1 / 11

Directories at the University of Florida

Directories at the University of Florida. Mike Conlon Director of Data Infrastructure University of Florida. Desired State. One person, one identity Identity management across UF systems – desktop, web-based, enterprise

yamin
Download Presentation

Directories at the University of Florida

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida

  2. Desired State • One person, one identity • Identity management across UF systems – desktop, web-based, enterprise • Support multiple modalities for directory services – LAN-based, web-based, enterprise • Provide public and private identifiers, not SSN • Authoritative source for identity and directory information • Move toward single sign-on

  3. Some History • Registry since 1988 • Kerberos since 1997 • LDAP since 1998 • Directory Strategy process 6/00-8/01. White paper. http://www.it.ufl.edu/projects/directory/planteam.htm • Directory Project 9/01-January 21, 2003. Largest UF IT Project. http://www.it.ufl.edu/projects/directory

  4. Strategy Process • Fourteen months 6/00-8/01 • Visit by Ken Klingenstein 4/01 • Student ID Process 2/01-8/01 • ID recommendation: UFID for entire community. Follow I2 guidelines. Integrate with directory project • Strategy white paper for directory services at UF – why, what, how, who, when (18 months)

  5. Directory Project Timeline • IT Review complete 3/01 • Directory white paper 8/01 • Project launch 10/01 • Original target date 4/03 • Actual go-live January 21, 2003 • Seven FTE on core team • Over 150 participants from across UF

  6. Directory Project Charge • Use of models and standards developed by the Internet2 Initiative including the EduPerson schema. • Update to database schema in DB2 and LDAP. • Provide a support mechanism for unit level extensions as desired. • Improve infrastructure of LDAP facility. • Develop processes and policies to ensure maintenance of accurate directory data. • Develop of standard interfaces to reduce need for duplicate databases and enhance accessibility of directory data. • Develop a middleware connection in support of a new UF identifier strategy. • Develop effective data flows to and from existing data systems such as the Registrar and Personnel. • Provide a data model, LDAP schema and set of API's to support functional expansion and growth of new idea.

  7. UF Directory Project • Overhaul Registry • Overhaul LDAP. eduPerson, eduPersonAffiliation • Introduce UFID. Publicly visible identifier (nnnn-nnnn) used in place of SSN for business transactions. http://ufid.ufl.edu • Introduce UUID. Private identifier used as key in core systems • SSN as attribute • GatorLink as attribute • Over 1,500 legacy apps modified • All SSN-based processes refactored • Self-service directory access http://phonebook.ufl.edu

  8. Consequences • 1,272,228 objects in UF LDAP • People, Organizations, Groups, Relationships • Better data through new processes • Old: Local admin + reconciliation • New: Central, self-service + replication • Positioned for new services • PeopleSoft, Active Directory, Single Sign On

  9. Current State • Five production middleware data systems – LDAP, UF Registry, Kerberos, Netware Directory Services (NDS), PeopleSoft Portal • Active Directory (AD) to be added • Existing integration between PeopleSoft, LDAP, Kerberos and UF Registry • Adhoc integration with Kerberos and NDS • UF Registry provides authoritative source • GatorLink (email, netid), UFID (publicly visible), UUID (private) identifiers

  10. Why Six Systems? • LDAP is the open standard for web-based applications • Active Directory is the standard for desktop users • NDS is the legacy system for desktop users • PeopleSoft is the future enterprise system • Kerberos is the open standard for authentication • UF Registry is the current authoritative source with a known data model and service provider for legacy systems

  11. Middleware Roadmap • Use LDAP and Kerberos to authenticate PeopleSoft (in place today) • Provide standards-based authentication mechanism for free-standing web apps (in place today via GL Auth) • Implement AD based on Kerberos identity – provide a foundation for future desktop integration. Spring 2003 through 2005 • Consider the future of NDS • Migrate UF Registry to PeopleSoft Campus Community. Analysis complete, design in progress, go-live 7/04 • 7/04: Integrated enterprise middleware systems – AD, LDAP, PeopleSoft, Kerberos

More Related