Download presentation
Presentation is loading. Please wait.
Published byAshley Holland Modified over 9 years ago
1
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Georgia State University Case Study of A Person Registry Art Vandenberg Director, Advanced Campus Services Georgia State University avandenberg@gsu.edu “Copyright Art Vandenberg 2003. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.”
2
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 2 Person Registry to Campus Directory Enterprise “directory architecture” Synchronizes data from different sources Provisions data to other applications A view of “authoritative sources” data Resolves identity Supports authentication & authorization –(directly, indirectly…) Supported by: NMI Middleware components
3
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 3 Critical Success Factors Top level sponsorship – CIO Steering Group – CIO + IT Directors Working groups – data stewards, technical Stepwise approach, let it evolve Take advantage of opportunity –Student email was a prime driver in early 2001 –New Rec Center was showcase opportunity: how to provide automated access... synchronized with campus onecard –WebCT, Campus Directory, Library feeds, email groups, check advice via email… Supported by: Roadmap components
4
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 4 NMI Components We Used Internet2 Middleware – http://middleware.internet2.edu/http://middleware.internet2.edu/ –Site, lists, working groups – Good overview and starting point, generally accessible – Introduces schema issues – “Hey, whoa, this is exactly what we’re facing…!!” Identifiers, authentication, authorization, synchronization [Tim Howes: Understanding and Deploying LDAP Directory Services ( 2nd Edition, Addison-Wesley, 2003 )] LDAP Recipe eduPerson schema Metadirectory Practices for Enterprise Directories in HE
5
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 5 We Had (Too Many) Solutions Student email Student Rec Center OneCard WebCT class rolls Email lists Open Record requests ElementK access College request for data load Library Staff email Alumni Student Financial HR/PR Sponsored Research LDAP Directory ??
6
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 6 (We Needed) person registry Staff data Student data PERSON REGISTRY Name, ID, Address, Phone… Title, Department, College, Dept, Major, Course, Term WebCT class rolls Campus directory Student Rec Center access Supported by: Metadirectory Practices… (and R.L.“Bob” Morgan)
7
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 7 Person Registry: Synchronizes HR/PPS feed nightly –(name, title, phone, department…) Student feed nightly –(name, college, dept, major, course…) Rec Center Affiliates being added –(name, sponsor, paid status…) Resolves into a single Person Registry core record –Effectively provides cross-walk back to source ERP systems Supported by: Metadirectory Practices…
8
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 8 Person Registry: Provisions Student email (PR assigns) –Sends nightly updates to Novell Netmail (LDAP) Student Rec Center gate access (via PantherCard) –Sends nightly update on eligibility (rec fee paid) to card office WebCT (PR provides course enrollment feeds) Library –Sends periodic updates on eligibility Banner (passes back student email assigned by registry…) Campus Directory –Nightly update of faculty, staff, student, affiliates, retirees... Supported by: Metadirectory Practices…
9
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 9 Business Rules: authoritative sources Basic Principle of authoritative sources –KEY: data stewards involved Day 1 (or earlier) Employee data has precedence over student –Establish campus policy Merge identity data to one person record Data stewards address policy issues –FERPA requires access control Person registry is also authoritative source –Email, PantherCard id, library barcode, campusId –it’s about identity management Supported by: Metadirectory Practices for Enterprise Directories In Higher Education
10
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 10 Ongoing results… Campus Directory (classic LDAP recipe issues) –online January 18, 2003 Self-service Profile Manager (metadirectory enabled) –Select CampusId, set pw, set Email routing Campus communication (metadirectory enabled) –email (not postal) for payroll/check advices –Leave balances, check & deposit history online (bonus benefit) Student Email groups in progress (SAGE group editing?) –working groups engaged (College reps, technical, policy…) –automated standard groups (if N = #people, 2 N = possible groups) –employee groups in queue (objects in mirror appear closer than…)
11
Georgia State Campus Directory Novell eGuide provides rich interface: Compound Boolean searches Find: All Employee Student Affiliate Retired other String Match options Supported by: LDAP recipe eduPerson Metadirectory…
12
Georgia State Campus Directory... HR data: Name Dept Phone Mailstop Affiliations are “calculated”; eduPersonAffiliation attributes Person registry data: CampusID, email eduPersonPrincipalName Supported by: eduPerson Metadirectory… (provisioning, identifiers)
13
Georgia State Campus Directory... Student Data: Robinson College of Business gsuPersonCollege Current Policy limits directory data for students. IF FERPA invoked, NO student data at all Student Affiliation added; however eduPersonPrimaryAffiliation set to employee due to precedence Business rule Supported by: eduPerson, LDAP recipe (access control)
14
Georgia State Online Advice View Identity Management: Unique identifier For everyone at Georgia State Middleware makes it possible (metadirectory architecture=legacy HR/PR on web!) Supported by: LDAP recipe (ids, authentication, pw management)
15
Georgia State Online Advice View… Provides link to Student refunds History Data! Application enabled by: NMI Middleware infrastructure
16
Georgia State Profile Manager Key Concept: Identity management involves user. Provide the means for users to manage their electronic profile. Concept by: NMI Middleware
17
Georgia State Profile Manager… Default options: Designate Target In-Box Change Password Other options available to Helpcenter or others cf. General Access Menu Everyone can use eduPersonPrincipalName for email (it’s mapped it to Target in-box) Key function: Email follows NMI Middleware Recommendation for eduPersonPrincipalName
18
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 18 Phased Approach… and issues Email groups faculty/staff [personal groups?] (SAGE…) LDAP authentication (LDAP Recipe) Record added to registry at “first touch” - then pulled by SCT, Peoplesoft…!? (cf. BC metadirectory model) –New hires become “provisional employee” –“day one” start… “last day” stop More Self-service options ( nickname, url, addresses… ) Campus ID as network id –unified name space (Metadirectory Practices for Enterprise…) –Is the hurdle a)Technical b)Policy c)sheer effort d)All…? Maintaining momentum is key
19
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 19 Very important links Internet2 Middleware –http://middleware.internet2.edu/http://middleware.internet2.edu/ Enterprise Directory Implementation Roadmap –http://www.nmi-edit.org/roadmap/directories.htmlhttp://www.nmi-edit.org/roadmap/directories.html LDAP Recipe –http://www.georgetown.edu/giia/internet2/ldap-recipe/http://www.georgetown.edu/giia/internet2/ldap-recipe/ eduPerson –http://www.educause.edu/eduperson/http://www.educause.edu/eduperson/ Metadirectory Practices for Enterprise Directories in HE –http://middleware.internet2.edu/dir/metadirectories/internet2- mace-dir-metadirectories-practices-200210.htmhttp://middleware.internet2.edu/dir/metadirectories/internet2- mace-dir-metadirectories-practices-200210.htm
20
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 20 Contact Art Vandenberg avandenberg@gsu.edu Thank you
21
Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment Anaheim, CA Monday November 3, 2003 8:30 am – 5:00 pm
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.