id management in university id management in university kenzi watanabe saga university, japan...
TRANSCRIPT
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
ID Management in University
Kenzi WatanabeSaga University, Japan
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学16/02/2012 The 33rd APAN Meeting
5 FacultiesApprox.7,000Students2,000 Faculty Members
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
ID Management History ofSaga University
• 1998, ID for all students• 2001, ID for all faculty members
• 1998, ID Integration for Windows and UNIX• 2002, Integrated authentication system• 2010, Shibboleth
16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
Backgrounds
• Information Literacy Education (1990 〜 )• Deployments of Self-maintained Online
Systems with Web (2000 〜 )
16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
Contents
• What is ID ?• Backgrounds of ID Management History• ID Management Systems in Saga University• Issues in Implementations• Conclusion
16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
What is ID ?
• ID is an identifier for each user– A symbol of yourself in
ICT world– Known as “User ID”
• ID is used in authentication procedure with a password– Login
16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
ID Management History ofSaga University
• 1998, ID for all students• 2001, ID for all faculty members
• 1998, ID Integration for Windows and UNIX• 2002, Integrated authentication system• 2010, Shibboleth
16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学The 33rd APAN Meeting
Backgrounds of ID Management History
• Information Literacy Education (1990 〜 )• Deployments of Self-maintained Online
Systems with Web (2000 〜 )
16/02/2012
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
PC Room History in Saga University
16/02/2012 The 33rd APAN Meeting
1990 〜 1994 1994 〜 1998
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学16/02/2012 The 33rd APAN Meeting
Windows & UNIX dual boot system (1998 – 2002)
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
ID Management Technologies
• UNIX– /etc/passwd– NIS (Network Information Service)
• Microsoft Windows– DC (Domain Controller)– AD (Active Directory)
The 33rd APAN Meeting
For small system
For networked system
For novel system
For stand-alone system
16/02/2012
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
Different IDs and passwords
The 33rd APAN Meeting
sato1pw1
sato2pw2
Inconvenient !!
Windows
UNIX
16/02/2012
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
Same ID and passwordwithout Synchronization
The 33rd APAN Meeting
satopw1
satopw1
Inconvenient !!Not changed
UNIX
Windows
satopw2Change!
16/02/2012
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
Same ID and passwordwith Synchronization
The 33rd APAN Meeting
Convenient !!
UNIX
Windows
Directory Server
authentication
authentication
Password change
16/02/2012
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
ID Management History ofSaga University
• 1998, ID for all students• 2001, ID for all faculty members
• 1998, ID Integration for Windows and UNIX• 2002, Integrated authentication system• 2010, Shibboleth
16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
Deployments of Self-maintained Online Systems with Web
• Online Systems– E-mail– Educational affairs
• Syllabus, Evaluation, Registration
– Digital Library• Teachers’ DB
• What ware changed ?– More personalized– Self-maintained
16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
e.g. Teachers’ DB
• Teachers’ directory– Gathering activities of all professors– Research, Education, Social activities, etc..
• These outcomes become basics and evidences for the evaluation of university
• Who inputs data ?– By themselves
16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
ID Management History ofSaga University
• 1998, ID for all students• 2001, ID for all faculty members
• 1998, ID Integration for Windows and UNIX• 2002, Integrated authentication system• 2010, Shibboleth
16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学The 33rd APAN Meeting
Unified User DB(PostgreSQL)
Operation(Add, Remove, Modify)
LDAP
LDAP (Replica)NIS/NIS+ AD
General
WindowsLinux
IMAP4S
FTPPOP3S
Other Servers(e.g. PHP based)
Saga Univ. @ 2002
16/02/2012
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
Unified User DB
• Master database for user attributes– User ID– Initial password– Full name– Affiliation– Title– Position– etc …
• Authentication InfrastructureThe 33rd APAN Meeting16/02/2012
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学The 33rd APAN Meeting
Unified User DB(PostgreSQL)
Operation(Add, Remove, Modify)
LDAP
LDAP (Replica)NIS/NIS+ AD
General
WindowsLinux
IMAP4S
FTPPOP3S
Other Servers(e.g. PHP based)
Saga Univ. @ 2002
16/02/2012
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学The 33rd APAN Meeting16/02/2012
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
Shibboleth
• Increasing Web-based systems• Inconvenience
– Entering User ID and Password many times– More secure way
• Opengate– A captive portal type network user authentication
system
16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学The 33rd APAN Meeting
Unified User DB(PostgreSQL)
Operation(Add, Remove, Modify)
LDAP
LDAP (Replica)IdP AD
General
WindowsSolaris
IMAP4S
FTPPOP3S
Other Servers(e.g. PHP based)
SPs
Saga Univ. @ 2010
16/02/2012
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
Issues in Implementations
• Consolidation of multiple accounts to a single entry– Identification– Clear scheme definitions of ID– ID naming rules
• Cooperation with various sections– What section has authority ?– Data Transfer method
• Decision making16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学16/02/2012 The 33rd APAN Meeting
Research associatePhD course student
Case 1 2 IDs
Case 2 1 ID has 2 attributes
user1 user2
Research associatePhD course student
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
ID Naming Rules
• Random based ? Name based ?• Same family and personal name ?• Same with Student ID ?
16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
Issues in Implementations
• Consolidation of multiple accounts to a single entry– Identification– Clear scheme definitions of ID– ID naming rules
• Cooperation with various sections– What section has authority ?– Data Transfer method
• Decision making16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学The 33rd APAN Meeting
Unified User DB(PostgreSQL)
Operation(Add, Remove, Modify)
LDAP
LDAP (Replica)IdP AD
General
WindowsSolaris
IMAP4S
FTPPOP3S
Other Servers(e.g. PHP based)
SPs
Saga Univ. @ 2010
16/02/2012
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
Data Transfer Method
• Online ?– Data format
• CSV ? XML ?
– Real-time transactions or Batch jobs ?• Both ?
• Offline ?– Data format ?– Media type
• DVD ? MO ?
16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学The 33rd APAN Meeting
Unified User DB(PostgreSQL)
Operation(Add, Remove, Modify)
LDAP
LDAP (Replica)IdP AD
General
WindowsSolaris
IMAP4S
FTPPOP3S
Other Servers(e.g. PHP based)
SPs
Saga Univ. @ 2010
16/02/2012
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
Issues in Implementations
• Consolidation of multiple accounts to a single entry– Identification– Clear scheme definitions of ID– ID naming rules
• Cooperation with various sections– What section has authority ?– Data Transfer method
• Decision making16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
Conclusion
• What is ID ?• Backgrounds of ID Management History• ID Management Systems in Saga University• Issues in Implementations
16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
Acknowledgements
• NTT DATA KYUSHU Corporation
• Net One Systems CO. LTD.
16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学16/02/2012 The 33rd APAN Meeting
国立大学法人 SAGA UNIVERSITY
佐 賀 大 学
ID Management Technologies
• LDAP ( Lightweight Directory Access Protocol )– Directory services
• Active Directory has LDAP functions– Windows 2003 server and later versions
The 33rd APAN Meeting
UNIX
Windows
User authentication
Userauthentication
16/02/2012