1、A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,1,Directory and Person Registry Implementation Details,Art Vandenberg Director, Advanced Campus Services Information Systems & Technology Georgia State University Avandenberggsu.edu,A.Vandenberg October 24, 2001,U
2、niversity System of Georgia Annual Computing Conference,2,“Doing of New Things”,“What is science? a special method of finding things out the body of knowledge It may also mean the new things you can do when you have found something out, or the actual doing of new things. This last field is usually c
3、alled technology” Richard P. Feynman, The Meaning of It All: Thoughts of a Citizen Scientist, 1998.,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,3,In the Abstract,Directory architecture includes a “person registry” Person registry “synchronizes” records Inpu
4、t from administrative applications Supports LDAP, student email, WebCT, OneCard, Rec Center access, etc,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,4,Overview,Introducing the real “killer app” Defining Enterprise Directory Architecture WebCT Provisioning Pa
5、rt one Student Email Provisioning Next! Student Rec Center WebCT Provisioning Part two Future Provisioning,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,5,Introducing Killer App,Benefits of LDAP enterprise directory well articulated Looking for killer app? “W
6、e often say that the overall integration and unification a general-purpose directory infrastructure enables is the real killer app” The Burton Group, The Enterprise Directory Value Proposition,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,6,Defining the Archi
7、tecture,Directory: name, title, dept, address, phone LDAP compliant interface Logical join: HR, student, alumni, affiliate Person Registry is the join mechanism Core “person” attributes- data stewards help Incremental approach NB: Enhance, dont replace, existing apps,A.Vandenberg October 24, 2001,Un
8、iversity System of Georgia Annual Computing Conference,7,Defining the Architecture Resources,www.internet2.edu/middleware : Identifiers, Authentication, and Directories: Best Practices for Higher Education The Burton Group: Developing a Directory Architecture, 3 tier model Directory Project Cookbook
9、, cross-functional management, high-level sponsor, iterative approach Bob Morgan: Person Reg Phase I Tasks, checklist,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,8,Defining the Architecture Result,GSU Person Registry: Initial person registry design Entity r
10、elationship diagrams Overall architectural model Process flows from source systems Specific file record definitions for source data Starting point (“But, more scenarios would be nice),A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,9,WebCT Provisioning Part 1,F
11、aculty want: automated WebCT accounts Sept 2000 Goal: do so by January 2001 Advantages of being “first”: No existing object constraints One population selection: students in courses Familiar extract, several existing code sections Oracle tables basic RIKEY unique ID for simple joins of tables,A.Vand
12、enberg October 24, 2001,University System of Georgia Annual Computing Conference,10,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,11,WebCT,Core student info via nightly batch STUFILE table Represents nightly batch Reference for pre-transformation Audit? tie b
13、ack to original STUFILE mapped to STUDENT and undergoes transformations,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,12,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,13,WebCT,Transformations to STUDENT include: RIKEY
14、becomes key, SSN only attribute Name is SIS_Name Code lookups & LAST_“activity” fields added Operational info (DATE_Created) added Some data in other tables: ADDRESS, Courses, WebCT info STUFILE_CHANGES table holds change info STUDENT mapped to PERSON table,A.Vandenberg October 24, 2001,University S
15、ystem of Georgia Annual Computing Conference,14,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,15,WebCT,PERSON master table DISPLAY formats of data PRIMARY_AFFILIATION added (Student) Name components (first, middle, last) ISO and BARCODE? Identifiers still pro
16、visioned from “OC_Tables” Legacy issues oh yeah, the past Migration is stepwise,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,16,WebCT Provisioning Observations,Person Registry flexible, not constrained by complex design Student info kept redundantly (source,
17、 load file, transform table, Master Person) WebCT ids assigned in registry process, file output for WebCT Magically enrolled WebCT courses WebCT API bug oops, whats with that?,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,17,Student Email Starting to Prioriti
18、ze,Steering Group sets overall priorities Person Registry Task List weekly status Incremental implementation methodology but awareness of longer term LDAP to replace CSO directory Authoritative repository on persons Applications: dont forget previous queue,A.Vandenberg October 24, 2001,University Sy
19、stem of Georgia Annual Computing Conference,18,Student Email,Dec 2000, Student Email & Web Definition Committee recommends policy All students get email “This system was made possible by the 2001 Student Technology Fee, and is effective June 11, 2001.” (Whoa!) Email, Lab access, file space, web spac
20、e,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,19,Student Email Raising the Bar,Single userid/pw for multiple services Holy grail for enterprise solutions Userid activation includes authentication Person registry sets userid, initial pw Student app provides
21、authentication (legacy) So password resets can be self service (Future Questing: Account Management),A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,20,Student Email Raising the Bar,Not just enrolled need more attributes Admitted, eligible to enroll, registered
22、 Monitor expiry of status Maintain “active” “inactive” flags Business rule: Whats email policy intent? NB: “inactive” remain in person registry Build privilege objects as needed,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,21,Student Email Raising the Bar,Ta
23、 Da! LDAP is part of the solution! Novell NIMS (Network Internet Messaging System) supports any IMAP, LDAP client Person registry provisions NIMS via LDIF transaction sets Person registry construct enables recovery of LDIF transactions,A.Vandenberg October 24, 2001,University System of Georgia Annua
24、l Computing Conference,22,Next! Student Rec Center,High profile, funded by student fees Opening August 2001 access needed New registry persons staff, alumni, affiliates matching required Data store requirements for elements not in any source system On time (and Goodbye to “OC_Tables”),A.Vandenberg O
25、ctober 24, 2001,University System of Georgia Annual Computing Conference,23,Student Rec Center,Expanding registry population Matching (avoiding duplicates) needed Legacy HR app does check legacy student If matches SSN, prefills address, phone, gender, race, DOB (not name, its a format issue) What if
26、 SSN “wrong” or cant match to student Temp_SSN_Number? Maintain separate tables for student, staff Matching always with us Open Issue,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,24,Student Rec Center,Data store requirements Affiliates records No surprise, e
27、xpected Does require interface (avoid duplicates!) Must have sponsor record Multiple affiliations possible (how handle as moves beyond Rec Center?),A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,25,Student Rec Center,Data store for “liability waiver” Unexpecte
28、d Rec Center business liability requirement Special business rules internal to Rec Center Fees paid issue “Not your registrars fees paid!” What if affiliate, staff not using payroll deduction, Alumni?,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,26,Student R
29、ec Center On Time & Bonus Round,“OC_Tables” are dead, long live registry! ISO, Barcode now assigned at registry “PantherCard” printing feeds from registry PeopleSoft financial interface to person registry Library feed part of person registry (not yet from person registry) Uhhh, did we mention “Produ
30、ction?” Did we mention security?,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,27,WebCT Provisioning Part 2,Recall WebCT API bug January 2001? Rebuilt WebCT provisioning for Fall 2001 (Work around API remains open issue) NameSpace issues: Student: Flastnamest
31、udent.gsu.edu Faculty/Staff: Flastnamegsu.edu How distinguish better? Is it a Unique ID? Tough to resolve in production mode!,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,28,WebCT Provisioning Part 2,Students will have single userid/pw for: Email, Lab access
32、, file space, web spaceand WebCT,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,29,Future Provisioning,Addressing NameSpace issues Immediate need for email and UID Email groups very hot Enhanced Library feed Non-trivial: how many patron groups are there? LDAP
33、White Pages & CSO migration That means redoing sendmail Requires self-service for WP entries,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,30,Future Provisioning,FERPA and access issues Prerequisite for LDAP White Pages Okay, so how provision if no attributes
34、? OPEN Account management support Buying solution is expensive Building solution may be complex But customers want services And auditors want security,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,31,Future Provisioning,PKI deployment Synchronization using Me
35、tamerge Move from batch file processing to transaction processing Provide immediate registry update for self-service request Auto update of source systems? LDAP WP? Annual phonebook printing,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,32,Future Provisionin
36、g,SCT Banner Student integration PeopleSoft Human Resources integration Security, production, resourcesYour applications here: Use additional lines as needed _ _ _,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,33,Conclusion almost,The person registry is a cor
37、e component of an enterprise directory architectureRemember slide 8s last bullet? Starting point (“But, more scenarios would be nice”)Weve been discussing the scenarios.,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,34,A.Vandenberg October 24, 2001,University
38、 System of Georgia Annual Computing Conference,35,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,36,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,37,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,38,A.Vandenberg October 24, 2001,University System of Georgia Annual Computing Conference,39,Questions, Comments?,
