1 / 24

UCB Enterprise Directory

UCB Enterprise Directory. February 7, 2002. Establish a framework for deploying and maintaining general purpose directory services for the University of Colorado at Boulder within the context of the University-wide environment. History Refresher – Commissioning Statement.

annabel
Download Presentation

UCB Enterprise Directory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UCB Enterprise Directory February 7, 2002

  2. Establish a frameworkfor deploying and maintaining general purpose directory services for the University of Colorado at Boulder within the context of the University-wide environment. History Refresher – Commissioning Statement

  3. History Refresher – Goals • Develop and implement an enterprise directory service for UCB • Status: • UCB enterprise directory initial phase was implemented November 5th, 2001. • iPlanet Directory Server, running on Solaris 450 at the CC with a replicated directory instance running on a Solaris 450 at Tele.

  4. History Refresher – Goals • Trusted, authoritative source of data • Status:The Enterprise Directory blends data from SIS, HR and Uniquid using business rules, processes and policies agreed upon by campus-wide representatives.

  5. History Refresher – Goals • Identity, data and relationship management • Status: • The Enterprise Directory offers a single entry per person reflecting all CU-related roles. • Identity verification using Employee ID, SID, SSN, Previous SID, Name, DOB, gender • Data population logic is based upon Steering Team-established business rules and policies • Process determines Affiliation, Primary Affiliation and corresponding privileges.

  6. History Refresher – Goals • Usable by a variety of applications and services • Status: • Built upon LDAP standards, maximizing its potential for subsequent use. • Apps/services currently using the directory:White Pages (in production) Printed Directory (produced Fall, 2001 edition) Email address source for various applications Calendar (pilot) Affiliation Verification (local to Service Center) Radius (proof of concept) Mac OS authentication (proof of concept) Attribute load into Active Directory (as needed)

  7. History Refresher – Goals • Authentication Services • Status: • Framework established based upon LDAP standards, eduPerson standards, and affiliation definition. • Solution option testing is in process

  8. MacOS AuthN pilot Radius concept Calendaring pilot Authentication testing White Pages (Nov.5, 2001) Email Addresses Affiliation Check UCB Directory Printed Directory Registry Directory Build Uniquid Central (pilot) SIS Identity Recon. H/R Recon report Directory Structure Today

  9. HR fac/staff; empID SIS student; SID FIS faculty; SSN Uniquid accounts; unix ID IDcard photos; ISO Telecom phone locn phone # Directory and Data • Distinct sources for distinct roles (students, employees, faculty, electronic accounts, etc.) • Unique identifiers for each system • Blending together to build a CU Person CU Person

  10. SIS Registry/ Directory Student Data (java) For Identity Matching: - Student ID, Previous ID - Name,Birth date, Gender • For Affiliation Logic, Authorization & Data Access • Enrollment Status, Withdraw Code, Expected Return • Fees Paid Indicator • Privacy Flag For Directory Publication - Name - Local Address and Telephone - Major(s), Minor(s), College(s) - Class Level

  11. PSHR Registry/ Directory Faculty and Staff Data sql via db link For Identity Matching: - Employee Number, SSN - Name,Birth date, Gender For Employee and Job Selection - Job status - Employment end date For Directory Publication - Name - Campus Box and Campus Phone - JobDepartment(s), Home Department - Job ClassTitle(s) - Business Title(s)

  12. Uniquid (Java) Account & Email data (person) ID Card ISO and jpeg Telecom Office building/room data FIS Faculty Research and Degree data Campus-Specific Data or Systems Registry/ Directory

  13. Registry ucb email email person cn degree campus surname seealso major research au given name affiliation pw college activities org unit org job cert job code exceptions

  14. Registry Logic Affiliation Building - Students • Enrollment status code = E • Withdraw code null • or Expected return date in the future • Type of student affiliation is based upon Academic Unit • Student (= “Student” affiliation) • Continuing Ed Credit Student (= “Student” affiliation) • Continuing Ed Non-Credit Student (= “Affiliate” affiliation) • Campus Affiliation based upon first character of AU

  15. Registry Logic Affiliation Building - Employees • Appropriate employment status code • Appointment end date in the future • Type of employee affiliation is based upon Job Code • Faculty, Clinical Faculty, Research Faculty, Medical Resident, Fellowship/Trainee = “Faculty” • Student Faculty = “Student” and “Faculty” • Officer/Exempt Professional = “Officer/Professional” & “Staff” • Student Employee = “Affiliate” or “Employee” • Retiree = “Retiree” or “Affiliate” • Staff = “staff” • Campus Affiliation based upon first character of department code

  16. Registry Logic Name Building LastName, FirstName MiddleName  FirstName MiddleName LastName FirstName LastName LastName FirstName Watch for II, III, IV, Jr., Sr.Remove spaces in the last name; build another variation Purpose: To facilitate name searching Build displayName use name associated with primaryAffiliation (employee = HR; student = SIS) use most current version

  17. Directory Build Logic • Find people in Affiliation Table • Find corresponding records in Job Table • Select the job data related to affiliation • Find corresponding records in AU Table • Select the academic unit data related to affiliation • Find all other tables/data related to the affiliation people (person, name(s), email, etc.) • Is person in directory? • If yes, modify. If no, create • Is person in directory no longer affiliated? • If so, delete from directory.

  18. Directory organizational Person person cuEduPerson cn description seeAlso sn telephoneNumber userPassword facsimileTelephoneNumber ou physicalDeliveryOfficeName postalAddress street, st, postsalCode, l postOfficeBox preferredDeliveryMethod title uuid au activities & research alternateContact campus degreeInstitution & Year employmentStartDate Expertise feesIndicator highestDegree homeDepartment ISO major, minor, class Privacy SID, SSN inetOrgPerson eduPerson o & departmentNumber displayName, givenName employeeNumber employeeType homePhone,homePostalAddress jpegPhoto & labeledURI mail, uid mobile & pager roomNumber userCertificate affiliation jobClassification nickName orgDN orgUnitDN primaryAffiliation principalName schoolCollegeName

  19. Tomcat/ cocoon LDAP query Apache White Pages Address Book Directory Uses – Queries Directory • Anonymous query controls: • -Search based on name & variations (cn) • -Server controls “max” returns (80) • Access Controls to ensure: No display of privacy-enacted students • No display of employee home phone/address • Public data displayed: • Student local phone/address Student major, minor, college, class • Faculty/staff office phone/address, title, department • Email address, URL

  20. Cal db Calendar Directory Uses – Applications Directory • Directory and application extensions: • Authenticated application • Currently login ID and password • Moving to identikey authN, application-based authZ. • - Access to directory based on application rights • Use standard directory attributes (name, email) • Extend directory attributes (preferences) • Use application-specific attributes (schedule)

  21. User Request Digital Service/Resource authN Login server Directory Uses – Authorization Directory • Directory and authorization for services/resources: • - Request resource • - Authenticate (you are who you say you are) • - Authorize (you can do what you want to do) • - Determine affiliation (faculty, staff, student, etc.) • Pass affiliation to requested service/resource • Pass additional attributes as needed by application

  22. Radius pilot Calendaring pilot Data verification Birthday Message Authentication Implementation Authentication test White Pages Account Mgt Project Affil Ck Email Addresses Sponsor Create Attribute update UCB Directory Initiate Send Mail project Printed Directory Registry Directory Build Uniquid Central (pilot) Tele (bldg/rm) SIS Identity Recon. H/R ID Card (ISO/jpg) Recon report Directory Structure Phase 2 Central Dir.

  23. Project Contacts • Project Manager, Paula Vaughan Paula.Vaughan@colorado.edu • Directory Manager, Melinda JonesMelinda.Jones@colorado.edu • Project Web Pagehttp://www.Colorado.EDU/committees/DirectoryServices/or from the UCB - ITS home page (“About ITS” ž“Projects & Initiatives” ž “Architecture and Infrastructure Initiatives”)

  24. Directory and Data

More Related