A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
1
Directory and Person RegistryImplementation Details
Art Vandenberg
Director, Advanced Campus Services
Information Systems & Technology
Georgia State University
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
2
“Doing of New Things”
• “What is science? … a special method of finding things out… the body of knowledge… It may also mean the new things you can do when you have found something out, or the actual doing of new things. This last field is usually called technology––…”– Richard P. Feynman, The Meaning of It All: Thoughts
of a Citizen Scientist, 1998.
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
3
In the Abstract
• Directory architecture includes a “person registry”
• Person registry “synchronizes” records
• Input from administrative applications
• Supports LDAP, student email, WebCT, OneCard, Rec Center access, etc…
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
4
Overview
• Introducing… the real “killer app”
• Defining Enterprise Directory Architecture
• WebCT Provisioning – Part one
• Student Email Provisioning
• Next! – Student Rec Center
• WebCT Provisioning – Part two
• Future Provisioning
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
5
Introducing – Killer App
• Benefits of LDAP enterprise directory well articulated
• Looking for killer app?
• “We often say that the overall integration and unification a general-purpose directory infrastructure enables is the real ‘killer app’”– The Burton Group, The Enterprise Directory Value
Proposition
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
6
Defining the Architecture
• Directory: name, title, dept, address, phone
• LDAP compliant interface
• Logical join: HR, student, alumni, affiliate
• Person Registry is the join mechanism
• Core “person” attributes- data stewards help
• Incremental approach
• NB: Enhance, don’t replace, existing apps
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
7
Defining the ArchitectureResources
• www.internet2.edu/middleware :Identifiers, Authentication, and Directories: Best
Practices for Higher Education
• The Burton Group:Developing a Directory Architecture, 3 tier model
Directory Project Cookbook, cross-functional management, high-level sponsor, iterative approach
• Bob Morgan:Person Reg Phase I Tasks, checklist
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
8
Defining the ArchitectureResult
• GSU Person Registry:– Initial person registry design– Entity relationship diagrams– Overall architectural model– Process flows from source systems– Specific file record definitions for source data
• Starting point (“But, more scenarios would be nice…)
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
9
WebCT ProvisioningPart 1
• Faculty want: automated WebCT accounts• Sept 2000 Goal: do so by January 2001• Advantages of being “first”:
– No existing object constraints– One population selection: students in courses– Familiar extract, several existing code sections– Oracle tables basic
• RIKEY unique ID for simple joins of tables
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
10
STUFILE;Name Null? Type---------------------------------------STU_SSN VARCHAR2(9)STU_NAME VARCHAR2(25)STU_STREET VARCHAR2(30)STU_CITY VARCHAR2(15)STU_STATE VARCHAR2(2)STU_ZIP VARCHAR2(5)STU_ZIP_PLUS VARCHAR2(4)STU_COLLEGE VARCHAR2(2)STU_DEGREE VARCHAR2(4)STU_MAJOR VARCHAR2(3)STU_LEVEL VARCHAR2(2)STU_TERM VARCHAR2(3)STU_PAID_STATUS VARCHAR2(2)STU_AREA_CODE VARCHAR2(3)STU_PHONE VARCHAR2(7)STU_WAIVE_DEADLINE VARCHAR2(1)STU_ACCESS_IND VARCHAR2(1)
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
11
WebCT…
• Core student info via nightly batch• STUFILE table
– Represents nightly batch– Reference for pre-transformation– Audit? tie back to original
• STUFILE mapped to STUDENT and undergoes transformations…
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
12
STUDENT:Name Null? Type----------------------------------------RIKEY NOT NULL VARCHAR2(16)STUDENT_ID VARCHAR2(9)SIS_NAME VARCHAR2(25)COLLEGE VARCHAR2(2)MAJOR_NAME VARCHAR2(3)DEGREE_NAME VARCHAR2(4)SIS_LEVEL VARCHAR2(2)FERPA_SUPRESSION VARCHAR2(1)LAST_REGISTERED DATELAST_PAID DATELAST_UPDATED DATEDATE_CREATED DATECREATED_BY VARCHAR2(45)ENTITY_ACTIVITY_DATE DATE
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
13
WebCT…• Transformations to STUDENT include:
– RIKEY becomes key, SSN only attribute– Name is SIS_Name– Code lookups & LAST_“activity” fields added– Operational info (DATE_Created…) added
• Some data in other tables:– ADDRESS, Courses, WebCT info– STUFILE_CHANGES table holds change info
• STUDENT mapped to PERSON table…
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
14
PERSON;Name Null? Type--------------------------------------------------RIKEY NOT NULL VARCHAR2(16)LDAP_UID VARCHAR2(255)ISO VARCHAR2(16)BARCODE VARCHAR2(16)DISPLAY_FULL_NAME VARCHAR2(80)DISPLAY_FIRST_NAME VARCHAR2(20)PRIMARY_AFFILIATION VARCHAR2(16)DISPLAY_EMAIL VARCHAR2(255)DISPLAY_TITLE VARCHAR2(60)DISPLAY_PHONE VARCHAR2(16)DISPLAY_DEPARTMENT VARCHAR2(60)DISPLAY_STATUS VARCHAR2(1)OFFICIAL_NAME_FULL VARCHAR2(80)OFFICIAL_NAME_PREFIX VARCHAR2(4)OFFICIAL_NAME_FIRST VARCHAR2(20)OFFICIAL_NAME_MIDDLE VARCHAR2(20)OFFICIAL_NAME_LAST VARCHAR2(20)OFFICIAL_NAME_SUFIX VARCHAR2(3)TYPE_FACULTY VARCHAR2(1)TYPE_STAFF VARCHAR2(1)TYPE_STUDENT VARCHAR2(1)TYPE_RETIRED VARCHAR2(1)TYPE_ALUMNI VARCHAR2(1)TYPE_AFFILIATE VARCHAR2(1)LAST_UPDATED DATEDATE_CREATED DATECREATED_BY VARCHAR2(45)ENTITY_ACTIVITY_DATE DATE
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
15
WebCT…
• PERSON master table– DISPLAY formats of data– PRIMARY_AFFILIATION added (Student)– Name components (first, middle, last…)
• ISO and BARCODE?– Identifiers still provisioned from “OC_Tables”– Legacy issues… oh yeah, the past– Migration is stepwise…
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
16
WebCT ProvisioningObservations
• Person Registry – flexible, not constrained by complex design– Student info kept redundantly (source, load file,
transform table, Master Person)
• WebCT ids assigned in registry process, file output for WebCT
• Magically enrolled WebCT courses• WebCT API bug… oops, what’s with that?
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
17
Student EmailStarting to Prioritize
• Steering Group sets overall priorities
• Person Registry Task List – weekly status
• Incremental implementation methodology but awareness of longer term– LDAP to replace CSO directory– Authoritative repository on persons– Applications: don’t forget previous queue
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
18
Student Email…
• Dec 2000, Student Email & Web Definition Committee recommends policy
• All students get email
• “This system was made possible by the 2001 Student Technology Fee, and is effective June 11, 2001.” (Whoa!)
• Email, Lab access, file space, web space
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
19
Student Email…Raising the Bar
• Single userid/pw for multiple services– Holy grail for enterprise solutions
• Userid activation includes authentication– Person registry sets userid, initial pw– Student app provides authentication (legacy)– So password resets can be self service
• (Future Questing: Account Management)
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
20
Student Email…Raising the Bar
• Not just enrolled – need more attributes– Admitted, eligible to enroll, registered– Monitor expiry of status– Maintain “active” “inactive” flags
• Business rule: What’s email policy intent?• NB: “inactive” remain in person registry• Build privilege objects as needed
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
21
Student Email…Raising the Bar
• Ta Da! LDAP is part of the solution!– Novell NIMS (Network Internet Messaging
System) supports any IMAP, LDAP client– Person registry provisions NIMS via LDIF
transaction sets– Person registry construct enables recovery of
LDIF transactions
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
22
Next! Student Rec Center
• High profile, funded by student fees
• Opening August 2001 – access needed
• New registry persons – staff, alumni, affiliates… matching required
• Data store requirements for elements not in any source system…
• On time (and Goodbye to “OC_Tables”)
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
23
Student Rec Center…• Expanding registry population…• Matching (avoiding duplicates) needed
– Legacy HR app does check legacy student– If matches SSN, prefills address, phone, gender,
race, DOB (not name, it’s a format issue)– What if SSN “wrong” or can’t match to student
Temp_SSN_Number?
• Maintain separate tables for student, staff…• Matching always with us – Open Issue
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
24
Student Rec Center…
• Data store requirements
• Affiliates records– No surprise, expected– Does require interface (avoid duplicates!)– Must have sponsor record– Multiple affiliations possible (how handle as
moves beyond Rec Center?)
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
25
Student Rec Center…
• Data store for “liability waiver”– Unexpected– Rec Center business liability requirement– Special business rules internal to Rec Center
• Fees paid issue– “Not your registrar’s fees paid!”– What if affiliate, staff not using payroll
deduction, Alumni?
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
26
Student Rec Center…On Time & Bonus Round
• “OC_Tables” are dead, long live registry!– ISO, Barcode now assigned at registry– “PantherCard” printing feeds from registry– PeopleSoft financial interface to person registry– Library feed part of person registry (not yet
from person registry…)
• Uhhh, did we mention “Production?”• Did we mention security?
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
27
WebCT ProvisioningPart 2
• Recall WebCT API bug January 2001?• Rebuilt WebCT provisioning for Fall 2001
– (Work around… API remains open issue)
• NameSpace issues:– Student: [email protected]– Faculty/Staff: [email protected]– How distinguish better? Is it a Unique ID?– Tough to resolve in production mode…!!!
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
28
WebCT ProvisioningPart 2
• Students will have single userid/pw for:– Email, Lab access, file space, web space…
and WebCT
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
29
Future Provisioning
• Addressing NameSpace issues– Immediate need for email and UID
• Email groups – very hot• Enhanced Library feed
– Non-trivial: how many patron groups are there?
• LDAP White Pages & CSO migration– That means redoing sendmail– Requires self-service for WP entries
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
30
Future Provisioning
• FERPA and access issues– Prerequisite for LDAP White Pages– Okay, so how provision if no attributes? OPEN
• Account management support– Buying solution is expensive– Building solution may be complex– But customers want services… – And auditors want security
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
31
Future Provisioning
• PKI deployment• Synchronization using Metamerge…
– www.metamerge.com– Move from batch file processing to transaction
processing– Provide immediate registry update for self-
service request…– Auto update of source systems? LDAP WP?
• Annual phonebook printing…
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
32
Future Provisioning
• SCT Banner Student integration• PeopleSoft Human Resources integration• Security, production, resources…
• Your applications here:Use additional lines as needed
• ____________________________• ____________________________• ____________________________
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
33
Conclusion… almost
• The person registry is a core component of an enterprise directory architecture
• Remember slide 8’s last bullet?Starting point (“But, more scenarios would be
nice…”)
• We’ve been discussing the scenarios.
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
34
Credits
Georgia State University IS&TReid ChristenberryMary Jane Casto
Carolyn GardLarry PankeyBill Paraska
Phil WilliamsArt Vandenberg
Data Stewards, RegistrarCharles GilbreathDan Hammond
Data Stewards, Human ResourcesMelissa Bell Brennaman
Dawn Davis
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
35
IS&T, UCCSDavide GaetanoJeffrey JohnsonJoel Swanson
Keith CampbellSam WhiteJohn Jester
Randy PalmerMark Buffington
Jim YoungStephanie Wood
Charles Hollingsworth
IS&T, UISMark MayfieldJackie WilsonJoselita HizonSteve Ratterree
Dat PhanJonette GowanRobert Stevens
Marti BoyceCherise Peters
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
36
IS&T, UETSJoe Amador
Paula ChristopherHarold PowersZoe Salloom
Auxiliary ServicesTrey Chiles
Student Rec CenterScott LevinJohn Krafka
Steven AlphabetJudi Moss
Kacy TobergTodd BowmanHeather King
IS&T, PSIAmy Bruni
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
37
IS&T, LSTIRandall Cravey
LibraryDr. Tim ZouViki Timian
Georgia State University, CISDr. Vijay Vaishnavi
David KuechlerVictor Bolet
Hui KouJianghua Liang
Ghiyoung Li
Georgia Institute of Technology, College of ComputingDr. Sham Navathe
George ThomasLaxmi Patel
A.VandenbergOctober 24, 2001
University System of GeorgiaAnnual Computing Conference
38
Student Email & Web Definition CommitteeDr. Bill Evans
SCT Banner ImpelmentationDr. Bill Fritz
Georgia State University, Student Technology Fee Committee
The Burton Group
Internet2 Middleware Initiative
University of WashingtonR. L. “Bob” Morgan
Metamerge