1 / 20

Directories: The Next Stage

Join Senior IT Architect Keith Hazelton from the University of Wisconsin-Madison for a deep dive into the evolution of directory services through MACE-Dir, supported by the NSF Middleware Initiative (NMI). This session will cover the growth of directory services, the role of eduPerson and other object classes, and Shibboleth support for secure access. Discover collaborative projects that aim to standardize the directory environment for educational institutions, improve identity management, and facilitate resource access across systems. Questions can be sent via email during the session.

tahir
Télécharger la présentation

Directories: The Next Stage

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Directories: The Next Stage Keith Hazelton, Senior IT Architect University of Wisconsin-Madison

  2. N O T E ! ! ! • For this morning’s session, send questions via email to: • mw-vimm-questions@ • internet2.edu

  3. Directories, the Next Stage: Outline • MACE-Dir growth courtesy of NMI • Game plan for this morning’s session • Projects directly under MACE-Dir • eduPerson, other object classes • Shibboleth support • Affiliated directories & VidMid dir bits

  4. MACE-Dir growth courtesy of NMI • NSF Middleware Initiative (NMI) • NSF-funded program ($12m) to establish standard environment for scientific and educational computing • Recipients: Internet2, Educause, SURA, Grids

  5. MACE-Dir growth courtesy of NMI • Directory work prominent in Internet2 NMI • Panelists: volunteers of yesteryear, their home institutions will now be reimbursed • The top tasks for year one? Watch today’s presentations

  6. MACE-Dir growth courtesy of NMI I2 Middleware Architecture Committee for Education HEPKI MACE-Dir Shibboleth Groups VidMid Metadir Affil. Dirs. . . .

  7. MACE-Dir growth courtesy of NMI • MACE-Dir Technical Advisory Board • World class experts like: • David Chadwick (X.500 fame) • Kurt Zeilenga (IBM, OpenLDAP) • Kim Cameron (MS, Zoomit) & more • To stress-test and improve our ideas

  8. Gameplan for this session • Keith Hazelton: eduObjects, affiliated dirs. • Michael Gettes: Dir. of Dirs. for Higher Ed. • Tom Barton: Groups and roles in directories • Richard Jones: Metadirectories • <Break> • Panel discussion / Q & A

  9. eduPerson, other eduObject classes • eduObjects: People, Organizations, Services, Resources,… • Widely implemented common attributes • Extensible object classes (your attr.here) • Lower impedance in application access to info • No need to invest in your own wheel factory

  10. eduPerson, other eduObject classes • The tough parts: • Being smart in picking the attributes worth the long, hard journey to consensus • Being modest about how much of the ocean to boil • Engaging the critical stakeholders • Promulgating achieved goodness

  11. eduObject win: Shibboleth support • Authenticate locally, access resources globally • Secure sharing of authorization information between home institution and target site • eduOrganization information essential

  12. eduObject win: Shibboleth support • Person taking a for-credit course at a different institution: • Need to define, create and share new data elements such as class names, majors, without risking naming chaos • Need to define equivalency mappings

  13. eduObject win: Shibboleth support • And further out there: • What if we had shareable object classes that could carry access control policies? • A more flexible and dynamic Shibboleth

  14. Affiliated directories • Discarded goal: Single huge institutional directory with all attributes anyone and any application will ever need • New goal: One institutional directory that manages identity across IT systems; • Plus a federation of special-purpose directories with complementary contents

  15. Affiliated directories wins • If we find a solid approach and offer tools: • NASA could launch object classes at the same time as a new International Space Station experimental module • Auto-linked to the assigned investigators at research centers and universities • Keep investigator contact info current

  16. Affiliated directories wins • MACE-VidMid could create vendor supported solution for authenticated, controlled access to video streams • Basic person information in general purpose directory • Video attributes in application-specific directory • Mappings from person to workstation

  17. Affiliated directories: the challenges • How to associate an attribute value with its ultimate, authoritative source, and trust that it has not been altered in transit • Digital signatures look like part of the solution • How to agree upon who is authoritative for what

  18. Affiliated directories: the challenges • How to link identities across directories • How to make the linkage persistent in the face of identifier changes • How not to degrade privacy as information repositories aggregate bits and pieces of personal information

  19. Affiliated directories: the challenges • Not to mention synchronizing data without benefit of synchronization standards • If MACE-Dir and its working groups can meet challenges such as these, NMI will have gotten real value for its investment

  20. Conclusion • Track NMI Directory work, or better yet, participate • http://middleware.internet2.edu

More Related