Presentation is loading. Please wait.

Presentation is loading. Please wait.

Topics in Directories: Metadirectories Practices in Higher Education Brendan Bellina, University of Notre Dame I2 Base CAMP June 2002, Boulder, CO.

Published byJoel Underwood Modified over 9 years ago

Similar presentations

Presentation on theme: "Topics in Directories: Metadirectories Practices in Higher Education Brendan Bellina, University of Notre Dame I2 Base CAMP June 2002, Boulder, CO."— Presentation transcript:

1 Topics in Directories: Metadirectories Practices in Higher Education Brendan Bellina, University of Notre Dame I2 Base CAMP June 2002, Boulder, CO

2 I2 Base CAMP - June 25, 2002 Middleware: Directories2 Presentation Overview - Visual

3 I2 Base CAMP - June 25, 2002 Middleware: Directories3 Presentation Outline Metadirectory Definition & Role Metadirectory Processes The “Join” “Intelligence” & The Registry Consumer Provisioning Questions

4 I2 Base CAMP - June 25, 2002 Middleware: Directories4 What is meant by “Metadirectory”? A technology or class of functionality required to build an enterprise directory infrastructure. Any directory capable of consolidating information found in both standards-based and proprietary directories, and then exposing it through standard interfaces… A system capable of heterogeneous, multi-master, attribute-level replication. - “Enterprise Directory Infrastructure: Meta-directory Concepts and Functions”, Jamie Lewis, The Burton Group, July, 1998

5 I2 Base CAMP - June 25, 2002 Middleware: Directories5 Role of the Metadirectory Provides the infrastructure capable of maintaining consistency and data integrity between the chosen enterprise directory and the other local and system- or application-specific directories that will always be present in the organization. -“Enterprise Directory Infrastructure: Meta-directory Concepts and Functions”, Jamie Lewis, The Burton Group, July, 1998

6 I2 Base CAMP - June 25, 2002 Middleware: Directories6 Role of the Metadirectory The glue that binds directories together The directory umbrella which covers all directories The duct tape of your directory infrastructure

7 I2 Base CAMP - June 25, 2002 Middleware: Directories7 I2 Mace-Dir Metadirectory Model

8 I2 Base CAMP - June 25, 2002 Middleware: Directories8 Metadirectory Processes - Overview The “Join” -Using identity matching to produce a registry of constituents with links (aliases or alternate keys) back to source systems. “Intelligence” -Managing how data is inserted, modified, and deleted from the registry based upon the business rules of the institution. Consumer Provisioning - Notifying/populating the directory consumers appropriately.

9 I2 Base CAMP - June 25, 2002 Middleware: Directories9 Example – Whatsamatter U

10 I2 Base CAMP - June 25, 2002 Middleware: Directories10 Metadirectory Processes – The “Join” The process by which disparate identifiers for multiple source systems are extracted and examined, producing a single master record of identifiers for each individual entity which can be used as a link back to the source system records.

11 I2 Base CAMP - June 25, 2002 Middleware: Directories11 Directory Sources – You want sources? We got sources! Faculty Students Donors Alumni Email accounts Windows 2000 Windows NT etc/passwd Novell etc/aliases Oracle Trustees Vendors Athletic Fans Portal users Applicants Staff Affiliates Retirees And more!!!

12 I2 Base CAMP - June 25, 2002 Middleware: Directories12 Source Issues - Quantity of diverse sources - Platform differences - Differences in quality of data entered - People with multiple simultaneous roles - Data ownership issues – politics - Varying availability of data sources - Sometimes too much data – 34 address types?!?

13 I2 Base CAMP - June 25, 2002 Middleware: Directories13 Identity Matching Haven’t I seen you somewhere before? Students who are also part-time staff Staff or faculty who take classes People who arrive, and leave, and return, and…

14 I2 Base CAMP - June 25, 2002 Middleware: Directories14 Identity Matching Generally forced to use infrequently changing attributes to attempt to determine when two records describe the same person: -U.S. Social Security Number or other government assigned unique single lifetime pseudo-meaningless short easy-to- memorize alpha-numeric identifier -Formal name (at birth or initial contact) -Date of birth -Gender (at birth or initial contact) -Permanent home address … Quality of the data really matters!

15 I2 Base CAMP - June 25, 2002 Middleware: Directories15 Building the Registry - Choice of ETL Tools Choose an ETL (extract-transform-load) tool: - Perl scripts – most common approach at this time, fairly easy to write, can be difficult to maintain - Metamerge – free license for higher ed, many connectors, scripting capability - Java applications - Other

16 I2 Base CAMP - June 25, 2002 Middleware: Directories16 Building the Registry - Choice of Storage Choose a storage platform: - Relational database - recommended - LDAP Directory – not recommended due to limitations in data typing, lack of standard referential integrity controls. - Indexed files - Other

17 I2 Base CAMP - June 25, 2002 Middleware: Directories17 Building the Registry - Choice of Model Choose a model: “fat” or “thin” “thin”: registry will contain only the information required to provide linkages back to systems of record. Requires systems of record to be both highly available and readily accessible. “fat”: registry will contain and serve, in addition to linkage information, information about an entry to consuming applications, reducing the dependency on the systems of record. Fat registries are more common than thin registries.

18 I2 Base CAMP - June 25, 2002 Middleware: Directories18 Metadirectory Processes – “Intelligence” “Intelligence” The application of an institution’s business rules and policies within the metadirectory. This involves the creation of a unique identifier (guid), rules regarding the creation and removal of registry entries and the population of attributes, and providing for operational reporting and auditing requirements.

19 I2 Base CAMP - June 25, 2002 Middleware: Directories19 Unique Identifiers “There can be only one!!!” One entry per person, that is. Establish a globally unique identifier (guid) for each person in the registry. - Unchanging and persistent - Non-recyclable - Unique - Meaningless - Hidden

20 I2 Base CAMP - June 25, 2002 Middleware: Directories20 Addressing Institutional Policies - Reformatting data to meet standards (telephone) - Breaking up data into discrete parts (addresses, names) - Consolidating/summarizing data (statuses) - Population of default attributes - Population of groups - Default authorizations - Resolving partial or missing data from sources

21 I2 Base CAMP - June 25, 2002 Middleware: Directories21 Operational Design Requirements - Data flow requirements – batch or real-time? - Recovery planning – thresholds, roll-back, grace periods, logging - Problem resolution tools for the helpdesk and administrators - Audit reporting

22 I2 Base CAMP - June 25, 2002 Middleware: Directories22 Metadirectory Processes – Consumer Provisioning Consumers are the applications which make use of information presented in the enterprise directory infrastructure. The metadirectory provisioning process ensures that data is made available to the consumer interfaces. Often modern consumers can interface via the LDAP protocol, but often multiple LDAP directories are required to meet consumer needs.

23 I2 Base CAMP - June 25, 2002 Middleware: Directories23 Multiple Consumers Application specific or “embedded” directories will be needed for several reasons: - Performance needs, particularly for updates - Application-specific data - Special access - Security requirements - Because vendors seem to want it that way

24 I2 Base CAMP - June 25, 2002 Middleware: Directories24 Integrating Multiple Directories Methods: - LDIF - Metamerge - Log processing Probably unavoidable

25 I2 Base CAMP - June 25, 2002 Middleware: Directories25 Resource Provisioning Automated handling of the tasks associated with the establishment, modification, and deletion of resources and entitlements provided to people as they join or leave an organization or undergo changes in affiliation or status. Wouldn’t it be nice!

26 I2 Base CAMP - June 25, 2002 Middleware: Directories26 Resource Provisioning What to do? -Identify existing automated processes -Identify existing manual processes -Directory-enable processes where possible How to do it? -Perl -Metamerge

27 I2 Base CAMP - June 25, 2002 Middleware: Directories27 Why Are There More Questions Than Answers? -Confusion over terminology, created in part by metadirectory vendors -Merging of directory and metadirectory vendors (where have all the vendors gone?) -Tools and standards are still maturing -Getting early success is fairly easy, going beyond white pages can prove difficult – for institutions that are riddled with exceptions centralized authorization and provisioning can be very complex -Enterprise work can be an uphill battle in the educational environment – CIO can help

28 I2 Base CAMP - June 25, 2002 Middleware: Directories28 Links Internet 2 - MACE-Dir Metadirectories page RPR 1.0 Metadirectories Practices document Author: bbellina@nd.edu

Download ppt "Topics in Directories: Metadirectories Practices in Higher Education Brendan Bellina, University of Notre Dame I2 Base CAMP June 2002, Boulder, CO."

Similar presentations

© University of Reading 2007 www.reading.ac.uk Go to View > Master > Slide Master to put your unit name here 20 April 2014 IT Services Identity Management.

© University of Reading Go to View > Master > Slide Master to put your unit name here 20 April 2014 IT Services Identity Management.
Configuration management

Configuration management
Configuration management

Configuration management
Architecting Your Data and Metadirectory Model Brendan Bellina, University of Notre Dame Base CAMP - Tempe, Arizona February 5-7, 2003 Copyright Brendan.

Architecting Your Data and Metadirectory Model Brendan Bellina, University of Notre Dame Base CAMP - Tempe, Arizona February 5-7, 2003 Copyright Brendan.
1 Collaborators at the Gates of Troy: Extending eServices at USC.

1 Collaborators at the Gates of Troy: Extending eServices at USC.
Directory-Enabling Applications: Techniques from the Trenches Brendan Bellina Senior Systems Engineer University of Notre Dame This presentation is available.

Directory-Enabling Applications: Techniques from the Trenches Brendan Bellina Senior Systems Engineer University of Notre Dame This presentation is available.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.

Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Databases and Processing Modes. Fundamental Data Storage Concepts and Definitions What is an entity? An entity is something about which information is.

Databases and Processing Modes. Fundamental Data Storage Concepts and Definitions What is an entity? An entity is something about which information is.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
CAMP Integration Reflect & Join A Case Study The University of Texas Health Science Center at Houston William A. Weems Assistant Vice President Academic.

CAMP Integration Reflect & Join A Case Study The University of Texas Health Science Center at Houston William A. Weems Assistant Vice President Academic.
#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

Similar presentations

Ads by Google