Presentation is loading. Please wait.

Presentation is loading. Please wait.

Directories Keith Hazelton, University of Wisconsin Brendan Bellina, University of Notre Dame Tom Barton, University of Chicago.

Published byByron Banks Modified over 9 years ago

Similar presentations

Presentation on theme: "Directories Keith Hazelton, University of Wisconsin Brendan Bellina, University of Notre Dame Tom Barton, University of Chicago."— Presentation transcript:

1 Directories Keith Hazelton, University of Wisconsin Brendan Bellina, University of Notre Dame Tom Barton, University of Chicago

2 Spring 2004 I2MM 2 Outline  localDomainPerson  International collaboration on person schema  Grouper  Selection of other threads

3 Directories The Local Domain Person Survey

4 Spring 2004 I2MM 4 The Local Attribute Problem  Ongoing Development of inter-institutional standards eduPerson eduOrg  Application Requirements for Local Attributes/Information  Lack of standards/guidelines for Local Attributes

5 Spring 2004 I2MM 5 The Local Domain Person Survey  Intentions: Use of eduPerson oc and attributes Use of local oc and attributes for people Local attributes common to multiple applications  Distribute Survey  Analyze Responses  Publish Analysis and Responses  Publish Recommendations White Paper

6 Spring 2004 I2MM 6 Local Domain Person Object Class Study  Initial draft to be included with Spring 2004 NMI-Release  A MACE-Dir effort (Middleware Architecture Committee for Education Directories subgroup)  Analysis of results from 22 survey respondents

7 Spring 2004 I2MM 7 Study Document Structure  Attribute Creation and Institutional Policy  Use of eduPerson and deviations  Use of Local Attributes and Object Classes

8 Spring 2004 I2MM 8 Local Attribute Categories  Personal Characteristics  Contact Information  Student-Specific Information  Employee-Specific Information  Multi-Campus Information  Linkage Identifiers

9 Spring 2004 I2MM 9 Local Attribute Categories  Entry Metadata  Security Attributes  Privacy Attributes  Authorization Information  Other Miscellaneous Attributes

10 Spring 2004 I2MM 10 Study Document Structure cont.  Local Object Class Characteristics  Future Plans  Multiple-Use Local Attributes  Links to Survey Responses and other materials

11 Spring 2004 I2MM 11 Next Steps  Release of Survey Study Draft – Spring 2004  Release of Survey Study Final and website – Summer 2004 (projected)  MACE-Dir Recommendations White Paper – Winter 2004 (projected)

12 Directories International Person Schema Coordination

13 Spring 2004 I2MM 13 Int’l Collaboration on Schema  http://domen.uninett.no/~im/schema/ (Ingrid Melve) http://domen.uninett.no/~im/schema/

14 Spring 2004 I2MM 14 Int’l Collaboration on Schema Work Goals  Agreement on a list of interesting attributes  Common syntax and semantics across schema for some subset of attribute types  Proposed inclusion of some attributes in a standard schema eduPerson? Next release of X.520? Other candidates? Processes for ongoing schema coordination  Even common syntax & semantics would boost interoperability in attribute mapping

15 Spring 2004 I2MM 15 Int’l Collaboration on Schema: Affiliations, statuses, roles  Virtual organizations (as origin) swissEduPersonHomeOrganizationType: vlo RedIRIS: irisgridVoCode: bioinformatics  Entitlements (asserted by origin for target) eduPersonEntitlement: urn:mace:whatever

16 Spring 2004 I2MM 16 Int’l Collaboration on Schema Affiliations, statuses, roles  Attributes (asserted by federation rules, either local or global) norEduPersonLIN: HIO1234567890 RedIRIS: attributes linking to a classification schema RedIRIS: catreCode: a01b02c03  Ticket mechanisms (federation, origin or target)

17 Spring 2004 I2MM 17 Int’l Collaboration on Schema Affiliations, statuses, roles  eduPersonAffiliation  eduPersonPrimaryAffiliation  manager  auEduPersonSubType  auEduPersonType  swissEduPersonHomeOrganizationType  swissEduPersonStudyLevel  RedIRIS: irisgridRole

18 Spring 2004 I2MM 18 Int’l Collaboration on Schema Affiliations, statuses, roles  funetEduPersonDegreeUniversity  funetEduPersonDegreePolytech  pleduPersonDegree  pleduPersonPosition  swissEduPersonHomeOrganizationType  swissEduPersonStudyLevel  RedIRIS: irisgridRole

19 Spring 2004 I2MM 19 Int’l Collaboration on Schema Persons as individuals  X.521 person: sn  RedIRIS: sn1, sn2  auEduPersonPreferredGivenName  auEduPersonPreferredSurname  auEduPersonSalutation

20 Spring 2004 I2MM 20 Int’l Collaboration on Schema Persons as individuals  funetEduPersonDateOfBirth  norEduPersonBirthDate  swissEduPersonDateOfBirth  swissEduPersonGender  nlEduPerson - gender

21 Spring 2004 I2MM 21 Int’l Collaboration on Schema Identifiers, foreign keys  Cultural variations in acceptability, scope of use  eduPersonPrincipalName  auEduPersonID  funetEduPersonStudentID  nl - employeeNumber  norEduPersonLIN  norEduPersonNIN  pleduPersonGId  pleduPersonLId  swissEduPersonUniqueID  RedIRIS: irisDnComp

22 Spring 2004 I2MM 22 This is part of what federation implementation looks like  Agreements on information schema for:  Applications that need persistent identifiers For personalization, transcript, training records  Applications that base access control on attributes (affiliation, role, group within Os and VOs)  Other info to support resource sharing across boundaries

23 Directories Grouper

24 Spring 2004 I2MM 24 Some high-level identity management requirements  ¡ authorization != authentication !  Muster information supporting … Per-application or resource access control policies Exceptions to those policies Identification of groups of collaborating peers  Common infrastructure to manage and provision requisite information Information resides in both databases & brains Many authoritative sources Group management is one aspect of this picture

25 Spring 2004 I2MM 25 Grouper in Context

26 Spring 2004 I2MM 26 Features in Grouper v1  Basic group management  Subgroups & compound groups  Aging of groups and memberships  Abstracted interfaces for Privileges Member Lookup Last Activity  Signet integration

27 Spring 2004 I2MM 27 Privileges  CREATE group with specified name  VIEW group’s name in lists & can refer to group  READ basic information about a group  UPDATE membership and administer membership related privileges  ADMIN can modify everything, including group name, description, & privileges. Can delete the group.  OPTIN can add self to the members list  OPTOUT can remove self from the members list

28 Spring 2004 I2MM 28 Default Privilege Interface  CREATE a group named stem:aString Granted by effective membership in a set of grouperCreator:… groups Hierarchical stems, hierarchical creation authority Managed through the API or UI  Other privileges are each granted by effective membership in a list associated with each group viewers, readers, updaters, admins, optins, optouts Also managed through the API or UI

29 Spring 2004 I2MM 29 Examples  Personal personal-tbarton:myFriends –admins: tbarton personal-tbarton:myTrueFriends –admins: tbarton –optouts: personal-tbarton:myTrueFriends  Administrative uofc-bsd:xyz-project-team –updaters: uofc-bsd-bsdis:enterpriseAdmins

30 Spring 2004 I2MM 30 Examples  Administrative uofc-bsd-obgyn:staff –updaters: uofc-bsd-obgyn:techsupport –viewers: uofc-bsd:staff, uofc-hospital:staff student:owesUsTooMuchMoney –readers: uofc-nsit:services uofc-nsit:netsec-sig –optins: uofc:uofc –optouts: uofc-nsit:netsec-sig –readers: uofc-nsit:netsec-sig

31 Spring 2004 I2MM 31 Grouper roadmap  3 phases of Grouper v1 development 1.Basic management and export functions 2.Compound groups 3.Aging of groups and memberships  Deliverables Java API, UI, sample batch import/export scripts, documentation Some type of prototype demo at AuthZ CAMP  Contributed elements sought Provisioning connectors (especially LDAP & AD) LDAP Member Lookup Interface

32 Spring 2004 I2MM 32 Other Threads  eduPerson & eduOrg Added eduPersonScopedAffiliation Associated LDIF tweaks & fixes Registered eduPersonTargetedID “Everything eduPerson” – it’s not just an object class anymore  Attribute registries eduPerson* on http://middleware.internet2.edu Peter Gietz’s at http://www.daasi.de/services/SchemaReg/ http://www.daasi.de/services/SchemaReg/

33 Spring 2004 I2MM 33 Other Threads  Email address as identifier  Character set issues & policies  Top level entity types in directories  Representing organizational structures in directories  What is “LDAP compliance”?

34 Spring 2004 I2MM 34

Download ppt "Directories Keith Hazelton, University of Wisconsin Brendan Bellina, University of Notre Dame Tom Barton, University of Chicago."

Similar presentations

04 June 2002, TERENA, Limerick MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.

04 June 2002, TERENA, Limerick MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.

EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
Managing Roles & Privileges with Grouper and Signet Middleware Nate Klingenstein (some words stolen from Tom Barton & Lynn Mcrae) Helsinki EuroCAMP, April.

Managing Roles & Privileges with Grouper and Signet Middleware Nate Klingenstein (some words stolen from Tom Barton & Lynn Mcrae) Helsinki EuroCAMP, April.
Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.

Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.
Integration Technologies for Grouper & Signet Tom Barton, U Chicago Joy Veronneau, Cornell Gary Brown, U Bristol Lynn McRae, Stanford.

Integration Technologies for Grouper & Signet Tom Barton, U Chicago Joy Veronneau, Cornell Gary Brown, U Bristol Lynn McRae, Stanford.
Schema: eduPerson views Michael R Gettes Duke University EuroCAMP, November 2005.

Schema: eduPerson views Michael R Gettes Duke University EuroCAMP, November 2005.
Leveraging Campus Directories: Lightweight Authorization and Group Management Keith Hazelton University of Wisconsin-Madison.

Leveraging Campus Directories: Lightweight Authorization and Group Management Keith Hazelton University of Wisconsin-Madison.
Recent Developments in Directories Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin.

Recent Developments in Directories Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Understanding Active Directory

Understanding Active Directory
OCLC Online Computer Library Center A Global OpenURL Resolver Registry Phil Norman OCLC Dlsr4lib Workshop March 23 rd, 2006 Arlington VA.

OCLC Online Computer Library Center A Global OpenURL Resolver Registry Phil Norman OCLC Dlsr4lib Workshop March 23 rd, 2006 Arlington VA.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Introduction to Group Management Tom Barton, Blair Christensen University of Chicago.

Introduction to Group Management Tom Barton, Blair Christensen University of Chicago.
A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.

A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.
Directories Update: Status & Next Steps Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin.

Directories Update: Status & Next Steps Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin.
Signet and Grouper for Distributed Attribute Administration

Signet and Grouper for Distributed Attribute Administration
07 May 2002, I2 Member Meeting MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.

07 May 2002, I2 Member Meeting MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.

Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.

Similar presentations

Ads by Google