People Database project

John Byrne

Project aims

• Improve current Computing Service resource management processes

• Provide a reference 'People Database' to support service providers in departments

• Provide an authentication service for service providers in departments

Computing Service Registration System

• Used to manage Computing Service resources

Examples:

• Host login accounts

• Email accounts

• Web hosting accounts

• File store allocation

• Printing

• …

Current System

• Built on Interbase• Character-based management interface• Utility scripts to implement state held in database

Current System

• Works well but

– Running low on resources– String and plaster behind the scenes

Eg: early registration, status changes, transient arrangements, …

– Inflexible database schemaEg: personal details and account details too closely linked

– Closed system– Inappropriate use of host login accounts

New System

• Data separation– Personal data separated from resource management data

• People Database

• Facilities Database

• Rule-based resource allocation– What you get depends on who you are– With over-rides

• Lightweight digital identity– Username– Password– Basic access rights– Toe in the intranet

People Database

• Oracle• Stable data layer• One-stop• Available to authorised users• Accessed via standard APIs:

– SQL– ColdFusion– Java– …

• Extensible

People Database

• People– Staff– Students– Associates– Others

• Data– Contact details– Affiliation (eg dept/status)– Job roles– Identity (username)– Misc other

Identity Service

• LDAP• User authentication• Data to support access control• Available to authorised users• Accessed via standard APIs

– LDAP– ColdFusion– Java– …

• Extensible

…

Early Registration

Associates Database

SITS

Resource Link

Identity Service

(LDAP)

People Database

(Oracle)

Web

Host access

Library

Depts

Identity

generator

…

Comp Serv

Facilities Database

authorised applications

Data sources

• Corporate– Resource Link– SITS– Associates Database

• Departmental– Job roles– Early registration– Informal links– Contract renewal– …

Service providers

• Rule-based resource allocation– Depending on a user's status:

• A set of available resources

• A set of default resources

• Manual over-rides

• Ad-hoc resource allocation• Detecting changes

– Change logs in People Database

• Authorization and authentication using LDAP

End-users

• New user allocated default resources– eg host access, mail

• User switches on/off additional resources using the web• User without host access can still use the web to select

facilities

People Project

• System expected to go live summer 2004• Contacts

– John Byrne (jcb1)– Fergus McGlynn (fam6)