410 likes | 512 Views
ID Management in University. Kenzi Watanabe Saga University, Japan watanabe@is.saga-u.ac.jp. 5 Faculties Approx. 7,000Students 2,000 Faculty Members. ID Management History of Saga University. 1998, ID for all students 2001, ID for all faculty members
E N D
ID Management in University Kenzi Watanabe Saga University, Japan watanabe@is.saga-u.ac.jp
5 Faculties Approx. 7,000Students 2,000 Faculty Members The 33rd APAN Meeting
ID Management History ofSaga University The 33rd APAN Meeting • 1998, ID for all students • 2001, ID for all faculty members • 1998, ID Integration for Windows and UNIX • 2002, Integrated authentication system • 2010, Shibboleth
Backgrounds The 33rd APAN Meeting Information Literacy Education (1990〜) Deployments of Self-maintained Online Systems with Web (2000〜)
Contents The 33rd APAN Meeting • What is ID ? • Backgrounds of ID Management History • ID Management Systems in Saga University • Issues in Implementations • Conclusion
What is ID ? • ID is an identifier for each user • A symbol of yourself in ICT world • Known as “User ID” • ID is used in authentication procedure with a password • Login The 33rd APAN Meeting
ID Management History ofSaga University The 33rd APAN Meeting • 1998, ID for all students • 2001, ID for all faculty members • 1998, ID Integration for Windows and UNIX • 2002, Integrated authentication system • 2010, Shibboleth
Backgrounds of ID Management History The 33rd APAN Meeting Information Literacy Education (1990〜) Deployments of Self-maintained Online Systems with Web (2000〜)
PC Room History in Saga University 1990〜1994 1994〜1998 The 33rd APAN Meeting
Windows & UNIX dual boot system (1998 – 2002) The 33rd APAN Meeting
ID Management Technologies For stand-alone system For networked system For small system For novel system The 33rd APAN Meeting • UNIX • /etc/passwd • NIS (Network Information Service) • Microsoft Windows • DC (Domain Controller) • AD (Active Directory)
Different IDs and passwords UNIX Inconvenient !! sato1 pw1 Windows sato2 pw2 The 33rd APAN Meeting
Same ID and passwordwithout Synchronization UNIX Inconvenient !! Not changed sato pw1 Windows sato pw1 sato pw2 Change! The 33rd APAN Meeting
Same ID and passwordwith Synchronization Directory Server authentication UNIX authentication Windows Password change Convenient !! The 33rd APAN Meeting
ID Management History ofSaga University The 33rd APAN Meeting • 1998, ID for all students • 2001, ID for all faculty members • 1998, ID Integration for Windows and UNIX • 2002, Integrated authentication system • 2010, Shibboleth
Deployments of Self-maintained Online Systems with Web The 33rd APAN Meeting • Online Systems • E-mail • Educational affairs • Syllabus, Evaluation, Registration • Digital Library • Teachers’ DB • What ware changed ? • More personalized • Self-maintained
e.g. Teachers’ DB The 33rd APAN Meeting • Teachers’ directory • Gathering activities of all professors • Research, Education, Social activities, etc.. • These outcomes become basics and evidences for the evaluation of university • Who inputs data ? • By themselves
ID Management History ofSaga University The 33rd APAN Meeting • 1998, ID for all students • 2001, ID for all faculty members • 1998, ID Integration for Windows and UNIX • 2002, Integrated authentication system • 2010, Shibboleth
Unified User DB (PostgreSQL) Saga Univ. @ 2002 Operation (Add, Remove, Modify) LDAP General NIS/NIS+ AD LDAP (Replica) IMAP4S POP3S FTP Linux Windows Other Servers (e.g. PHP based) The 33rd APAN Meeting
Unified User DB The 33rd APAN Meeting • Master database for user attributes • User ID • Initial password • Full name • Affiliation • Title • Position • etc … • Authentication Infrastructure
Unified User DB (PostgreSQL) Saga Univ. @ 2002 Operation (Add, Remove, Modify) LDAP General NIS/NIS+ AD LDAP (Replica) IMAP4S POP3S FTP Linux Windows Other Servers (e.g. PHP based) The 33rd APAN Meeting
Shibboleth The 33rd APAN Meeting • Increasing Web-based systems • Inconvenience • Entering User ID and Password many times • More secure way • Opengate • A captive portal type network user authentication system
Unified User DB (PostgreSQL) Saga Univ. @ 2010 Operation (Add, Remove, Modify) LDAP General IdP AD LDAP (Replica) IMAP4S POP3S FTP Windows Other Servers (e.g. PHP based) SPs Solaris The 33rd APAN Meeting
Issues in Implementations The 33rd APAN Meeting • Consolidation of multiple accounts to a single entry • Identification • Clear scheme definitions of ID • ID naming rules • Cooperation with various sections • What section has authority ? • Data Transfer method • Decision making
Research associate PhD course student Case 1 2 IDs Case 2 1 ID has 2 attributes Research associate PhD course student user1 user2 The 33rd APAN Meeting
ID Naming Rules The 33rd APAN Meeting Random based ? Name based ? Same family and personal name ? Same with Student ID ?
Issues in Implementations The 33rd APAN Meeting • Consolidation of multiple accounts to a single entry • Identification • Clear scheme definitions of ID • ID naming rules • Cooperation with various sections • What section has authority ? • Data Transfer method • Decision making
Unified User DB (PostgreSQL) Saga Univ. @ 2010 Operation (Add, Remove, Modify) LDAP General IdP AD LDAP (Replica) IMAP4S POP3S FTP Windows Other Servers (e.g. PHP based) SPs Solaris The 33rd APAN Meeting
Data Transfer Method The 33rd APAN Meeting • Online ? • Data format • CSV ? XML ? • Real-time transactions or Batch jobs ? • Both ? • Offline ? • Data format ? • Media type • DVD ? MO ?
Unified User DB (PostgreSQL) Saga Univ. @ 2010 Operation (Add, Remove, Modify) LDAP General IdP AD LDAP (Replica) IMAP4S POP3S FTP Windows Other Servers (e.g. PHP based) SPs Solaris The 33rd APAN Meeting
Issues in Implementations The 33rd APAN Meeting • Consolidation of multiple accounts to a single entry • Identification • Clear scheme definitions of ID • ID naming rules • Cooperation with various sections • What section has authority ? • Data Transfer method • Decision making
Conclusion The 33rd APAN Meeting • What is ID ? • Backgrounds of ID Management History • ID Management Systems in Saga University • Issues in Implementations
Acknowledgements The 33rd APAN Meeting NTT DATA KYUSHU Corporation Net One Systems CO. LTD.
ID Management Technologies User authentication User authentication UNIX Windows The 33rd APAN Meeting • LDAP(Lightweight Directory Access Protocol) • Directory services • Active Directory has LDAP functions • Windows 2003 server and later versions