the university of wisconsin university directory service uds a repository of people information has...
TRANSCRIPT
The University of Wisconsin University Directory Service UDS
A repository of people informationHas been in production for about a year.Serves White pages, portal, and a growing number of other applications.Laying track ahead of the train.
Photo ID WiscWorld Others?
Human Resources
ISIS
Special Authorizations
RegistryDatabase
JOINRULES
Registry Transactions
LDAPDirectory
Mail Clients
AuthenticationRequests
PortalServices
Others?
UDS Conceptual Overview
Components of the UDS
The Registry
RegistryDatabase
JOINRULES
Registry Transactions
Components of the UDS: Registry
A relational database in OracleDesign principles:– Accept data as-is– Don’t make assumptions about correctness.– Don’t try to determine whose element is the “most
correct”– Keep it as flexible and open to change as possible
Components of the UDS: Registry
What’s in there:– Data to validate a person’s claim of identity
(authentication)– Role information and other data helpful to determine
eligibility– Contact information.
Components of the UDS: Registry
What it feeds:– Extracts for applications like Photo ID and
WiscWorld– Extracts that are better suited to a SQL environment
than to LDAP– Data warehouse.– The LDAP Directory
Components of the UDS
The Directory
LDAPDirectory
Components of the UDS: Directory
Purpose:– Designed to make Registry data accessible via
LDAP– Optimized for very high read volumes, relatively few
writes– Intended for high-speed response to small queries
(authentication sessions, contact lookups, etc)
Components of the UDS: Directory
Environment:– Accessed via LDAP v3– wiscEduPVI, wiscEduPerson, wiscEduDepartment– Some elements require authentication prior to
access
Components of the UDS: Directory
What’s in there:
– Contact information that is generally accessible– Person-related information and security info
• netid, campusid, pvi, affiliation info, password hash, – Attributes needed by certain vendor-supplied
applications
UDS: Uses
Applications including – Portal– Mail– Calendar– Other portal delivered services– Rec Sports, Photo ID– On-line student services. (authN via portal)
UDS: Current Status
Accomplished so far:– Authentication services for the My UW-Madison
portal and services delivered through it including mail and calendar.
– Role information to My UW-Madison portal– Interface for apps to get authorization attributes.– LDAP-accessible white pages– pH data through an LDAP gateway
UDS: Yet to do
Address waiting list of applications wishing to user the directoryExpand the portal applicationIntegrate with PeopleSoft 8Integrate with new HR systemFormer student/employee
UDS: Yet to do
Enhance role information“Fourth Source:” new groups of people who are not affiliated by being enrolled or paid.– Delegated admin/RA function.
Policy and possibly API (Shib Attribute Authority?) for “other” apps.Integrating people info distributed across many directories.
Directory Services: Ongoing
Policy: We are continually examining and revising data access policy Scalability: the directory services team is placed at the convergence point of all project critical paths. – To some extent this is unavoidable. Each vendor-supplied
LDAP application will create its own demands for attributes– But we need to commoditize UDS services for our own
applications.