Transcript ppt

The University of Wisconsin
University Directory Service UDS
A repository of people information
Has been in production for about a year.
Serves White pages, portal, and a growing
number of other applications.
Laying track ahead of the train.
UDS Conceptual Overview
Mail Clients
Human Resources
ISIS
JOIN
RULES
Special
Authorizations
Registry
Database
LDAP
Directory
Authentication
Requests
Portal
Services
Registry Transactions
Others?
Photo ID
WiscWorld
Others?
Components of the UDS
The Registry
JOIN
RULES
Registry
Database
Registry Transactions
Components of the UDS: Registry
A relational database in Oracle
Design principles:
– Accept data as-is
– Don’t make assumptions about correctness.
– Don’t try to determine whose element is the “most
correct”
– Keep it as flexible and open to change as possible
Components of the UDS: Registry
What’s in there:
– Data to validate a person’s claim of identity
(authentication)
– Role information and other data helpful to determine
eligibility
– Contact information.
Components of the UDS: Registry
What it feeds:
– Extracts for applications like Photo ID and
WiscWorld
– Extracts that are better suited to a SQL environment
than to LDAP
– Data warehouse.
– The LDAP Directory
Components of the UDS
The Directory
LDAP
Directory
Components of the UDS: Directory
Purpose:
– Designed to make Registry data accessible via
LDAP
– Optimized for very high read volumes, relatively few
writes
– Intended for high-speed response to small queries
(authentication sessions, contact lookups, etc)
Components of the UDS: Directory
Environment:
– Accessed via LDAP v3
– wiscEduPVI, wiscEduPerson, wiscEduDepartment
– Some elements require authentication prior to
access
Components of the UDS: Directory
What’s in there:
– Contact information that is generally accessible
– Person-related information and security info
• netid, campusid, pvi, affiliation info, password hash,
– Attributes needed by certain vendor-supplied
applications
UDS: Uses
Applications including
–
–
–
–
–
–
Portal
Mail
Calendar
Other portal delivered services
Rec Sports, Photo ID
On-line student services. (authN via portal)
UDS: Current Status
Accomplished so far:
– Authentication services for the My UW-Madison
portal and services delivered through it including
mail and calendar.
– Role information to My UW-Madison portal
– Interface for apps to get authorization attributes.
– LDAP-accessible white pages
– pH data through an LDAP gateway
UDS: Yet to do
Address waiting list of applications wishing to
user the directory
Expand the portal application
Integrate with PeopleSoft 8
Integrate with new HR system
Former student/employee
UDS: Yet to do
Enhance role information
“Fourth Source:” new groups of people who are
not affiliated by being enrolled or paid.
– Delegated admin/RA function.
Policy and possibly API (Shib Attribute
Authority?) for “other” apps.
Integrating people info distributed across many
directories.
Directory Services: Ongoing
Policy: We are continually examining and revising data
access policy
Scalability: the directory services team is placed at the
convergence point of all project critical paths.
– To some extent this is unavoidable. Each vendor-supplied
LDAP application will create its own demands for attributes
– But we need to commoditize UDS services for our own
applications.