Campus Community Growing Campus Community Growing Pains at the Univ. of Pains at the Univ. of WisconsinWisconsin

Common Solutions GroupCommon Solutions Group

Duke University, 11-Jan-2001Duke University, 11-Jan-2001

Keith Hazelton, Univ. of WisconsinKeith Hazelton, Univ. of Wisconsin

http://www.wisc.edu/archhttp://www.wisc.edu/arch

http://axle.doit.wisc.edu/~hazhttp://axle.doit.wisc.edu/~haz

11-Jan-2001 CSG, Duke University 2

Campus Community growing Campus Community growing painspains

at the University of Wisconsinat the University of Wisconsin

Going multi-campusGoing multi-campus

From ID office to…?From ID office to…?

Going inter-institutionalGoing inter-institutional

11-Jan-2001 CSG, Duke University 3

Going multi-campusGoing multi-campus

UW-Madison University Directory UW-Madison University Directory Service 2.0Service 2.0

Registry with all People of Particular Registry with all People of Particular Interest ( PoPI )Interest ( PoPI )

……and finally a production LDAP directoryand finally a production LDAP directory

UW UW SystemSystem has asked us to implement has asked us to implement a registry and LDAP directory for all 26 a registry and LDAP directory for all 26 institutionsinstitutions

11-Jan-2001 CSG, Duke University 4

Going multi-campusGoing multi-campus

A person in the UW A person in the UW SystemSystem registry may carry one or more registry may carry one or more roles at one or more campusesroles at one or more campuses

Are there service distinctions?Are there service distinctions?

What assumptions and systems will What assumptions and systems will this break?this break?

11-Jan-2001 CSG, Duke University 5

From ID office to … ?From ID office to … ?

Personnel has told us that our PAM* Personnel has told us that our PAM* can’t take on any more workcan’t take on any more work The class of “others” in the registry is The class of “others” in the registry is

growinggrowing

Some of us think we now need a true Some of us think we now need a true Registration AuthorityRegistration Authority

That’s a big stepThat’s a big step

* Post-algorithmic Mechanism* Post-algorithmic Mechanism

11-Jan-2001 CSG, Duke University 6

……A Registration AuthorityA Registration Authority

A function (probably distributed) A function (probably distributed) that wouldthat would

Perform the bootstrap identification Perform the bootstrap identification and authentication processand authentication process

Issue a credential of some sortIssue a credential of some sort

11-Jan-2001 CSG, Duke University 7

……A Registration AuthorityA Registration Authority

People would often be in the registry People would often be in the registry before they were sent to the RAbefore they were sent to the RA SAT test score files, sales repsSAT test score files, sales reps

Only when a person becomes “of Only when a person becomes “of particular particular interest” do they get sent interest” do they get sent to the RAto the RA Where is the line? Applicants? Visiting Where is the line? Applicants? Visiting

researchers?researchers?

11-Jan-2001 CSG, Duke University 8

Going inter-institutionalGoing inter-institutional

eduPersonAffiliation attributeeduPersonAffiliation attribute In the eduPerson object class 1.0 (22-Jan-2001)In the eduPerson object class 1.0 (22-Jan-2001)

Controlled vocabulary Controlled vocabulary Involves radical simplificationInvolves radical simplification

Faculty, staff, student, alum, member, affiliate, employeeFaculty, staff, student, alum, member, affiliate, employee

““Member” is any one or more of Member” is any one or more of fac/staff/student/employeefac/staff/student/employee

““Member” is the most generic service class (parallels Member” is the most generic service class (parallels UW-Madison “eligible for ID card”)UW-Madison “eligible for ID card”)

Will evolve by the eduPerson community Will evolve by the eduPerson community process 1.0process 1.0

11-Jan-2001 CSG, Duke University 9

Going inter-institutionalGoing inter-institutional

Paired with PKI, would find application Paired with PKI, would find application with the computational Grid (ANL, with the computational Grid (ANL, Condor, etc.)Condor, etc.)

They would prefer institutionally-issued They would prefer institutionally-issued certs to their current homegrown certs to their current homegrown approachapproach

Would support inter-institutional Would support inter-institutional collaborative workgroups and open access collaborative workgroups and open access to distributed computational resourcesto distributed computational resources