identifiers

Information about identifiers

Published on January 9, 2008

Author: Berta

Source: authorstream.com

Content

Identifiers and Name Space Considerations :  Identifiers and Name Space Considerations Dr. Tom Barton Copyright Tom Barton, 2003. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author. What we’re trying to accomplish:  What we’re trying to accomplish Simplify what users must know to access to online services. Enable IT organization to efficiently provide multitude of online services. Increase security. Enable online service for our constituents earlier in their affiliation with us, wherever they are, and forever. Participate in new, inter-organizational, collaborative architectures. Terminology:  Terminology Identity: set of attributes about a person. Operationalized as a “person object”. Authentication: process used to associate a user with an identity. Often a login process. Authorization: process of determining if policy permits an intended action to proceed. Customization: presentation of user interface tailored to user’s identity. Subsumes personalization. Comparative service architectures:  Comparative service architectures Stovepipe (or silo): Service performs its own authentication and consults its own database for authorization and customization attributes. service authN attributes Comparative service architectures:  Comparative service architectures Stovepipes are run by separate offices. Environment is more challenging to users, who may need to contact each office to arrange for service and remember several sets of credentials. Any life cycle management of service specific resources must be undertaken by service specific office. Per-service identifiers and security practices make it more difficult to achieve a given level of security across the enterprise. Comparative service architectures:  Comparative service architectures Integrated: Suite of services refer authentication to and obtain attributes for authorization and customization from enterprise infrastructure services. Service 1 authentication service attribute service Service N • • • Comparative service architectures:  Comparative service architectures Enterprise authentication & attribute services are provisioned by a central office. All attributes known by the organization about a person can be integrated and made appropriately available to services. Automated life cycle resource management is across the enterprise is facilitated. Common identifiers across integrated services enables an easier and more secure user environment. Core middleware for an integrated architecture:  Core middleware for an integrated architecture Examples:  Examples Common “basket” of services: email (reading & sending), calendar, shell & cluster accounts, network access services, myriad web apps, LMS, library databases, home directories,… . Remote account initialization & admitted students Academic Personnel Records Leverages common security & data architecture NMI Roadmap GPS:  NMI Roadmap GPS Preceding slides sketched the overall technical architecture. Now we’ll dig into the identifiers that are fundamental to providing integration… Source system identifiers:  Source system identifiers Affiliations: Which source systems define which affiliations? How? How do constituents become engaged in their various affiliations with the U? How disengaged? Associated attributes: What other attributes of value to online services are maintained in which source systems? How are they maintained, for what purposes? Are they reliable? Metadata: (De-)Assignment process; persistence; visibility; versions;… What encumbrances/obligations/policies pertain? Updatable (in source system)? Forever iterate over these considerations Registry identifiers:  Registry identifiers Fundamental IDs Permanent, unreleased guid. Permanent pvid? Versions? Source join & consumer crosswalk. Derived identifiers username(s). Attributes for provisioning processes. Consumer specific? Affiliations Derived. Course, program, org related identifiers & objects. Group memberships. Namespace issues Multiple namespaces? For registry objects? For consumer systems? Overloading. Format. All is hidden from view Consumer identifiers:  Consumer identifiers Fundamental IDs Persistence, visibility, opacity, … Potential interaction with privacy policy Store/use pvid? Choice of naming components (LDAP only). Representation of attributes Application use cases Overloading & namespace collision. E.g.s: cn: name of person, name of group, name of … uid: orthogonal sets of usernames? Consumer specific selection & transformation All is potentially exposed Service identifiers:  Service identifiers Ability to use or be provisioned with a user identifier derived in the metadirectory is a requirement for integration into this architecture. Attribute schema Conventions for syntax & semantics Stresses on a common username space: Least common denominator format requirements. Number of persons assigned one (alums?, parents?, sibs?, patrons?, donors?). Duration of assignment: forever? Potential for shared administration of portions of username space might drive creation of orthogonal namespaces. Eg, OS usernames, uids, gids w/ nss-ldap. University “guest” registration. Username & related namespace issues Identifier Discovery:  Identifier Discovery Identify the identifiers, starting with key source systems and prevalent or important services. ID Mapping Table columns: ID name, Primary Use, who assigns, who gets one, where stored, format. characteristics: opaque/transparent, lucent?, reassignable?, revokable?, unique within <scope>. More important than the technical details is the establishment of ongoing relationships between architect and people who assign and use fundamental identifiers. Abbreviated ID Mapping Table http://middleware.internet2.edu/earlyadopters/identifier-mappings/:  Abbreviated ID Mapping Table http://middleware.internet2.edu/earlyadopters/identifier-mappings/ PS: Personal Identifiers:  PS: Personal Identifiers Who maintains name, birthday, SSN? Registrar Human Resources Bursar ID Office Law School University College Library Regents Online Degree Program Central IT Controller Marketing & Advancement Academic Personnel Records Telecom/Network Services Intensive English for Internationals This is an irrational business practice! Common security & data architecture:  Common security & data architecture data warehouse i n t e l l i g e n c e Common Reporting Tool

Related presentations


Other presentations created by Berta

CII PRESENTATION
09. 01. 2008
0 views

CII PRESENTATION

John Wilkes Booth
10. 01. 2008
0 views

John Wilkes Booth

Abdala Amphetamines in Russia
10. 01. 2008
0 views

Abdala Amphetamines in Russia

terzalezione scritturanarrativa
12. 01. 2008
0 views

terzalezione scritturanarrativa

Colonialism
15. 01. 2008
0 views

Colonialism

Evolution for Beginners
17. 01. 2008
0 views

Evolution for Beginners

The Analysis Gatsby
04. 02. 2008
0 views

The Analysis Gatsby

OCTranspo
05. 02. 2008
0 views

OCTranspo

mhd day2005
16. 01. 2008
0 views

mhd day2005

nut info labels etiquettes e
07. 02. 2008
0 views

nut info labels etiquettes e

american revolution
12. 02. 2008
0 views

american revolution

moorthy ms
17. 01. 2008
0 views

moorthy ms

leadinglearning
20. 02. 2008
0 views

leadinglearning

izellerbauhauscli2005
26. 02. 2008
0 views

izellerbauhauscli2005

PersuasiveComp
28. 02. 2008
0 views

PersuasiveComp

ADA overview
07. 03. 2008
0 views

ADA overview

wipo smes uln 07 www 89154
14. 03. 2008
0 views

wipo smes uln 07 www 89154

latair
22. 01. 2008
0 views

latair

Presentation UWIHARP Final
19. 01. 2008
0 views

Presentation UWIHARP Final

Stuart Anderson
03. 04. 2008
0 views

Stuart Anderson

venkatesh
08. 04. 2008
0 views

venkatesh

2007112679352641
14. 04. 2008
0 views

2007112679352641

Marketing of Evil book review
16. 04. 2008
0 views

Marketing of Evil book review

21431
17. 04. 2008
0 views

21431

IR3001 Middle East security
23. 04. 2008
0 views

IR3001 Middle East security

DSRDSept19
24. 04. 2008
0 views

DSRDSept19

BasevsDIStudio
05. 02. 2008
0 views

BasevsDIStudio

TNG
02. 05. 2008
0 views

TNG

Gavin Mooney DRS Sept 06
14. 02. 2008
0 views

Gavin Mooney DRS Sept 06

STD11
02. 05. 2008
0 views

STD11

CLOCgonzalez
15. 01. 2008
0 views

CLOCgonzalez

9 10 07Watson Presentation2
30. 01. 2008
0 views

9 10 07Watson Presentation2

f3
13. 01. 2008
0 views

f3

gep2004slideshow
24. 01. 2008
0 views

gep2004slideshow

LuisLobopresentation
17. 01. 2008
0 views

LuisLobopresentation

adcas
16. 01. 2008
0 views

adcas

Weber Paul
14. 01. 2008
0 views

Weber Paul

BoraBora
29. 01. 2008
0 views

BoraBora

swga 004
05. 03. 2008
0 views

swga 004

MSThesisPresentation
07. 02. 2008
0 views

MSThesisPresentation