people database project john byrne. project aims improve current computing service resource...
TRANSCRIPT
People Database project
John Byrne
Project aims
• Improve current Computing Service resource management processes
• Provide a reference 'People Database' to support service providers in departments
• Provide an authentication service for service providers in departments
Computing Service Registration System
• Used to manage Computing Service resources
Examples:
• Host login accounts
• Email accounts
• Web hosting accounts
• File store allocation
• Printing
• …
Current System
• Built on Interbase• Character-based management interface• Utility scripts to implement state held in database
Current System
• Works well but
– Running low on resources– String and plaster behind the scenes
Eg: early registration, status changes, transient arrangements, …
– Inflexible database schemaEg: personal details and account details too closely linked
– Closed system– Inappropriate use of host login accounts
New System
• Data separation– Personal data separated from resource management data
• People Database
• Facilities Database
• Rule-based resource allocation– What you get depends on who you are– With over-rides
• Lightweight digital identity– Username– Password– Basic access rights– Toe in the intranet
People Database
• Oracle• Stable data layer• One-stop• Available to authorised users• Accessed via standard APIs:
– SQL– ColdFusion– Java– …
• Extensible
People Database
• People– Staff– Students– Associates– Others
• Data– Contact details– Affiliation (eg dept/status)– Job roles– Identity (username)– Misc other
Identity Service
• LDAP• User authentication• Data to support access control• Available to authorised users• Accessed via standard APIs
– LDAP– ColdFusion– Java– …
• Extensible
…
Early Registration
Associates Database
SITS
Resource Link
Identity Service
(LDAP)
People Database
(Oracle)
Web
Host access
Library
Depts
Identity
generator
…
Comp Serv
Facilities Database
authorised applications
Data sources
• Corporate– Resource Link– SITS– Associates Database
• Departmental– Job roles– Early registration– Informal links– Contract renewal– …
Service providers
• Rule-based resource allocation– Depending on a user's status:
• A set of available resources
• A set of default resources
• Manual over-rides
• Ad-hoc resource allocation• Detecting changes
– Change logs in People Database
• Authorization and authentication using LDAP
End-users
• New user allocated default resources– eg host access, mail
• User switches on/off additional resources using the web• User without host access can still use the web to select
facilities
People Project
• System expected to go live summer 2004• Contacts
– John Byrne (jcb1)– Fergus McGlynn (fam6)