Presentation is loading. Please wait.

Presentation is loading. Please wait.

2-Oct-0101 October 2001 Directories as Middleware Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect.

Published byDaniel Perry Modified over 9 years ago

Similar presentations

Presentation on theme: "2-Oct-0101 October 2001 Directories as Middleware Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect."— Presentation transcript:

1 2-Oct-0101 October 2001 Directories as Middleware Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect University of Wisconsin-Madison

2 2-Oct-01 2 Directory Middleware Outline Richer sets of objects in the directory Groups and roles via directories Directories playing nicely together Specific projects: DoDHE, Shibboleth, Digital Video

3 2-Oct-01 3 MACE-Dir Background Advice on institutional directories: LDAP Recipe, Early Adopter work Clarification of how to use existing attributes New object class for inter- institutional needs: eduPerson 1.0

4 2-Oct-01 4 Richer sets of objects in the directory Eduperson enhancements: Internationalization New values for eduPersonAffiliation

5 2-Oct-01 5 Richer sets of objects in the directory eduOrganization object class: Institution-level attributes As needed to support inter- institutional applications

6 2-Oct-01 6 Richer sets of objects in the directory Other objects in the directory: Applications Services Devices

7 2-Oct-01 7 Richer sets of objects in the directory Apps, services, devices: Build on pre-existing efforts Grid Information Services CIM Learning Mgmt. Systems

8 2-Oct-01 8 Groups and roles via directories Key questions: How to represent groups How to create and maintain them

9 2-Oct-01 9 Groups and roles via directories Current problem: No agreement on how to do this Off-shelf applications hard- wired & mostly wrong Email servers, portal engines…

10 2-Oct-01 10 Groups and roles via directories The two kinds of info requests: Is person x a member of group y? Give me a list of all members of group y (and some additional info re each)

11 2-Oct-01 11 Groups and roles via directories Is person x a member of group y: Access control question: Does x belong to the group of people authorized to use this resource or service?

12 2-Oct-01 12 Groups and roles via directories List of members of group y: Mailing list creation Provisioning (accounts, class lists)

13 2-Oct-01 13 Groups and roles via directories Work plan re groups in directory: Draft a “good practices” doc. Vet draft with stakeholders Encourage adoption of good practices (institutions, vendors)

14 2-Oct-01 14 Directories playing nicely together Discarded goal: Single huge institutional directory with all attributes anyone and any application will ever need

15 2-Oct-01 15 Directories playing nicely together New goal: One institutional directory that manages identity across IT systems; Plus a federation of special- purpose directories complementary to above

16 2-Oct-01 16 Directories playing nicely together Core challenge: managing identity across a collection of directories, each of which is authoritative for a different set of attributes. Even across institutional boundaries

17 2-Oct-01 17 Directories playing nicely together The least understood of all the problems on the directory list Video conferencing, video on demand, and Grid applications driving demand for solutions

18 2-Oct-01 18 Directories playing nicely together Privacy issues will be central As will the proper division of labor between directories and databases As will metadirectory solutions

19 2-Oct-01 19 Specific projects: Directory of Directories for Higher Education White pages application spanning higher education First application to rely on early MACE-Dir work: LDAP Recipe, eduPerson 1.0

20 2-Oct-01 20 Specific projects: Directory of Directories for Higher Education Next steps: Expansion of list of participating schools Help on policy concerns re “one stop shopping” for HE directory information on the internet

21 2-Oct-01 21 Specific projects: Directory of Directories for Higher Education User interface design (see Eisenberg presentation)

22 2-Oct-01 22 Specific projects: Shibboleth Authenticate locally, access resources globally Secure sharing of authorization information between home institution and target site

23 2-Oct-01 23 Specific projects: Shibboleth Attribute authority: Draws on institutional directory services Pilot apps will leverage eduPerson, but additional attributes needed for some

24 2-Oct-01 24 Specific projects: Shibboleth Person taking a for-credit course at a different institution: Need to define, create and share new data elements Shibboleth will drive directory evolution

25 2-Oct-01 25 Specific projects: Video conferencing VIMM will generate long list of what could be done better MACE-VidMid early deliverable: design for authenticated, controlled access to video streams

26 2-Oct-01 26 Specific projects: Video conferencing Major vendors working with VidMid: Promise of vendor support for standards that emerge gives directory aspects high priority

27 2-Oct-01 27 Conclusion These projects fit the MACE-Dir profile: Directory middleware work must be driven by actual application needs

28 2-Oct-01 28 Conclusion Targeted applications are inter- institutional or institution to vendor. But MACE-Dir work generally seems to have immediate local utility as well

Download ppt "2-Oct-0101 October 2001 Directories as Middleware Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect."

Similar presentations

Secure Videoconferencing Jill Gemmill, UAB. Room for Improvement… Videoconferencing applications today No resource discovery – need to already know address.

Secure Videoconferencing Jill Gemmill, UAB. Room for Improvement… Videoconferencing applications today No resource discovery – need to already know address.
04 June 2002, TERENA, Limerick MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.

04 June 2002, TERENA, Limerick MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.
1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.

EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
Internet2 Middleware BASE CAMP slides Michael R. Gettes Principal Technologist Georgetown University

Internet2 Middleware BASE CAMP slides Michael R. Gettes Principal Technologist Georgetown University
Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.

Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.

Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.
Recent Developments in Directories Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin.

Recent Developments in Directories Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.

Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
Directories and PKI Keith Hazelton Senior IT Architect, UW-Madison PKI Summit, Snowmass, 9-Aug-01.

Directories and PKI Keith Hazelton Senior IT Architect, UW-Madison PKI Summit, Snowmass, 9-Aug-01.
EDUCAUSE PKI Working Group Where Are We and Where are We Going.

EDUCAUSE PKI Working Group Where Are We and Where are We Going.
07 May 2002, I2 Member Meeting MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.

07 May 2002, I2 Member Meeting MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.
Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.

Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.

Similar presentations

Ads by Google