1 / 30

Recent Developments in Directories

Recent Developments in Directories. Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin. Outline. Major themes Naming & structure for courses Group management toolset Non-eduPerson persons! Roundup of other active threads Prospective: Authorization

csouthworth
Télécharger la présentation

Recent Developments in Directories

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Recent Developments in Directories Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin

  2. Outline • Major themes • Naming & structure for courses • Group management toolset • Non-eduPerson persons! • Roundup of other active threads • Prospective: Authorization • Pipe up with questions or comments at any time!! Internet2 Fall Member Meeting

  3. MACE-CourseID Working GroupLaunched July, 2003 • http://middleware.internet2.edu/courseID/ • Major project goals • Propose a standard data element syntax to describe courses and hierarchical components of courses. • Propose a schema describing courses and course components… Internet2 Fall Member Meeting

  4. MACE-CourseID Working Group • 2.Propose a schema describing courses and course components that: • conforms to IMS standards or requirements for course description • maps readily from existing applications that utilize course descriptions such as administrative data systems, instructional management systems,etc. • Is Shibboleth compliant, to further leverage Shibboleth developments to enable authorization based on course enrollment • Is valid for inter-institutional as well as international collaborations Internet2 Fall Member Meeting

  5. Course Object Structure D R A F TTom Barton et al. A Course is Offered in a given Session by means of one or more Sections that have specified Meetings. Four ways to represent Cross Listings. Sections have Roles (ala IMS). Metadata about courses, sessions, meetings is unspecified … and therefore general enough! Internet2 Fall Member Meeting

  6. Single, globally unique identifierfor Course offering at section levelD R A F T, G. Agnew, K. Hazelton • The CourseID WG would name some agent to register as a namspace authority under the MACE urn, requesting that they be assigned the urn namespace urn:mace:courseid • Institutions would be encouraged to identify courses under their dns name, e.g. urn:mace:courseid:uchicago.edu… Internet2 Fall Member Meeting

  7. Single, globally unique identifierfor Course offering at section levelD R A F T, G. Agnew, K. Hazelton • Local course offering identifiers could be formed by combining whatever the institution uses as the short name in the timetable of course offerings with some indicator of the particular session in question as well as the primary section, e.g. urn:mace:courseid:uchicago.edu:Physics-101:fall-2004:section-01 Internet2 Fall Member Meeting

  8. Single, globally unique identifierfor Course offering at section levelD R A F T, G. Agnew, K. Hazelton • Choices ahead on formation of course-offering-section identfiers • More prescriptive, standardized vs. more local autonomy, local preferences • Stipulate ISO start-end dates rather than idiomatic “fall-04” • More opaque vs. more suggestive components • :uchicago.edu:35433:A2334:3002-1 vs. earlier example • More self-contained vs. more reliant on associated metadata • :uchicago.edu:IPEDS-Physics-sequence-for-majors:first-semester-….section-lead:j-spencer01 Internet2 Fall Member Meeting

  9. Discussion items • Scope of CourseID work • What to work on • What to work on first, second,… • What NOT to tackle (leave for others) • Scenarios offer guidance on scope question • Tug between mind sets of WG participants • requirements to support individual Shib pilots • requirements to support general IMS models • Related initiatives • Inter-group coordination Internet2 Fall Member Meeting

  10. Group toolset: a brief history • February 2002: “Practices in Directory Groups” completed • Operational issues attending deployments of groups: • Automated update from source systems • Ad hoc maintenance delegated to individuals or processes • Maintaining referential integrity • Provisioning of group information in multiple locations • Orderly removal of stale groups (aging) • Partial orderings of groups (e.g., subgroups) • Direct vs. indirect membership • Group math: referring to set theoretic combinations of groups • Meeting security, privacy, & visibility requirements Internet2 Fall Member Meeting

  11. Group toolset: a brief history • June 2002: Initial discussion of RIbot, Grouper, GASP • July 2002: “SAGE” replaces “GASP”, then discussion thread GASPs… • November 2002: initial “SAGE Scenarios” draft • February 2003: restart MACE-Dir-Groups conference calls to develop SAGE Scenarios doc Internet2 Fall Member Meeting

  12. Group toolset: a brief history • “SAGE Scenarios” released with NMI R3 in April 2003. • High level requirements • Don’t build a metadirectory • Automatic processing for enterprise groups • Manual processing for ad hoc groups • Multiple representations (in ldap) • Multiple group types (security, courses, roles, …) • Group math • Web service Internet2 Fall Member Meeting

  13. Group toolset: a brief history • May 2003: design oriented discussions begin • June 2003: We discover that “SAGE” name is taken • July 2003: Inception of “export Stanford’s Authority Manager” idea • August-September 2003: • “Grouper” replaces “SAGE” • Begin consideration of relationship between Stanford’s work and MACE-Dir-Groups (ergo, “Group Toolset”) • October 2003: Straw Man architecture Internet2 Fall Member Meeting

  14. Internet2 Fall Member Meeting

  15. Group Toolset architecture elements • http://middleware.internet2.edu/dir/groups/docs/draft-barton-grouptools-arch-01.html • Stream Loader – automated • Processes streams of records according to a set of rules to add/remove members from groups • Must already have an identity management system – distinct member identifiers in source streams must refer to distinct real world objects • Groups Manager Applications – ad hoc • Delegate aspects of group management to humans • One per “type” of group being managed Internet2 Fall Member Meeting

  16. Group Toolset architecture elements • Groups Registry • Relational database containing membership & other group metadata • Supports multiple (locally defined) group types • Basic • Course (ala courseID work, perhaps) • Department • Role • Your type here • Supports multiple “membership attributes” • Members, owners, enrollees, instructors, TAs, permissions, obligations, … • Supports subgroups Internet2 Fall Member Meeting

  17. Group Toolset architecture elements • API • Integrates all access to the Groups Registry by elements of this architecture • Serializes updates • Determines & enumerates atomic changes • Provisioning Connectors • Pulls all changes since last change number • Responsible for all aspects of group presentation in connected consumer • LDAP, AD, flat files, xml docs, … Internet2 Fall Member Meeting

  18. Group Toolset: next steps • Refine the architecture into finer level of detail • Resolve several thorny issues • Nature of rules to process streams • Representation of compound groups • Representation of changes • Decide which subset of the result should be built, initially Internet2 Fall Member Meeting

  19. otherPerson schema efforts • localPerson schema survey by MACE-Dir • Int’l coordination of person schema efforts Internet2 Fall Member Meeting

  20. localPerson schema survey by MACE-Dir • http://middleware.internet2.edu/dir/ • http://middleware.internet2.edu/dir/localsurvey.html Internet2 Fall Member Meeting

  21. localPerson schema survey by MACE-Dir • institution-level need for attributes not provided in existing object classes • describe the attributes you’ve added & why • have you created a container object class for them? • Auxiliary, structural? Internet2 Fall Member Meeting

  22. localPerson schema survey by MACE-Dir • Are there emergent common or best practices? • Are there some attributes that could be promoted to eduPerson? • Other actions suggested by survey results? • Thanks to Brendan Bellina (Notre Dame) and Ann West (Mich. Tech. U) for driving this! Internet2 Fall Member Meeting

  23. Int’l Collaboration on Schema Work • Person schema activities are flourishing • http://domen.uninett.no/~im/schema/ (Ingrid Melve, Uninett) • norEduPerson • funetEduPerson • swissEduPerson • NLEduPerson • DEEP survey questions on schema needs • & further afield, WALAP activity in Australia Internet2 Fall Member Meeting

  24. Collaboration on Schema Work • What to work toward? • (In order of increasing difficulty and decreasing probability of success) • Agreement on a list of interesting attributes • Common syntax and semantics across schema for given attribute type • A kind of inter-federation diplomatic activity • Agreement on inclusion in a standard schema • eduPerson? • Next release of X.520? • Other candidates? • Processes for ongoing schema coordination • Even common syntax & semantics would boost interoperability in attribute mapping Internet2 Fall Member Meeting

  25. Collaboration on Schema Work • How will we do the work? • Internet2 is scheduling a concentrated series of conference calls • Europe & US (one set of calls) • …and Pacific -- US (a second, parallel set of calls) • Charter is to tackle the identified work items • Time permitting, move on to organizational object schema Internet2 Fall Member Meeting

  26. Roundup of other activity • eduPersonScopedAffiliation attribute • Driven by Shibboleth needs • Syntax like eduPersonPrincipalName • student@brown.edu • Raises problems about who is authorized to assert what • An “inter-realm metadirectory function” • A field full of ratholes and land mines… • eduPersonAffiliation value vocabulary growth • Prospect, parent Internet2 Fall Member Meeting

  27. Roundup of other activity • eduPerson implementation files • .ldif, .schema, programmatic loader • eduOrg • Should it support Shibboleth based Federations? • H.350 & video middleware cookbook • http://metric.it.uab.edu/vnet/cookbook • LDAP Analyzer • Will rev to track changes to eduPerson, eduOrg, & H.350. Internet2 Fall Member Meeting

  28. Roundup of other activity • isMemberOf • What: attribute in member objects that lists references to groups to which that object belongs • Status: Related work in IETF being reviewed, prior to submitting a proposal to ITU study group 16 to include in X.520. Internet2 Fall Member Meeting

  29. Authorization Perspective on MACE-Dir Work Areas • Support for authZ: metadir, registry, directory • Coming to fore in Group toolset work with Grouper, Stanford • Info model to support authZ requirements: • Non-person objects (courses, services, resources,...) • Relationally structured authZ info: "instructors in physics” • Identifiers for each and every one of these info objects (principles on naming) Internet2 Fall Member Meeting

  30. MACE-Dir BoF • Where: Lincoln room • When: 5:45 – 7:15 tonight (i.e., now) • What: • Discussion of future work • Food & drink Internet2 Fall Member Meeting

More Related