june 10-15, 2012 growing community; growing possibilities dedra chamberlin, uc davis eric westfall,...

June 10-15, 2012

Growing Community; Growing Possibilities

Open Source Person Registries-

You want ‘em we got em’!

Dedra Chamberlin, UC DavisEric Westfall, Indiana University

2012 Jasig Sakai Conference 2

First: What is CIFERAn agile, best-of-breed, community governed, comprehensive IAM solution for higher education


Build upon existing open source IAM projects

Create a comprehensive, modular IAM stack

Implement open, standards-based architecture

Reduce ops costs (TCO) through improved integration, automation, QA

Focus on needs, challenges distinctive to HE

Avoid vendor lock-in Do so by pooling community resources

CIFER Objectives


CIFER Workstreams


Second: Registry GroupWhat are we talking about, what have we done, and what are we going to do?


IAM in university environments


Objective of the Group◦ Develop a plan to identify current gaps in identity

registries◦ Evaluate options for developing a single person registry◦ Move forward to close the gaps by developing a registry

Involved Partners ◦ UC Berkeley, UCSF, Brown, U. Washington, Internet2,

Indiana, Kuali, SFU, PSU, Open Registry, Rutgers, others What are we looking at?

◦ A central, single authority Registry◦ Identity Match functionality◦ Working closely with the Provisioning side of CIFER

Identity Registry Group


TODO…add an awesome diagram here…

Target Architecture


Identity Registry Functional Model Core Requirements Evaluation ID Match

◦ Strawman design for ID match system◦ Evaluation of OpenEMPI

Evaluations of three different Open Source Identity Registry solutions◦ OpenRegistry◦ Penn State’s Central Person Registry (CPR)◦ Kuali Identity Management (KIM)

What’s Been Done?


For identity match ◦ Evaluated OpenEMPI and will decide w/in a month

to use or explore other options (integrations, self-written)

For Registry◦ Evaluated OpenRegistry and CPR◦ Both fairly well-developed, team feels both are

viable candidates Likes/Dislikes of each What about KIM?

Where are we now?


Next Steps◦ Work on shared APIs from SOR’s into a registry◦ Define other common interfaces and integrating

id Match tools into OpenRegistry, CPR, or both Other Potential Goals

◦ Try and get OR out of incubation status◦ Work with PSU to full “open-source” CPR◦ Get involvement from other, interested parties

Other Initiatives◦ Kuali is doing an evaluation of CPR mapping to

KIM◦ UC is doing architectural evaluations

What’s next?


Third: Why?Why are we involved and what do we need


TODO…The UC Story


Kuali Identity Management◦ Shared identity and access management

Used by many Kuali projects◦ Finance, research, student, library, HR

“Identity registry-like” functionality◦ but wasn’t originally designed for this purpose

Serves as an “integration platform” for IAM within Kuali

This has worked well for Kuali for a long time…but things are changing.

The Kuali Story


Kuali People Management for the Enterprise (KPME)

Kuali Student (KS) These are traditionally Systems of Record

for identity ID Match is critical for both of these systems TODO…

What’s changing?


TODO…More Kuali-related slides…


Your Input!◦ We need your input on the integration points

How to get particular SOR information into CPR or OR?

Development of shared APIs Your Experiences

◦ If you’ve been or are going through the process, if available, what would you need to make this work

What’s Needed?


Summary statement hereIn summary…


Links Links Links Links

More information on CIFER


Questions?For more information contact:[email protected]

mailto:[email protected]

june 10-15, 2012 growing community; growing possibilities dedra chamberlin, uc davis eric westfall,...

Documents