integration options for the new registry 2012 Jasig Sakai Conference17

18 2012 Jasig Sakai Conference18

19  Shared IAM Services ◦ Focus on identity functionality for the purpose of this discussion  Used by many Kuali projects ◦ but is general enough to be used outside of Kuali apps  Provides access to identity data through APIs  Database-backed reference implementation  Authoritative source for its consumers  An “integration platform” for IAM within Kuali 2012 Jasig Sakai Conference19

20  There are a couple of predominant integration patterns for identity in KIM today ◦ Provisioning into the KIM database from SORs ◦ Integration with LDAP (or institution-specific identity stores) via KIM APIs  Furthermore, there are two architectural deployment models for KIM ◦ Bundled ◦ Standalone 2012 Jasig Sakai Conference20

21 2012 Jasig Sakai Conference21 Kuali Coeus. KIM Either provisioning into database from systems of record, or integration of KIM with directory or similar service LDA P Provisioning Database Provisioning

22 2012 Jasig Sakai Conference22 KIM Either provisioning into database from systems of record, or integration of KIM with directory or similar service LDA P Provisioning Database Provisioning Kuali Coeus Kuali OLE Some Application Some Other Application

23  Kuali is continuing to build out HR and Student System functionality  These are traditionally Systems of Record for identity  ID Match is critical  Institutions can implement only the pieces of Kuali that they want ◦ This means applications like Kuali Student or KPME could be paired with things like PeopleSoft, Banner, Workday, SAP, Banner, etc. 2012 Jasig Sakai Conference23

24  We need to continue to evolve our architecture for identity and access management within Kuali  We have at least 10 major items on our project roadmap related to IAM  Working with others in various communities on a shared project like CIFER just makes sense  Identity registries and ID match are our initial area of focus because they are important when dealing with multiple identity sources 2012 Jasig Sakai Conference24

25 What are we talking about, what have we done, and what are we going to do? 2012 Jasig Sakai Conference25

26  Objective of the Group ◦ Catalog requirements for identity registries ◦ Develop a plan to identify current gaps ◦ Evaluate available identity registry and ID match solutions ◦ Develop, document, and exercise standard APIs for interacting with identity registries  Involved Partners ◦ UC Berkeley, UCSF, Brown, U. Washington, Internet2, Indiana, Kuali, SFU, PSU, Open Registry, Rutgers, others  What are we looking at? ◦ A central, single authority Registry ◦ Identity Match functionality ◦ Working closely with the Provisioning side of CIFER 2012 Jasig Sakai Conference26

27 2012 Jasig Sakai Conference27

28  Identity Registry Functional Model  Core Requirements Evaluation  ID Match ◦ Strawman design for ID match system ◦ Evaluation of OpenEMPI  Evaluations of three different Open Source Identity Registry solutions ◦ OpenRegistry ◦ Penn State’s Central Person Registry (CPR) ◦ Kuali Identity Management (KIM) 2012 Jasig Sakai Conference28

29  For identity match ◦ Evaluated OpenEMPI and will decide w/in a month to use or explore other options (integrations, self- written)  For Registry ◦ Evaluated OpenRegistry and CPR ◦ Both fairly well-developed, team feels both are viable candidates  What about KIM? 2012 Jasig Sakai Conference29

30  Next Steps ◦ Potential ID Match “task force” ◦ Continued evaluation of registry solutions ◦ Work on shared APIs from SOR’s into a registry ◦ APIs for downstream provisioning  Other Potential Goals ◦ Try and get OR out of incubation status ◦ Work with PSU to fully “open-source” CPR ◦ Increase active community involvement  Other Initiatives ◦ Kuali is doing an evaluation of mapping KIM APIs to CPR ◦ UC is doing architectural evaluations ◦ Both of these groups are eager to move things forward! 2012 Jasig Sakai Conference30

31  Your Input ◦ We need your input on the integration points  SORs to Registry  Development of shared APIs  Your Experiences ◦ Have you tackled similar problems in the past? ◦ Have experience with implementation of an identity registry or ID match solution?  Your Help! ◦ If your campus has registry needs, consider getting involved by investing into this effort! 2012 Jasig Sakai Conference31

32  Possible future IAM Online  Registries team wiki: ◦ https://spaces.internet2.edu/x/BJ2KAQ https://spaces.internet2.edu/x/BJ2KAQ  Future Home Page (work-in-progress!): ◦ http://www.ciferproject.org http://www.ciferproject.org  Send email to info@ciferproject.org if you are interested in finding out more info or getting involved in any of the workstreams!info@ciferproject.org 2012 Jasig Sakai Conference32

33 For more information contact: info@ciferproject.org 2012 Jasig Sakai Conference33

Download ppt "June 10-15, 2012 Growing Community; Growing Possibilities Dedra Chamberlin, UCSF/UC Berkeley Eric Westfall, Indiana University."

Similar presentations

1. 2 August 2009 - Recommendation 9.1 of the Strategic Information Technology Advisory Committee (SITAC) report initiated the effort to create an Administrative.

1. 2 August Recommendation 9.1 of the Strategic Information Technology Advisory Committee (SITAC) report initiated the effort to create an Administrative.
June 10-15, 2012 Growing Community; Growing Possibilities Benn Oshrin, The Oshrinium, LLC Keith Hazelton, UW-Madison, Internet2 CIFER Community Identity.

June 10-15, 2012 Growing Community; Growing Possibilities Benn Oshrin, The Oshrinium, LLC Keith Hazelton, UW-Madison, Internet2 CIFER Community Identity.
Presenter(s): Candace Soderston Matt Sargent Bill Yock Date:November 16, 2011 Time:2:30 to 3:30 pm Help Shape the Future of Open Source Identity and Access.

Presenter(s): Candace Soderston Matt Sargent Bill Yock Date:November 16, 2011 Time:2:30 to 3:30 pm Help Shape the Future of Open Source Identity and Access.
Copyright Dave Steiner and Jeremy Rosenberg 2010. This work is the intellectual property of the authors. Permission is granted for this material to be.

Copyright Dave Steiner and Jeremy Rosenberg This work is the intellectual property of the authors. Permission is granted for this material to be.
Www.regoconsulting.comPhone: 1-888-813-0444 Interface Strategies and Methods.

Interface Strategies and Methods.
Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.
VoipNow Core Solution capabilities and business value.

VoipNow Core Solution capabilities and business value.
Identity Management Choosing and Using Sun’s Identity Management Suite March 13 th, 2007 Kim Tracy Executive Director University Computing Services Northeastern.

Identity Management Choosing and Using Sun’s Identity Management Suite March 13 th, 2007 Kim Tracy Executive Director University Computing Services Northeastern.
Ellucian Mobile: Don’t text and drive, kids!

Ellucian Mobile: Don’t text and drive, kids!
Graffiti Reporting A partnership of Local and State Government; My Local Services App enhancements.

Graffiti Reporting A partnership of Local and State Government; My Local Services App enhancements.
CPR Overview 28-April-2011. Agenda Introduction Requirements Data Model Services Model Service Providers Implementation Contact Information.

CPR Overview 28-April Agenda Introduction Requirements Data Model Services Model Service Providers Implementation Contact Information.
What can PeopleSoft do for You Tools developed at CSU, San Marcos.

What can PeopleSoft do for You Tools developed at CSU, San Marcos.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Page 1Prepared by Sapient for MITVersion 0.1 – August – September 2004 This document represents a snapshot of an evolving set of documents. For information.

Page 1Prepared by Sapient for MITVersion 0.1 – August – September 2004 This document represents a snapshot of an evolving set of documents. For information.
Open Source, Community Developed Enterprise Resource Planning Software for Higher Education.

Open Source, Community Developed Enterprise Resource Planning Software for Higher Education.
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.
CIFER Community Identity Framework for Education and Research (CIFERproject.org) An agile, best-of-breed, community-governed, comprehensive IAM solution.

CIFER Community Identity Framework for Education and Research (CIFERproject.org) An agile, best-of-breed, community-governed, comprehensive IAM solution.
Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.

Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.
ENTERPRISE DATA INTEGRATION APPLICATION ARCHITECTURE COMMITTEE OCTOBER 8, 2012 3-5 Year Strategic Initiatives.

ENTERPRISE DATA INTEGRATION APPLICATION ARCHITECTURE COMMITTEE OCTOBER 8, Year Strategic Initiatives.
OSIAM4HE Proposed org structure Authored by the strategy and organization team.

OSIAM4HE Proposed org structure Authored by the strategy and organization team.

Similar presentations

Ads by Google