Presentation is loading. Please wait.

Presentation is loading. Please wait.

December 2001 Internet2 Virtual Briefing - 1 -Stanford University Authority Registry December 12, 2001 Stanford University Lynn McRae.

Published byGerald Wheeler Modified over 9 years ago

Similar presentations

Presentation on theme: "December 2001 Internet2 Virtual Briefing - 1 -Stanford University Authority Registry December 12, 2001 Stanford University Lynn McRae."— Presentation transcript:

1 December 2001 Internet2 Virtual Briefing - 1 -Stanford University Authority Registry December 12, 2001 Stanford University Lynn McRae

2 December 2001 Internet2 Virtual Briefing - 2 -Stanford University Organization’s Background Presenters role in organization –Technical Lead of 5 person development team for infrastructure/integration development –Project manager for interrelated Registry and Directory based projects –Focus on information integration via Enterprise Registries

3 December 2001 Internet2 Virtual Briefing - 3 -Stanford University Organization’s Background Computing Environment –Single campus, 16000 students, 8500 faculty/staff –600+ active subnets, 64000+ registered nodes –Sun/Solaris servers; diversity of desktop platforms –Campus-wide authentication via Kerberos –Single campus-wide identifier namespace (SUNet Ids) –Enterprise db: Oracle (admin), Sybase (infrastructure) –Campus-wide file system (AFS) –Enterprise email (POP and IMAP) –Enterprise directories for “whois” and infrastructure –Schizophrenic - administrative vs academic computing

4 December 2001 Internet2 Virtual Briefing - 4 -Stanford University Organization’s Background Key project or systems –Major administrative systems replacement. PeopleSoft student system, Fall 2001 PeopleSoft HR system, Winter 2002 Oracle Financials, Fall, 2002 –Authority Registry –Organization, Account, Course, Facilities Registry –Portal, Enterprise Calendar –Windows 2000 –New Faculty/Academic mission

5 December 2001 Internet2 Virtual Briefing - 5 -Stanford University Organization’s Background Key integration issues –Data integration Person (ongoing) Organization –Authority/security integration –Namespace, single-signon, other systems/users –UI integration for self-service applications

6 December 2001 Internet2 Virtual Briefing - 6 -Stanford University Authority Model: Objectives and Scope Simplification –Authority “at a glance” –Designed from the business, not system perspective Consistency –Single implementation of policy, common data & rules –Different applications and services using the same Authority information the same way Automated life-cycle management –Automatic activation/inactivation –Notification –Audit, history

7 December 2001 Internet2 Virtual Briefing - 7 -Stanford University Authority Model: Concepts and Components An Authority Registry -- a managed repository of authority assignments -- not an Authority System. Authority is defined first in business terms, without reference to any specific system or application. The Authority Registry separates user visible portions of authority management, expressed in business terms, from internal system components expressed in technical terms. Applications must read and translate authority information into local terms.

8 December 2001 Internet2 Virtual Briefing - 8 -Stanford University Authority Model: Concepts and Components

9 December 2001 Internet2 Virtual Briefing - 9 -Stanford University Authority Model: The Details… Functions –The basic unit of Business work. A person’s job will consist of one or more Functions. –Authority assignments are at the Function level. –Functions consist of one or more Tasks. Tasks –A discrete unit of work, typically a piece of what is needed to accomplish a function. –Represents a set of privileges that must be be set together. –Are reusable

10 December 2001 Internet2 Virtual Briefing - 10 -Stanford University Authority Model: The Details… Entitlements –Atomic unit of authority control. –An abstraction of system specific privileges, but not in any system’s specific language. –What applications read to set their internal security.

11 December 2001 Internet2 Virtual Briefing - 11 -Stanford University Authority Model: More Details… Scope –Something to which authority is bound, such as a department or budget. –Department definitions and hierarchy are critical –Distribution of authority management –“Smart parms” Conditions –Provides life-cycle management Bound to scope, e.g., while at Stanford; as long as in current department Or date based, e.g., from 12/01/01 until 12/31/01

12 December 2001 Internet2 Virtual Briefing - 12 -Stanford University Authority Model: More Details… Prerequisites –Like conditions, but comes before authority can be enabled Limits –Constraints to the use of authority, e.g., dollar limits –Special built-in limits: read-only, self-only, not-self Delegation

13 December 2001 Internet2 Virtual Briefing - 13 -Stanford University Authority Model: More Details… Example: –As soon as you take the training (pre-requisite) –you can manage financial aid (function) –for undergraduates (limit, smart parm) –in the School of Engineering (scope) –as long as you are in the Dean’s office (condition)

14 December 2001 Internet2 Virtual Briefing - 14 -Stanford University Authority Model: The Details… Implementation –Web-based UI for Authority assignment and lookup –Integrated with Stanford.You (self-serve app) so individuals can see their authority –Integrated with Organization manager app so departments can review all authority at their level

15 December 2001 Internet2 Virtual Briefing - 15 -Stanford University Authority Manager

16 December 2001 Internet2 Virtual Briefing - 16 -Stanford University Authority Manager

17 December 2001 Internet2 Virtual Briefing - 17 -Stanford University Authority Manager

18 December 2001 Internet2 Virtual Briefing - 18 -Stanford University Authority Model: Integration… Integration with other systems –The combination of authority, context, limits, etc. is a net set of “privileges’ – XML Privileges document –Applications access Document Server via https –Some privileges reflected as privgroup attribute in directory entry for individuals –Other directory representations planned, but not soon

19 December 2001 Internet2 Virtual Briefing - 19 -Stanford University Authority Model: XML document <principal roid=“person/64ec5fa6e7701d1830c246000baa77” sunetid=“jdoe” univid=“09273311”>Doe, Jane <privilege entitlement=“student_admissions:manage_applicant” <scope roid=“organization/000cf6f0003ede39a22108ab400b0baa77” systemid=“gsb” orgid=“UAAA”>Graduate School of Business ASLO

20 December 2001 Internet2 Virtual Briefing - 20 -Stanford University Authority Model – Roles? Despite other successes, “Roles” themselves have yet to be implemented –Design is for Organizational roles –New HR system possibilities for institutional roles; debate over how many, how broadly applicable, whether tied to jobs or billets, etc. –Wide diversity in what constitutes a given role; schools vs big departments vs small departments –Fear factor

21 December 2001 Internet2 Virtual Briefing - 21 -Stanford University Authority Model – Roles? Possibilities –De facto roles: “granting” power for heads of organizations, instructors, Principal Investigators –System roles: system owner, central office –Local, Departmental roles –Acting “in role” not planned (not supported across applications) –Nesting of roles?

22 December 2001 Internet2 Virtual Briefing - 22 -Stanford University Authority Model – Roles? Do we need roles? –Functions offer a level of roll-up that have been called “mini roles” –Partly because of business simplification –Student authority: Administer Financial Aid Manage Admissions Manage Student Records Manage Student Financials Manage Student Records

23 December 2001 Internet2 Virtual Briefing - 23 -Stanford University Authority Model – Roles? –Human Resources authority: HR, Benefits –Allocate Labor Costs –Manage HR Records –Manage HR Positions –Manage Faculty Status Payroll –Manage Payroll –Process Payroll Manage Leave Information Manage Timesheet Information

24 December 2001 Internet2 Virtual Briefing - 24 -Stanford University Authority Model – Roles? Do we need roles? (cont) –Features that de-emphasize roles, e.g., copying or transferring authority –Workgroups offer “poor man’s roles” –Plan to offer user/department defined roles In the context of the Organization Manager Life-cycle management parallels authority Allows re-use of roles outside of authority, e.g., authorize Board of Trustees, send email to Board of Trustees, print list of Board of Trustees in the directory

25 December 2001 Internet2 Virtual Briefing - 25 -Stanford University Authority Model – Greatest Challenges Business -- Cultural shift to new paradigm Allocation of sufficient and/or proper resources in project plans Aggressive application deployment schedules focused on core function, not integration Sense of partnership beyond design phase (both ways) Higher investment costs for participation in lieu of local solutions Shared entitlements Technically -- Integration with vendor/packaged systems New technologies, still fragile Vendor integration support limited, proprietary or not applicable Package security cannot necessarily support expressed authority

Download ppt "December 2001 Internet2 Virtual Briefing - 1 -Stanford University Authority Registry December 12, 2001 Stanford University Lynn McRae."

Similar presentations

Pennsylvania BANNER Users Group 2007 Structuring a reporting environment for success.

Pennsylvania BANNER Users Group 2007 Structuring a reporting environment for success.
DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.
UNIVERSITY OF IOWA ELECTRONIC WORKFLOW Common Solutions Group | September 12, 2014 Steve Fleagle Associate VP & CIO.

UNIVERSITY OF IOWA ELECTRONIC WORKFLOW Common Solutions Group | September 12, 2014 Steve Fleagle Associate VP & CIO.
Privilege Management with Signet: Steps to an Application Keith Hazelton University of Wisconsin-Madison Internet2 MACE Broomfield, Colorado 1-July-04.

Privilege Management with Signet: Steps to an Application Keith Hazelton University of Wisconsin-Madison Internet2 MACE Broomfield, Colorado 1-July-04.
Lynn McRae Stanford University Lynn McRae Stanford University Stanford Authority Manager Privilege management use.

Lynn McRae Stanford University Lynn McRae Stanford University Stanford Authority Manager Privilege management use.
Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.

Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Oracle Beehive Vivek Pavle Orabyte LLC www.orabyte.com Orabyte.

Oracle Beehive Vivek Pavle Orabyte LLC Orabyte.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
11.1 Lecture 11 CASE tools IMS2805 - Systems Design and Implementation.

11.1 Lecture 11 CASE tools IMS Systems Design and Implementation.
Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.

Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Alliance for Strategic Technology (AST) SUNY Business Intelligence Initiative January 8, 2009.

Alliance for Strategic Technology (AST) SUNY Business Intelligence Initiative January 8, 2009.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
ECM Project Roles and Responsibilities

ECM Project Roles and Responsibilities
Student Information system

Student Information system
ASTRA Authorization Management at the University of Washington Rupert Berk Lead, Security Middleware CAMP, Denver, June 27, 2005.

ASTRA Authorization Management at the University of Washington Rupert Berk Lead, Security Middleware CAMP, Denver, June 27, 2005.
Managing LOB Applications by Using System Center Operations Manager Published: March 2007.

Managing LOB Applications by Using System Center Operations Manager Published: March 2007.
Understanding Active Directory

Understanding Active Directory

Similar presentations

Ads by Google