Identity Management: Services, Tools and Processes Cal Racey [email protected] Context: Who I am Cal Racey System Architecture Manager: 9 years experience of Middleware application provision Particular focus on issues of single sign on and
Caccess control Project Manager on JISC funded GFIVO, IDMAPS and GRAND projects Collaborate with Internet2/EDUCAUSE on IdM Experienced in use of open source tools Presentation Overview Theme: Practical examples of IdM solutions Background: The challenge of IdM Newcastles IdM review
Audit Architectural Gaps Tools and services to enhance IdM Data integration Group management Authentication Combined integration service Overview of IDM
The Challenge of Implementing IdM Architectures (Thanks to Jens Haeusser UBC.ca for the IKEA Metaphor and slides) What this workshop is trying to achieve Help add pages to that instructions booklet Build community knowledge and practice around IdM Build portfolio of case studies around IdM
Find out what the community needs Provide reusable examples of IdM solutions Newcastles IdM Example Focussed on exploiting our Existing IdM data SAP HR + student data good enough Poor use in Teaching and Learning apps needed better integration with applications What we Did: Audit application practice and desired usage
Understand requirement Gap analyses Deploy tools and services to enhance architecture Focus on early benefit realisation Audit: Systems requiring IdM data Accommodation Grouper
S3P Active Directory Individuals project (DMS) Service centre (helpdesk) Blackboard
Intralibrary Shibboleth CAMA Lists Site manager (CMS)
Dspace Module Outline forms Smartcard ePortfolios Myprofiles/My Impact
NUcontacts Telecoms Estates ticketing system Print credits Timetabling
Exam papers Recap UNIX FMSC VLEs Sakai (VRE)
Wireless Initial Architecture: Flow of Identity Data Desired Architecture Data warehouse, CAMA SAP Campus
manageme nt HR Shibboleth, Grouper, Active Directory Grouper
Talend Filling the gaps - Architecture Data warehouse Combines Identity data from multiple sources Makes sense of data Group management Adds structure to user population Arranges users into usable units
Data integration tools Processes data + Puts it where it needs to be Captures and expresses business logic Authentication and Authorization service Based on good user data Tools: Talend Integration suite Data integration tool Open source like MySQL Free version + paid for enhancements
Replaced many bespoke scripts Supported Existing and desired approaches Excellent file support Excellent database connectivity Excellent Application connectivity (e.g. SAP) Web services Resources available at http://research.ncl.ac.uk/idmaps/ Tools: Talend Integration suite
Why Talend? Visionary in Gartners data management Also Offers Data quality and Master data management solutions Training and consultancy offerings Middle Man means they have to integrate with everything ETL and IdM share many problems Data quality, duplicate removal, incomplete data Resources available at
http://research.ncl.ac.uk/idmaps/ Talend Example Tools: Talend Benefits End to end connectivity Control of flow all way through Transparency of process No more fragile chains of scheduled tasks Allows team responsibility
Easy to see what a job does Job stored in versioned store (svn) Many data connectors Interacts with windows and unix (including login) Data integration logic in one place. Institutional data feed service (IDFS) Single point of contact for IdM data Consultancy Process for asking for data:
Meeting to discuss requirements Data integration form (Capture, record data flows) Make application owners aware of responsibilities: Security DPA Freedom of information Data integration tool (Talend) Tools: Grouper GRAND project
Grouper used to structure and enhance IdM data Organisational Structure Module enrolment User maintained e.g. Research teams Groups are the way the university works modules, departments, research teams not users Use case documents available at http://research.ncl.ac.uk/grand/resources.php
Tools: Grouper Enables use of composite groups Mixing of static institutional groups and user edited groups management interfaces
Web based: heavy and lite Web services Scripts (grouper shell) Java API Data usable multiple ways Data exports Shibboleth attributes LDAP-PC
Grouper wireless access Grouper Room booking Tools: Shibboleth Built for Federated use case Provides Authentication and Authorisation Used extensively internally Rich attributes People on accountancy can access acc101
podcast People in chemistry can access chemistry wiki Provides framework for targeted personalisation e.g. Here are your podcasts + exam papers Standards based, allows integration e.g. Google Apps
Personal portfolios e.g. MyImpact Dont have to understand shib to integrate shibd apps have less to worry about
Systems integration service One place to talk about domesticating applications Combines: Institutional data feed service Group management service Shibboleth service Mix and match services depending on requirement Focus on need rather than architectural purity
Goal: Ease application development and deployment Make IT applications appear joined up Realising benefits from IdM Problem: Benefit realisation dependant on influencing application owners Apps Spread across political boundaries e.g. Library, careers, medical school Apps spread across platforms
good tools not enough Solution: Wrap tools and processes in a service Campaign of outreach Listen to application owners Realising benefits from IdM Service more important than architecture or tools Builds relationships better understanding of real service barriers
easy future integration 1Hour conversation > 2 weeks work Delivery best influencing technique Effective IdM dependant on influence Even centralised IT cant enforce IDM resources IDMAPS http://research.ncl.ac.uk/idmaps/ GRAND
http://research.ncl.ac.uk/grand Identity Management toolkit http://www.identity-project.org Identity Management EDUCAUSE email list: [email protected] IT architects in academia (ITANA): http://www.itana.org/ Any Questions?
The Exception Class. The default catch Exception block is useful in case an unforeseen Exception is thrown. As good practice, since you are already setting up the code infrastructure to do a try…catch set, it is helpful to have a...
Below are two Thematic Maps and their legends. Legends are sometimes called a 'key.' If you recall from yesterday, Thematic maps give you one specific piece of information. The information they give you can be unlocked by reading the legend,...
A dot is placed at one endof each coupled coils to indicate the direction of the magnetic ﬂux if current enters that dotted terminal of the coil. Dot Convention. If a current enters the dotted terminal of one coil, the...
Absolute Monarchs. Monarchs + Absolute Power. Total Control . over the People. Believed in the idea of . divine right, meaning that monarchs acted as god's representative on earth. An absolute monarch answered only to god, not to the people.
The primary purpose of supervision can be considered as "ensuring the welfare of clients and enhancing the development of the supervisee in work". Its functions could be described as " providing education, support and evaluation against the norms and standards...
SOLUTIONTRACK | VMware vSphere ... In IT consulting, it's providing IT support for a monthly contract. Contrast this to "T&M" or Time and Materials - you only charge the customer for the hours you put in. ... Information Systems to...
50% Excel spreadsheets (e.g., financial reports) are semi-structured. The need to canonicalize similar information across varying formats is huge. Companies like KPMG, Deloitte can budget millions of dollars each to solve this.
Login For PACS. 1) Click on . Link Button. Download User Manual For - PACS . for downloading the . User Manual . 2) Click on . Link Button. PACS and Vyapar Mandal . for downloading the . Android Application....
Ready to download the document? Go ahead and hit continue!