1 / 28

Topics in Directories: Metadirectories

This presentation provides an overview of metadirectory practices in higher education, including the definition and role of metadirectories, metadirectory processes, and the importance of consumer provisioning. It also discusses the challenges and considerations when building a metadirectory, such as identity matching and choice of ETL tools, storage platforms, and models. Presented by Brendan Bellina from the University of Notre Dame.

likens
Download Presentation

Topics in Directories: Metadirectories

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Topics in Directories: Metadirectories Practices in Higher Education Brendan Bellina, University of Notre Dame I2 Base CAMP June 2002, Boulder, CO

  2. Presentation Overview - Visual Middleware: Directories

  3. Presentation Outline • Metadirectory Definition & Role • Metadirectory Processes • • The “Join” • • “Intelligence” & The Registry • • Consumer Provisioning • Questions Middleware: Directories

  4. What is meant by “Metadirectory”? • A technology or class of functionality required to build an enterprise directory infrastructure. • Any directory capable of consolidating information found in both standards-based and proprietary directories, and then exposing it through standard interfaces… A system capable of heterogeneous, multi-master, attribute-level replication. • - “Enterprise Directory Infrastructure: Meta-directory Concepts and Functions”, Jamie Lewis, The Burton Group, July, 1998 Middleware: Directories

  5. Role of the Metadirectory • Provides the infrastructure capable of maintaining consistency and data integrity between the chosen enterprise directory and the other local and system- or application-specific directories that will always be present in the organization. • “Enterprise Directory Infrastructure: Meta-directory Concepts and Functions”, Jamie Lewis, The Burton Group, July, 1998 Middleware: Directories

  6. Role of the Metadirectory • The glue that binds directories together • The directory umbrella which covers all directories • The duct tape of your directory infrastructure Middleware: Directories

  7. I2 Mace-Dir Metadirectory Model Middleware: Directories

  8. Metadirectory Processes - Overview • The “Join” • Using identity matching to produce a registry of constituents with links (aliases or alternate keys) back to source systems. • “Intelligence” • Managing how data is inserted, modified, and deleted from the registry based upon the business rules of the institution. • Consumer Provisioning • - Notifying/populating the directory consumers appropriately. Middleware: Directories

  9. Example – Whatsamatter U Middleware: Directories

  10. Metadirectory Processes – The “Join” • The process by which disparate identifiers for multiple source systems are extracted and examined, producing a single master record of identifiers for each individual entity which can be used as a link back to the source system records. Middleware: Directories

  11. Directory Sources – You want sources? We got sources! Affiliates Faculty Portal users Students Trustees Oracle Retirees And more!!! Novell etc/aliases Vendors Email accounts Donors Staff Alumni Applicants etc/passwd Athletic Fans Windows 2000 Windows NT Middleware: Directories

  12. Source Issues • Quantity of diverse sources • Platform differences • Differences in quality of data entered • People with multiple simultaneous roles • Data ownership issues – politics • Varying availability of data sources • Sometimes too much data – 34 address types?!? Middleware: Directories

  13. Identity Matching • Haven’t I seen you somewhere before? • Students who are also part-time staff • Staff or faculty who take classes • People who arrive, and leave, and return, and… Middleware: Directories

  14. Identity Matching • Generally forced to use infrequently changing attributes to attempt to determine when two records describe the same person: • -U.S. Social Security Number or other government assigned unique single lifetime pseudo-meaningless short easy-to-memorize alpha-numeric identifier • Formal name (at birth or initial contact) • Date of birth • Gender (at birth or initial contact) • Permanent home address • … Quality of the data really matters! Middleware: Directories

  15. Building the Registry - Choice of ETL Tools • Choose an ETL (extract-transform-load) tool: • Perl scripts – most common approach at this time, fairly easy to write, can be difficult to maintain • Metamerge – free license for higher ed, many connectors, scripting capability • Java applications • Other Middleware: Directories

  16. Building the Registry - Choice of Storage • Choose a storage platform: • - Relational database - recommended • LDAP Directory – not recommended due to limitations in data typing, lack of standard referential integrity controls. • Indexed files • Other Middleware: Directories

  17. Building the Registry - Choice of Model • Choose a model: “fat” or “thin” • “thin”: registry will contain only the information required to provide linkages back to systems of record. Requires systems of record to be both highly available and readily accessible. • “fat”: registry will contain and serve, in addition to linkage information, information about an entry to consuming applications, reducing the dependency on the systems of record. Fat registries are more common than thin registries. Middleware: Directories

  18. Metadirectory Processes – “Intelligence” • “Intelligence” • The application of an institution’s business rules and policies within the metadirectory. This involves the creation of a unique identifier (guid), rules regarding the creation and removal of registry entries and the population of attributes, and providing for operational reporting and auditing requirements. Middleware: Directories

  19. Unique Identifiers • “There can be only one!!!” • One entry per person, that is. • Establish a globally unique identifier (guid) for each person in the registry. • - Unchanging and persistent • - Non-recyclable • - Unique • - Meaningless • - Hidden Middleware: Directories

  20. Addressing Institutional Policies • Reformatting data to meet standards (telephone) • Breaking up data into discrete parts (addresses, names) • Consolidating/summarizing data (statuses) • Population of default attributes • Population of groups • Default authorizations • Resolving partial or missing data from sources Middleware: Directories

  21. Operational Design Requirements • - Data flow requirements – batch or real-time? • - Recovery planning – thresholds, roll-back, grace periods, logging • - Problem resolution tools for the helpdesk and administrators • - Audit reporting Middleware: Directories

  22. Metadirectory Processes – Consumer Provisioning • Consumers are the applications which make use of information presented in the enterprise directory infrastructure. The metadirectory provisioning process ensures that data is made available to the consumer interfaces. Often modern consumers can interface via the LDAP protocol, but often multiple LDAP directories are required to meet consumer needs. Middleware: Directories

  23. Multiple Consumers • Application specific or “embedded” directories will be needed for several reasons: • - Performance needs, particularly for updates • - Application-specific data • - Special access • - Security requirements • - Because vendors seem to want it that way Middleware: Directories

  24. Integrating Multiple Directories • Methods: • LDIF • Metamerge • Log processing • Probably unavoidable Middleware: Directories

  25. Resource Provisioning • Automated handling of the tasks associated with the establishment, modification, and deletion of resources and entitlements provided to people as they join or leave an organization or undergo changes in affiliation or status. • Wouldn’t it be nice! Middleware: Directories

  26. Resource Provisioning • What to do? • Identify existing automated processes • Identify existing manual processes • Directory-enable processes where possible • How to do it? • -Perl • -Metamerge Middleware: Directories

  27. Why Are There More Questions Than Answers? • -Confusion over terminology, created in part by metadirectory vendors • -Merging of directory and metadirectory vendors (where have all the vendors gone?) • -Tools and standards are still maturing • -Getting early success is fairly easy, going beyond white pages can prove difficult – for institutions that are riddled with exceptions centralized authorization and provisioning can be very complex • -Enterprise work can be an uphill battle in the educational environment – CIO can help Middleware: Directories

  28. Links • Internet 2 - MACE-Dir Metadirectories page • <http://middleware.internet2.edu/dir/metadirectories/> • RPR 1.0 Metadirectories Practices document • <http://middleware.internet2.edu/dir/metadirectories/rpr-nmi-edit-mace_dir-metadirectories_practices-1.0.html> • Author: bbellina@nd.edu Middleware: Directories

More Related