The University of Wisconsin University Directory Service UDS

A repository of people informationHas been in production for about a year.Serves White pages, portal, and a growing number of other applications.Laying track ahead of the train.

Photo ID WiscWorld Others?

Human Resources

ISIS

Special Authorizations

RegistryDatabase

JOINRULES

Registry Transactions

LDAPDirectory

Mail Clients

AuthenticationRequests

PortalServices

Others?

UDS Conceptual Overview

Components of the UDS

The Registry

RegistryDatabase

JOINRULES

Registry Transactions

Components of the UDS: Registry

A relational database in OracleDesign principles:– Accept data as-is– Don’t make assumptions about correctness.– Don’t try to determine whose element is the “most

correct”– Keep it as flexible and open to change as possible

Components of the UDS: Registry

What’s in there:– Data to validate a person’s claim of identity

(authentication)– Role information and other data helpful to determine

eligibility– Contact information.

Components of the UDS: Registry

What it feeds:– Extracts for applications like Photo ID and

WiscWorld– Extracts that are better suited to a SQL environment

than to LDAP– Data warehouse.– The LDAP Directory

Components of the UDS

The Directory

LDAPDirectory

Components of the UDS: Directory

Purpose:– Designed to make Registry data accessible via

LDAP– Optimized for very high read volumes, relatively few

writes– Intended for high-speed response to small queries

(authentication sessions, contact lookups, etc)

Components of the UDS: Directory

Environment:– Accessed via LDAP v3– wiscEduPVI, wiscEduPerson, wiscEduDepartment– Some elements require authentication prior to

access

Components of the UDS: Directory

What’s in there:

– Contact information that is generally accessible– Person-related information and security info

• netid, campusid, pvi, affiliation info, password hash, – Attributes needed by certain vendor-supplied

applications

UDS: Uses

Applications including – Portal– Mail– Calendar– Other portal delivered services– Rec Sports, Photo ID– On-line student services. (authN via portal)

UDS: Current Status

Accomplished so far:– Authentication services for the My UW-Madison

portal and services delivered through it including mail and calendar.

– Role information to My UW-Madison portal– Interface for apps to get authorization attributes.– LDAP-accessible white pages– pH data through an LDAP gateway

UDS: Yet to do

Address waiting list of applications wishing to user the directoryExpand the portal applicationIntegrate with PeopleSoft 8Integrate with new HR systemFormer student/employee

UDS: Yet to do

Enhance role information“Fourth Source:” new groups of people who are not affiliated by being enrolled or paid.– Delegated admin/RA function.

Policy and possibly API (Shib Attribute Authority?) for “other” apps.Integrating people info distributed across many directories.

Directory Services: Ongoing

Policy: We are continually examining and revising data access policy Scalability: the directory services team is placed at the convergence point of all project critical paths. – To some extent this is unavoidable. Each vendor-supplied

LDAP application will create its own demands for attributes– But we need to commoditize UDS services for our own

applications.