Ucb enterprise directory
Download
1 / 24

UCB Enterprise Directory - PowerPoint PPT Presentation


  • 190 Views
  • Updated On :

UCB Enterprise Directory. February 7, 2002. Establish a framework for deploying and maintaining general purpose directory services for the University of Colorado at Boulder within the context of the University-wide environment. History Refresher – Commissioning Statement.

Related searches for UCB Enterprise Directory

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'UCB Enterprise Directory' - annabel


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Ucb enterprise directory l.jpg

UCB Enterprise Directory

February 7, 2002


History refresher commissioning statement l.jpg

Establish a frameworkfor deploying and maintaining general purpose directory services for the University of Colorado at Boulder within the context of the University-wide environment.

History Refresher – Commissioning Statement


History refresher goals l.jpg
History Refresher – Goals

  • Develop and implement an enterprise directory service for UCB

  • Status:

    • UCB enterprise directory initial phase was implemented November 5th, 2001.

    • iPlanet Directory Server, running on Solaris 450 at the CC with a replicated directory instance running on a Solaris 450 at Tele.


History refresher goals4 l.jpg
History Refresher – Goals

  • Trusted, authoritative source of data

  • Status:The Enterprise Directory blends data from SIS, HR and Uniquid using business rules, processes and policies agreed upon by campus-wide representatives.


History refresher goals5 l.jpg
History Refresher – Goals

  • Identity, data and relationship management

  • Status:

    • The Enterprise Directory offers a single entry per person reflecting all CU-related roles.

    • Identity verification using Employee ID, SID, SSN, Previous SID, Name, DOB, gender

    • Data population logic is based upon Steering Team-established business rules and policies

    • Process determines Affiliation, Primary Affiliation and corresponding privileges.


History refresher goals6 l.jpg
History Refresher – Goals

  • Usable by a variety of applications and services

  • Status:

    • Built upon LDAP standards, maximizing its potential for subsequent use.

    • Apps/services currently using the directory:White Pages (in production) Printed Directory (produced Fall, 2001 edition) Email address source for various applications Calendar (pilot) Affiliation Verification (local to Service Center) Radius (proof of concept) Mac OS authentication (proof of concept) Attribute load into Active Directory (as needed)


History refresher goals7 l.jpg
History Refresher – Goals

  • Authentication Services

  • Status:

    • Framework established based upon LDAP standards, eduPerson standards, and affiliation definition.

    • Solution option testing is in process


Directory structure today l.jpg

MacOS

AuthN

pilot

Radius

concept

Calendaring

pilot

Authentication

testing

White Pages

(Nov.5, 2001)

Email

Addresses

Affiliation

Check

UCB

Directory

Printed

Directory

Registry

Directory

Build

Uniquid

Central

(pilot)

SIS

Identity

Recon.

H/R

Recon

report

Directory Structure Today


Directory and data l.jpg

HR

fac/staff;

empID

SIS

student;

SID

FIS

faculty;

SSN

Uniquid

accounts;

unix ID

IDcard

photos;

ISO

Telecom

phone locn

phone #

Directory and Data

  • Distinct sources for distinct roles (students, employees, faculty, electronic accounts, etc.)

  • Unique identifiers for each system

  • Blending together to build a CU Person

CU Person


Student data l.jpg

SIS

Registry/

Directory

Student Data

(java)

For Identity Matching:

- Student ID, Previous ID

- Name,Birth date, Gender

  • For Affiliation Logic, Authorization & Data Access

  • Enrollment Status, Withdraw Code, Expected Return

  • Fees Paid Indicator

  • Privacy Flag

For Directory Publication

- Name

- Local Address and Telephone

- Major(s), Minor(s), College(s)

- Class Level


Faculty and staff data l.jpg

PSHR

Registry/

Directory

Faculty and Staff Data

sql via db link

For Identity Matching:

- Employee Number, SSN

- Name,Birth date, Gender

For Employee and Job Selection

- Job status

- Employment end date

For Directory Publication

- Name

- Campus Box and Campus Phone

- JobDepartment(s), Home Department

- Job ClassTitle(s)

- Business Title(s)


Campus specific data or systems l.jpg

Uniquid

(Java)

Account & Email data (person)

ID Card

ISO and jpeg

Telecom

Office building/room data

FIS

Faculty Research and Degree data

Campus-Specific Data or Systems

Registry/

Directory


Registry l.jpg
Registry

ucb

email

email

person

cn

degree

campus

surname

seealso

major

research

au

given

name

affiliation

pw

college

activities

org

unit

org

job

cert

job

code

exceptions


Registry logic l.jpg
Registry Logic

Affiliation Building - Students

  • Enrollment status code = E

  • Withdraw code null

  • or Expected return date in the future

  • Type of student affiliation is based upon Academic Unit

    • Student (= “Student” affiliation)

    • Continuing Ed Credit Student (= “Student” affiliation)

    • Continuing Ed Non-Credit Student (= “Affiliate” affiliation)

  • Campus Affiliation based upon first character of AU


Registry logic15 l.jpg
Registry Logic

Affiliation Building - Employees

  • Appropriate employment status code

  • Appointment end date in the future

  • Type of employee affiliation is based upon Job Code

    • Faculty, Clinical Faculty, Research Faculty, Medical Resident, Fellowship/Trainee = “Faculty”

    • Student Faculty = “Student” and “Faculty”

    • Officer/Exempt Professional = “Officer/Professional” & “Staff”

    • Student Employee = “Affiliate” or “Employee”

    • Retiree = “Retiree” or “Affiliate”

    • Staff = “staff”

  • Campus Affiliation based upon first character of department code


Registry logic16 l.jpg
Registry Logic

Name Building

LastName, FirstName MiddleName 

FirstName MiddleName LastName

FirstName LastName

LastName FirstName

Watch for II, III, IV, Jr., Sr.Remove spaces in the last name; build another variation

Purpose: To facilitate name searching

Build displayName

use name associated with primaryAffiliation (employee = HR; student = SIS)

use most current version


Directory build logic l.jpg
Directory Build Logic

  • Find people in Affiliation Table

  • Find corresponding records in Job Table

    • Select the job data related to affiliation

  • Find corresponding records in AU Table

    • Select the academic unit data related to affiliation

  • Find all other tables/data related to the affiliation people (person, name(s), email, etc.)

  • Is person in directory?

    • If yes, modify. If no, create

  • Is person in directory no longer affiliated?

    • If so, delete from directory.


Directory l.jpg
Directory

organizational

Person

person

cuEduPerson

cn

description

seeAlso

sn

telephoneNumber

userPassword

facsimileTelephoneNumber

ou

physicalDeliveryOfficeName

postalAddress

street, st, postsalCode, l

postOfficeBox

preferredDeliveryMethod

title

uuid

au

activities & research

alternateContact

campus

degreeInstitution & Year

employmentStartDate

Expertise

feesIndicator

highestDegree

homeDepartment

ISO

major, minor, class

Privacy

SID, SSN

inetOrgPerson

eduPerson

o & departmentNumber

displayName, givenName

employeeNumber

employeeType

homePhone,homePostalAddress

jpegPhoto & labeledURI

mail, uid

mobile & pager

roomNumber

userCertificate

affiliation

jobClassification

nickName

orgDN

orgUnitDN

primaryAffiliation

principalName

schoolCollegeName


Directory uses queries l.jpg

Tomcat/

cocoon

LDAP

query

Apache

White

Pages

Address

Book

Directory Uses – Queries

Directory

  • Anonymous query controls:

  • -Search based on name & variations (cn)

  • -Server controls “max” returns (80)

  • Access Controls to ensure: No display of privacy-enacted students

  • No display of employee home phone/address

  • Public data displayed:

  • Student local phone/address Student major, minor, college, class

  • Faculty/staff office phone/address, title, department

  • Email address, URL


Directory uses applications l.jpg

Cal

db

Calendar

Directory Uses – Applications

Directory

  • Directory and application extensions:

  • Authenticated application

    • Currently login ID and password

    • Moving to identikey authN, application-based authZ.

  • - Access to directory based on application rights

  • Use standard directory attributes (name, email)

  • Extend directory attributes (preferences)

  • Use application-specific attributes (schedule)


Directory uses authorization l.jpg

User

Request

Digital

Service/Resource

authN

Login

server

Directory Uses – Authorization

Directory

  • Directory and authorization for services/resources:

  • - Request resource

  • - Authenticate (you are who you say you are)

  • - Authorize (you can do what you want to do)

  • - Determine affiliation (faculty, staff, student, etc.)

  • Pass affiliation to requested service/resource

  • Pass additional attributes as needed by application


Directory structure phase 2 l.jpg

Radius

pilot

Calendaring

pilot

Data verification

Birthday

Message

Authentication

Implementation

Authentication

test

White Pages

Account Mgt

Project

Affil Ck

Email

Addresses

Sponsor

Create

Attribute

update

UCB

Directory

Initiate

Send Mail

project

Printed

Directory

Registry

Directory

Build

Uniquid

Central

(pilot)

Tele

(bldg/rm)

SIS

Identity

Recon.

H/R

ID Card

(ISO/jpg)

Recon

report

Directory Structure Phase 2

Central

Dir.


Project contacts l.jpg
Project Contacts

  • Project Manager, Paula Vaughan [email protected]

  • Directory Manager, Melinda [email protected]

  • Project Web Pagehttp://www.Colorado.EDU/committees/DirectoryServices/or from the UCB - ITS home page (“About ITS” ž“Projects & Initiatives” ž “Architecture and Infrastructure Initiatives”)



ad