Presentation is loading. Please wait.

Presentation is loading. Please wait.

KUALI IDENTITY MANAGEMENT Provides services for Identity and Access Management in Kuali Integrated Reference Implementations User Interfaces An “integration.

Published byPriscilla Simmons Modified over 9 years ago

Similar presentations

Presentation on theme: "KUALI IDENTITY MANAGEMENT Provides services for Identity and Access Management in Kuali Integrated Reference Implementations User Interfaces An “integration."— Presentation transcript:

1 KUALI IDENTITY MANAGEMENT Provides services for Identity and Access Management in Kuali Integrated Reference Implementations User Interfaces An “integration platform” for IAM within Kuali

2 THE INTEGRATION PLATFORM KIM Defines Service contracts and APIs for: Identities Groups Roles Permissions Responsibilities

3 KIM INTEGRATION Rice Database KIM Service Layer Reference Implementations

4 MOTIVATIONS FOR THE CREATION OF KIM Expansion of Kuali Kuali Financial System Kuali Coeus Kuali Student Kuali OLE Kuali People Management (HR/Payroll) More to come…! Kuali is continually expanding. Shared Identity API Shared Authorization API

5 DESIGN REQUIREMENTS Kuali applications need to be deployed in disparate environments throughout higher education Legacy and Pre-existing Implementations Existence of Other IdM Solutions Service independence Pluggable and Replaceable Services Service Bus integration Maintenance GUIs Workflow engine integration

6 KIM AS AN IDENTITY REGISTRY KIM was originally designed to provide the standard IAM apis for Kuali It was not originally designed to be an authoritative identity registry As a result, not very many institutions have used it this way However, with the continued maturity of Kuali Student and KPME, we need to evolve!

7 VISION FOR IAM IN KUALI Since KIM is a shared service, we want to leverage this as much as possible. Include as much identity data as possible there. Leverage the management facilities provided therein Integrate with our source systems instead of provisioning into KIM, but still provide provisioning support

8 VALID KIM INTEGRATION MODELS Kuali Silo – single Kuali application implementation Enterprise Kuali – multiple Kuali and non-Kuali applications using the same KIM Half-n-Half – using Kuali for either Student or HR system, but not both Pure Kuali – using Kuali for both Student and HR systems

9 KUALI SILO Kuali Coeus …....... KIM Database Either provisioning into database from systems of record, or integration of KIM with directory or similar service LDAP

10 ENTERPRISE KUALI Kuali Coeus KIM Database Either provisioning into database from systems of record, or integration of KIM with directory or similar service LDAP Kuali OLE Some Application Some Other Application

11 HALF-N-HALF Kuali HR KIM Database HR data enters KIM through use of provided management interfaces (which would include ID match and reconciliation). Student data is provisioned from the student system. Kuali OLE Some Application Some Other Application SOR – Student System Provisioning

12 PURE KUALI Kuali HR KIM Database Student and HR data enters KIM through use of provided management interfaces (which would include ID match and reconciliation). Kuali OLE Some Application Some Other Application Kuali Student

13 EXAMPLE: IU KIM ARCHITECTURE 13

14 IDENTITY SERVICE For the purpose of the registry group, the Identity Service is our main area of interest KIM Identity Terminology Principals Entities Person

15 PRINCIPALS AND ENTITIES Principal Principal ID Principal Name Entity Type Names Addresses Phone Numbers Email Addresses Affiliations

16 PERSON Person is a simplified representation of a Principal and it’s related Entity Includes only the “default” values for various entity attributes, including: Default name Default email address Default phone number Default affiliation Etc. It exists to provide a more streamlined representation of the Entity and Principal data model for API clients to work with

17 IDENTITY SERVICE Responsible for Principals and Entities Principals have a “name” which is intended to be the user name they use to authenticate All principals are associated with an entity There can be different types of entities, including Person and System

18 IDENTITY SERVICE Numerous pieces of data can be stored about an entity including: names, affiliations, external ids, employment information, address, phone, email, privacy preferences (FERPA), etc. Example Service Operations: Get principal by id Get principal by principal name Get entity info by id Get entity info by principal id Get entity privacy preferences

19 PERSON SERVICE Provides an API for working with simplified Person data model Person data model includes Default entity data Principal data for the entity Implements caching functionality

20 IDENTITY ARCHIVE SERVICE Handles archiving of identity data to provide important attributes as backup in the case of identity removal Sits behind the main IdentityService This comes into play depending on an institution’s retention policy on identities Some applications may store references to principal ids for long periods of time If the backend of the identity service fails to resolve a particular principal id, it will be searched for in the identity archive

21 END-USER FUNCTIONALITY KIM provides various GUI screens which can be used for: Searching for identity data (groups, roles, permissions, etc.) Finding out more information about a particular piece of identity data Creating new identity data Editing existing data KIM maintenance functions provide integration with Kuali Enterprise Workflow for approval of changes Authorization to perform maintenance functions in KIM is also handled by KIM permissions Typically partitioned by namespace

22 USER INTERFACE – WE WILL LOOK AT Persons Groups Roles Permissions

23 PERSON LOOKUP

24 PERSON INQUIRY

25 PERSON INQUIRY - MEMBERSHIP

26 PERSON MAINTENANCE

Download ppt "KUALI IDENTITY MANAGEMENT Provides services for Identity and Access Management in Kuali Integrated Reference Implementations User Interfaces An “integration."

Similar presentations

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
Towards Common Identity Services Tom Barton University of Chicago.

Towards Common Identity Services Tom Barton University of Chicago.
CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington.

CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington.
Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, 2010 8:30 am.

Kuali Identity Management: Introduction and Implementation Options Jasig - Spring 2010 Wednesday, March 10, :30 am.
Kuali Technology Mark Norton – Nolaria Consulting Zachary Naiman – Member Liaison, Kuali Foundation.

Kuali Technology Mark Norton – Nolaria Consulting Zachary Naiman – Member Liaison, Kuali Foundation.
Introduction to Kuali Rice ITANA Screen2Screen: Kuali on Campus May 2009 Eric Westfall – Kuali Rice Project Manager.

Introduction to Kuali Rice ITANA Screen2Screen: Kuali on Campus May 2009 Eric Westfall – Kuali Rice Project Manager.
Open source administration software for education software development simplified RAD, Rules, and Compatibility: What's Coming in Kuali Rice 2.0 Eric Westfall.

Open source administration software for education software development simplified RAD, Rules, and Compatibility: What's Coming in Kuali Rice 2.0 Eric Westfall.
KUALI ENTERPRISE WORKFLOW OVERVIEW Eric Westfall.

KUALI ENTERPRISE WORKFLOW OVERVIEW Eric Westfall.
Edoclite and Managing Client Engagements What is Edoclite? How is it used at IU? Development Process?

Edoclite and Managing Client Engagements What is Edoclite? How is it used at IU? Development Process?
JNDI Java Naming Directory Interface JNDI is an API specified in Java that provides naming and directory functionality to applications written in Java.

JNDI Java Naming Directory Interface JNDI is an API specified in Java that provides naming and directory functionality to applications written in Java.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.

Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.

Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.
CPR Overview 28-April-2011. Agenda Introduction Requirements Data Model Services Model Service Providers Implementation Contact Information.

CPR Overview 28-April Agenda Introduction Requirements Data Model Services Model Service Providers Implementation Contact Information.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
CASE STUDY: UNIVERSITY OF CALIFORNIA, DAVIS. UNIVERSITY OF CALIFORNIA, DAVIS Implemented Rice 1.0.0 in October 2009 Integrated home-grown Faculty Merit.

CASE STUDY: UNIVERSITY OF CALIFORNIA, DAVIS. UNIVERSITY OF CALIFORNIA, DAVIS Implemented Rice in October 2009 Integrated home-grown Faculty Merit.
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.
Open source administration software for education software development simplified KRAD Kuali Application Development Framework.

Open source administration software for education software development simplified KRAD Kuali Application Development Framework.
Implementing Kuali Identity Management at your Institution Kuali Days VIII San Antonio Texas Pre-conference Workshop Monday, November 16, 2009 9 a.m. -

Implementing Kuali Identity Management at your Institution Kuali Days VIII San Antonio Texas Pre-conference Workshop Monday, November 16, a.m. -
June 10-15, 2012 Growing Community; Growing Possibilities Dedra Chamberlin, UCSF/UC Berkeley Eric Westfall, Indiana University.

June 10-15, 2012 Growing Community; Growing Possibilities Dedra Chamberlin, UCSF/UC Berkeley Eric Westfall, Indiana University.
Sierra Systems itSMF Development Days Presentation March 4 th, 2014 Colin James Assyst Implementation Specialist.

Sierra Systems itSMF Development Days Presentation March 4 th, 2014 Colin James Assyst Implementation Specialist.

Similar presentations

Ads by Google