openregistry
play

OpenRegistry Revisiting the Management of Electronic Identity - PowerPoint PPT Presentation

Oct 30, 2022 •525 likes •796 views

OpenRegistry OpenRegistry Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University July 2009 LSM 10/7/09 1 OpenRegistry About Rutgers University State University of New Jersey Three Main Campuses

  1. OpenRegistry OpenRegistry Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University July 2009 LSM 10/7/09 1

  2. OpenRegistry About Rutgers University • State University of New Jersey • Three Main Campuses – New Brunswick (main) • 29000 FT, 7000 PT Students – Newark • 7000 FT, 4000 PT Students – Camden • 3500 FT, 1700 PT Students • ¾ Undergraduate • 15000 Faculty/Staff • 400000 Alumni • Many visitors, guests, conference attendees, etc • Need to assign NetIDs (logins) and ID Cards LSM 10/7/09 2

  3. OpenRegistry LSM 10/7/09 3

  4. OpenRegistry We’re Not That Unique • Lots of other US Higher Ed looks similar – Multiple Systems of Record (SORs) – Heterogenous Downstream Systems (DSSs) • OpenSource: Kerberos, OpenLDAP, CAS, Shibboleth, Sakai, Kuali, ... • Proprietary: Active Directory, Banner, Endeavor, Lenel, ... – Complex, poorly documented rules and procedures – Limited resources • And also in Canada, UK, Sweden, Brazil, ... LSM 10/7/09 4

  5. OpenRegistry LSM 10/7/09 5

  6. OpenRegistry Rutgers University Identity Goals • Capture Identity Data for all populations affiliated with the University, including regular students, continuing ed students, joint program students, alumni, new employees, faculty, staff, retirees, and guests – Now: Primarily students, faculty/staff, and some “guests” • Faster propagation of data, real time where possible – Now: Nightly to biweekly batch feeds • Consistent data definitions, contracted via versions – Now: Hard to find definitions, unclear when they change • Delegated operations where possible – Now: Heavy dependency on Help Desk and Central IT LSM 10/7/09 6

  7. OpenRegistry What Is OpenRegistry? • An OpenSource Identity Management System, a place for data about people affiliated with your institution • Core functionality – Interfaces for web, batch, and real-time data transfer – Identity data store – Identity reconciliation from multiple systems of record – Identifier assignment for new, unique individuals • Additional functionality – Data beyond Persons: Groups, Courses, Credentials, Accounts – Business Rule based data transformations LSM 10/7/09 7

  8. OpenRegistry What Is OpenRegistry? • More than just a Registry, some periphery too – Directory Builder – Provisioning and Deprovisioning • Generally not authoritative for data – SORs are authoritative for most data – OR reflects single, reconciled view of data from multiple SORs – Exceptions include some identifiers, results of business rule calculations, populations with no real SOR (eg: visitors) LSM 10/7/09 8

  9. OpenRegistry Inspirations • Columbia University Identity Management System • Rutgers People Database • Georgetown Model* • Higher Ed Standards (eg: eduPerson) • Evolving Standards (eg: NIST LoA) • Review of interested peer institutions • Decades of combined experience from before the field was called “Identity Management” LSM 10/7/09 9

  10. OpenRegistry I2 Identity & Access Management Model OpenRegistry Core OpenRegistry Periphery LSM 10/7/09 10

  11. OpenRegistry LSM 10/7/09 11

  12. OpenRegistry Data Model • Generic enough to work for multiple institutions • Specific enough to work for yours • Internationalized • Well documented LSM 10/7/09 12

  13. OpenRegistry Data Model Overview LSM 10/7/09 13

  14. OpenRegistry Data Model Excerpt LSM 10/7/09 14

  15. OpenRegistry LSM 10/7/09 15

  16. OpenRegistry OpenRegistry Approach • Communicate openly and transparently • Design based on supportable, end-user focused, efficient processes and ease of maintenance • Adhere to open standards wherever possible • Leverage other higher ed efforts • Favor iterative development where appropriate • Implement highly available, highly scalable, cost efficient technologies LSM 10/7/09 16

  17. OpenRegistry OpenRegistry Approach • Generic architecture and data model – More than Rutgers needs, but makes OR more useful for others • Multiple levels of engagement with the community – Discuss: Review design documents, identify gaps and changes – Develop: Help write code, documentation, etc – Deploy: Run OR as an IDMS (when released) – Donate: Contribute resources to help with development and outreach • Transparent, agile development process – Work done on Jasig servers, not Rutgers • Get the ball rolling, encourage others to join • Build on lessons learned from CAS LSM 10/7/09 17

  18. OpenRegistry LSM 10/7/09 18

  19. OpenRegistry LSM 10/7/09 19

  20. OpenRegistry LSM 10/7/09 20

  21. OpenRegistry LSM 10/7/09 21

  22. OpenRegistry LSM 10/7/09 22

  23. OpenRegistry LSM 10/7/09 23

  24. OpenRegistry OpenRegistry Initiative Milestones • √ Requirements • √ Design • √ Project Infrastructure • R1: Core Services, REST API, Initial UI, Initial Business Rules – Meets Rutgers RIAR-1 requirements • R2: Enhanced Core Services, UI, Business Rules, Initial Provisioning • R3: Batch Interface, Enhanced Business Rules, Enhanced Provisioning LSM 10/7/09 24

  25. OpenRegistry Intersection With Your Institution • Potential for collaboration could take many forms – Participation in or vetting of OR design – Evaluation for migration and adoption as OR matures – Adjustment of OR milestones according to your needs, with your resources • Benefits of Migration to OR – Provides long term, sustainable model – Elimination of programmer-specific knowledge concerns – Avoidance of vendor lock-in • Commercial solutions aren't drop-in, customization work needed • Easier to tailor to future needs – Community of similar institutions in similar situations LSM 10/7/09 25

  26. OpenRegistry Additional Information • http://www.ja-sig.org/wiki/display/OR LSM 10/7/09 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Running a Bug Bounty Program for your registry or registrar Gavin Brown, CTO, CentralNic Group

Running a Bug Bounty Program for your registry or registrar Gavin Brown, CTO, CentralNic Group

Running a Bug Bounty Program for your registry or registrar Gavin Brown, CTO, CentralNic Group PLC ICANN 63, Barcelona Introduction CentralNic Group PLC includes 4 registries and 5 registrars: CentralNic OpenRegistry KSRegistry SK-NIC TLD

411 views • 13 slides
The Catalan Government Prequalification Strategy for Software Development Suppliers Josep M.

The Catalan Government Prequalification Strategy for Software Development Suppliers Josep M.

The Catalan Government Prequalification Strategy for Software Development Suppliers Josep M. Marco-Sim Joan A. Pastor Collado Rafael Macau Nadal Universitat Oberta de Catalunya / Open University of Catalonia SEAFOOD 2010 Contents 1.

446 views • 15 slides
CP violation in 2HDM+singlet Juhi Dutta Working Group 2HDM talk 19.12.2019 Juhi Dutta Working

CP violation in 2HDM+singlet Juhi Dutta Working Group 2HDM talk 19.12.2019 Juhi Dutta Working

CP violation in 2HDM+singlet Juhi Dutta Working Group 2HDM talk 19.12.2019 Juhi Dutta Working Group 2HDM talk CP violation in 2HDM + singlet CP violating IDMS Reference: The Inert Doublet Model and its extensions, M.Krawczyk, N.Darvishi, D.

654 views • 20 slides
Lect ure # 01 ADVANCED DATABASE SYSTEMS Course Introduction & History of Database Systems

Lect ure # 01 ADVANCED DATABASE SYSTEMS Course Introduction & History of Database Systems

Lect ure # 01 ADVANCED DATABASE SYSTEMS Course Introduction & History of Database Systems @ Andy_Pavlo // 15- 721 // Spring 2018 2 WH Y YO U SH O ULD TAKE TH I S CO URSE DBMS developers are in demand and there are many challenging

912 views • 66 slides
Iden%ty Management Issues - status and plans OSG

Iden%ty Management Issues - status and plans OSG

Iden%ty Management Issues - status and plans OSG and ESnet Mine Altunay - FNAL Mike Helm, Doug Olson, Dhiva Muruganantham -

475 views • 24 slides
Mathematical Logic - 2015 Propositional Logic: exercises Fausto Giunchiglia and Mattia Fumagalli

Mathematical Logic - 2015 Propositional Logic: exercises Fausto Giunchiglia and Mattia Fumagalli

Mathematical Logic - 2015 Propositional Logic: exercises Fausto Giunchiglia and Mattia Fumagalli (ref. Chiara Ghidini slides PL Formalization and Enzo Maltese sleides PL Exercises) Index q From NL to PL q Truth tables q

633 views • 17 slides
Tuakiri update: eduGAIN & service status Vlad Mencl Wallace Chase 1 Tuakiri update:

Tuakiri update: eduGAIN & service status Vlad Mencl Wallace Chase 1 Tuakiri update:

August 19th, 2020, REANNZ Lunchtime session Tuakiri update: eduGAIN & service status Vlad Mencl Wallace Chase 1 Tuakiri update: eduGAIN and service status, August 19th, 2020 Outline Tuakiri: brief introduction Update:

641 views • 23 slides
WPSE: F ORTIFYING W EB P ROTOCOLS VIA B ROWSER -S IDE S ECURITY M ONITORING Marco Squarcina

WPSE: F ORTIFYING W EB P ROTOCOLS VIA B ROWSER -S IDE S ECURITY M ONITORING Marco Squarcina

WPSE: F ORTIFYING W EB P ROTOCOLS VIA B ROWSER -S IDE S ECURITY M ONITORING Marco Squarcina Joint work w. Stefano Calzavara, Riccardo Focardi, Matteo Ma ff ei, Clara Schneidewind, Mauro Tempesta 4th OAuth Security Workshop 2019 March 21,

585 views • 34 slides
Analyzing manuscript traditions using constraint-based data mining A case study in declarative

Analyzing manuscript traditions using constraint-based data mining A case study in declarative

Analyzing manuscript traditions using constraint-based data mining A case study in declarative data mining Tara Andrews, Hendrik Blockeel, Bart Bogaerts, Maurice Bruynooghe, Marc Denecker, Stef De Pooter, Caroline Mac, Jan Ramon KU Leuven,

1.08k views • 38 slides
Development of a hardware-abstraction layer for the Baltikum test framework IDP final talk

Development of a hardware-abstraction layer for the Baltikum test framework IDP final talk

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Development of a hardware-abstraction layer for the Baltikum test framework IDP final talk Tobias Betz December 12, 2016 Chair of Network

385 views • 24 slides
Introduction to Identity Federations Brook Schofield eduGAIN Task Leader, GN3 Project &

Introduction to Identity Federations Brook Schofield eduGAIN Task Leader, GN3 Project &

Introduction to Identity Federations Brook Schofield eduGAIN Task Leader, GN3 Project & Project Development Officer, TERENA schofield@terena.org 15 October 2012 Building Federated Identity Policy, GN3 Symposium, Vienna, Austria Innovation

157 views • 12 slides
SPaCIoS Secure Provision and Consumption in the Internet of Services STREP Project number: 257876

SPaCIoS Secure Provision and Consumption in the Internet of Services STREP Project number: 257876

SPaCIoS Secure Provision and Consumption in the Internet of Services STREP Project number: 257876 Objective ICT-2009.1.4 c: Technology and Tools for Trustworthy ICT 01 Oct 2010 30 Sep 2013 www.spacios.eu Alexander Pretschner, POFI 2011,

780 views • 24 slides
ENGR 5770G : Service Computing / Winter 2013 Anwar Abdalbari Outline Introduction.

ENGR 5770G : Service Computing / Winter 2013 Anwar Abdalbari Outline Introduction.

ENGR 5770G : Service Computing / Winter 2013 Anwar Abdalbari Outline Introduction. Identity Systems. Analysis of Identity Systems. Open Trust Frameworks. Shibboleth Approach What are we talking about? Authentication

829 views • 39 slides
Institutional Effectiveness Committee Presentation to College Council Atiya Rashada Mark C.

Institutional Effectiveness Committee Presentation to College Council Atiya Rashada Mark C.

Institutional Effectiveness Committee Presentation to College Council Atiya Rashada Mark C. Fields Updates Program review Timeline Meta ready to go PD day training Training Videos Coaches

56 views • 5 slides
Instruction , ,

Instruction , ,

1 Instruction , , Timetable 2 Open Day: 9:00-16:30, 16 May 2017 @ Seminar Room 9:00-9:05 Welcome Speech (Yoshiaki Ohsumi, Panasonic)

730 views • 6 slides
Input/Output Organization Chapter 19 S. Dandamudi Outline Introduction External

Input/Output Organization Chapter 19 S. Dandamudi Outline Introduction External

Input/Output Organization Chapter 19 S. Dandamudi Outline Introduction External interface Accessing I/O devices Serial transmission An example I/O device Parallel interface Keyboard USB I/O data

1.29k views • 96 slides
An application Protocol for Fast Long Distance Network Katsushi Kobayashi ikob@ni.aist.go.jp

An application Protocol for Fast Long Distance Network Katsushi Kobayashi ikob@ni.aist.go.jp

An application Protocol for Fast Long Distance Network Katsushi Kobayashi ikob@ni.aist.go.jp National Institute of Advanced Industrial Science and Technology Off topic In 1st day panel, Injong Rhee presented high-speed TCP variant issue

504 views • 9 slides
Internet of Things Laurent Toutain June 11, 2013 Caen () IPv6 op erateur June 11, 2013 1 /

Internet of Things Laurent Toutain June 11, 2013 Caen () IPv6 op erateur June 11, 2013 1 /

Internet of Things Laurent Toutain June 11, 2013 Caen () IPv6 op erateur June 11, 2013 1 / 14 Internet of Things ? Internet of Things Caen () IPv6 op erateur June 11, 2013 2 / 14 Internet of Things ? Internet of Things

693 views • 32 slides
Collaborators @ AALborg @UPPsala Real Tim e Kim G Larsen Wang Yi

Collaborators @ AALborg @UPPsala Real Tim e Kim G Larsen Wang Yi

Collaborators @ AALborg @UPPsala Real Tim e Kim G Larsen Wang Yi Informationsteknologi Gerd Behrman Paul Pettersson Arne Skou Model Checking John Hkansson Brian Nielsen Anders Hessel

467 views • 13 slides
U PPAAL - Present and Future Gerd Behrmann 1 , Alexandre David 2 , Kim G. Larsen 1 , M. Oliver M

U PPAAL - Present and Future Gerd Behrmann 1 , Alexandre David 2 , Kim G. Larsen 1 , M. Oliver M

U PPAAL - Present and Future Gerd Behrmann 1 , Alexandre David 2 , Kim G. Larsen 1 , M. Oliver M oller 3 , Paul Pettersson 2 , Wang Yi 2 1 Aalborg University, 2 Uppsala University, 3 BRICS Arhus Outline: 1 Model-checking Timed Automata 2

669 views • 42 slides
Optimal Counterexamples for Discrete-Time Markov Models Albert-Ludwigs-Universitt Freiburg

Optimal Counterexamples for Discrete-Time Markov Models Albert-Ludwigs-Universitt Freiburg

Optimal Counterexamples for Discrete-Time Markov Models Albert-Ludwigs-Universitt Freiburg Ralf Wimmer Albert-Ludwigs-Universitt Freiburg, Germany Joint work with Nils Jansen, Erika brahm, Joost Pieter Katoen, Bernd Becker Outline

475 views • 34 slides
Topic 12 Conditional Execution "We flew down weekly to meet with IBM, but they thought the

Topic 12 Conditional Execution "We flew down weekly to meet with IBM, but they thought the

Topic 12 Conditional Execution "We flew down weekly to meet with IBM, but they thought the way to measure software Conditional execution with if was the amount of code we wrote, when statements really the better the software, the fewer

264 views • 4 slides
Logical Operators and JavaScript Practice CS 115 Computing for the Socio-Techno Web Instructor:

Logical Operators and JavaScript Practice CS 115 Computing for the Socio-Techno Web Instructor:

Logical Operators and JavaScript Practice CS 115 Computing for the Socio-Techno Web Instructor: Brian Brubach Announcements Special office hours 2-3pm today for Assignment 3 Quiz grades will be released later today Will be curved up

76 views • 7 slides
Overview/Questions How do we control the flow of execution within our programs? How can

Overview/Questions How do we control the flow of execution within our programs? How can

CS101 Lecture 24: Python: Decision Making Aaron Stevens 25 March 2009 1 Overview/Questions How do we control the flow of execution within our programs? How can a programs input alter the instructions that get executed? How

226 views • 12 slides

More recommend