1 / 14

Schema: eduPerson views

Schema: eduPerson views. Michael R Gettes Duke University EuroCAMP, November 2005. Whence we came. Phoenix, Arizona Airport, February 2000

maddy
Download Presentation

Schema: eduPerson views

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Schema: eduPerson views Michael R Gettes Duke University EuroCAMP, November 2005

  2. Whence we came • Phoenix, Arizona Airport, February 2000 • Hazelton/Gettes set ground rules for development of eduPerson objectclass with eye towards DoDHE, “Shibboleth to be” and other inter-institutional applications. • Low-hanging fruit and controlled vocabularies. • Learn why schools will want more instead of flexibility • A better definition than the “standard OCs” (like CN) • Assist local directory implementations -- not be the answer! • DomainComponent Naming (eduPerson, dukeEduPerson) • eduPerson 1.0 released Jan. 2001 • First version July 2000 0.6 (or something like that)

  3. Where we are now? • Schema (LDAP) for US Higher Education • Low hanging fruit, interoperable data • Easy stuff that we can all agree is true • eduPerson + LDAP-Recipe go together • Auxiliary OC extending Person, orgPerson, inetOrgPerson • localEduPerson • local attributes are a local problem (clear enough?) • eduOrg (and edu* schemas being developed) • usPerson / govPerson? (work just beginning) • http://middleware.internet2.edu

  4. Where are we going? • Use the past as a predictor of the future • Not much change in perspective • Current view is serving well • We are considering some new attributes • We are NOT expanding our vocabularies as much as we thought • Continuing struggle: local vs. non-local • Has been difficult getting Int’l involvement • This has been improving over the last 18 months • UML for general schema; LDAP is one expression

  5. eduPerson 200312 • eduPerson • OrgDN, OrgUnitDN, NickName, PrincipalName*, PrimaryAffiliation*, Affiliation* Entitlement*, ScopedAffiliation*, • eduPerson{Primary}Affiliation • Values: faculty, student, staff, alumni, employee, member, affiliate • Considering: parent, prospect

  6. eduPersonPrincipalName • What is a Principal? (think security) • This is NOT a Kerberos Principal • And it is not a Mail Address • gettes@duke.edu, pbh@mit.edu • An inter-institutional identifier • SINGLE-VALUE definition • Used by Shibboleth -- this was the intent from the beginning • But, used in ACLs by other tools as well

  7. eduPersonScopedAffiliation • Driven by Shibboleth needs • Syntax like eduPersonPrincipalName • student@brown.edu • alumni@duke.edu • subscriber@nytimes.com (!?!) • Raises problems about who is authorized to assert what • An “inter-realm metadirectory function” • A field full of ratholes and land mines…

  8. eduPersonEntitlement • Original problem: how to change schema without changing schema. Needed by GRIDs • Values are URIs (URL or URN) • urn:mace: accepted by IETF and registered with IANA • Gives us a way to make values unique in the entitlement namespace without elaborate registry mechanism • urn:mace:wisc.edu:bucky-bundle • urn:mace:oclc:org:autho:NNNN • urn:mace:duke.edu:library:oclc:contract-NNN • namespace registry by MACE

  9. eduPersonTargetedID • Not likely to be found in Directories • Form: id (no context, a problem??) • Persistent, non-reassigned, privacy preserving. At some definition of persistent. • Further discussion in the shibboleth and federation talks at EuroCAMP.

  10. eduOrg 200210 • Higher Ed Organization object class • Basic organizational info attributes from X.520 • Telecomm, postal, locale • eduOrgHomePageURI • eduOrgIdentityAuthNPolicyURI • eduOrgLegalName • eduOrgSuperiorURI • eduOrgWhitePagesURI

  11. LDAP Analyzer (part of NMI) • Todd Piket, Michigan Tech • Web based tool to empirically analyze a directory • eduPerson compliance • Indexing and naming • LDAP-Recipe guidance (good practice) • H.350 compliance • eduOrg compliance http://middleware.internet2.edu/dir/

  12. Other related work • eduCourse (200506) • eduCourse Data Model (200505) • Globally unique identifiers for course offerings (200505) • LDAP representations of eduCourse attributes and an auxiliary object class (200505) • H.350 • Effort associated with Internet2 Vid-Mid working group. VidMid + MACE-Dir co-developed. • Pushed through ITU by Tyler Johnson, UNC

  13. LDIF Management • See http://www.educause.edu/eduperson • LDIF used to describe schema and also manage schema. Provides history and technical details in one place. • File

  14. Questions???

More Related