Strategies for Directory Deployment - Centralized, Distributed, Federated, Decentralized

Presenters (East to West):

Suresh Balakrishnan, University System of Maryland Dennis Cromwell, Indiana University - BloomingtonMelinda Jones, University of Colorado at BoulderMark Crase, California State University David Bantz, University of Alaska

Strategies for Directory Deployment - Centralized, Distributed, Federated, Decentralized

2003.10.14 [email protected]

UA Enterprise Directory

•Centralized core data

•Campus applications

•Contacts: self-service

University of Alaska

UA Directory Status

67,000 students; 10,000 employees; 760 departments

Departments fork linked to employees

Web gateway interface supports searching, listing, self-service data

Scheduled & ad hoc batch updates from multiple sources

QuickTime™ and aPhoto - JPEG decompressor

are needed to see this picture.

UA Enterprise Directory StrategyEnvironmental Challenges

Distributed implementation team

Complex interface constraints - based on attributes or roles

Sub-set vs. super-set philosophies

Two phase commit for self-service edits (Registry/EDir)

Registry (Oracle db) enforces UA rules (syntax, constraints, validation values)

Distributed admin facilitated by attribute-based roles (role-based ACIs)

UA Enterprise Directory Responses to Challenges

UA Directory Architecture

SQL

B*ntz

Directory Search (Anon.)

Directory Search (Auth.)

Detailed Results (Anon.)

Self-service edits (Auth.)

Employee ids, student ids, social security identifiers are not stored in the Directory

Web gateway intermediary communicates only via SSL

Data changed only by “known” processes (web gateway or MAU IT)

Gateway limits bulk harvesting

Protecting Information