Date post: | 01-Jan-2016 |
Category: |
Documents |
Upload: | kirsten-snow |
View: | 37 times |
Download: | 1 times |
Recent Developments in Directories
Tom Barton, University of Chicago
Keith Hazelton, University of Wisconsin
14 October 2003 Internet2 Fall Member Meeting 2
Outline
Major themes• Naming & structure for courses• Group management toolset• Non-eduPerson persons!
Roundup of other active threads
Prospective: Authorization
Pipe up with questions or comments at any time!!
14 October 2003 Internet2 Fall Member Meeting 3
MACE-CourseID Working GroupLaunched July, 2003
http://middleware.internet2.edu/courseID/
Major project goals1. Propose a standard data element syntax to
describe courses and hierarchical components of courses.
2. Propose a schema describing courses and course components…
14 October 2003 Internet2 Fall Member Meeting 4
MACE-CourseID Working Group
2. Propose a schema describing courses and course components that:
• conforms to IMS standards or requirements for course description
• maps readily from existing applications that utilize course descriptions such as administrative data systems, instructional management systems,etc.
• Is Shibboleth compliant, to further leverage Shibboleth developments to enable authorization based on course enrollment
• Is valid for inter-institutional as well as international collaborations
14 October 2003 Internet2 Fall Member Meeting 5
Course Object Structure D R A F TTom Barton et al.
A Course is Offered in a given Session by means of one or more Sections that have specified Meetings.
Four ways to represent Cross Listings.
Sections have Roles (ala IMS).
Metadata about courses, sessions, meetings is unspecified … and therefore general enough!
14 October 2003 Internet2 Fall Member Meeting 6
Single, globally unique identifier for Course offering at section levelD R A F T, G. Agnew, K. Hazelton
The CourseID WG would name some agent to register as a namspace authority under the MACE urn, requesting that they be assigned the urn namespace urn:mace:courseid
Institutions would be encouraged to identify courses under their dns name, e.g. urn:mace:courseid:uchicago.edu…
14 October 2003 Internet2 Fall Member Meeting 7
Single, globally unique identifier for Course offering at section levelD R A F T, G. Agnew, K. Hazelton
Local course offering identifiers could be formed by combining whatever the institution uses as the short name in the timetable of course offerings with some indicator of the particular session in question as well as the primary section, e.g. urn:mace:courseid:uchicago.edu:Physics-101:fall-2004:section-01
14 October 2003 Internet2 Fall Member Meeting 8
Single, globally unique identifier for Course offering at section levelD R A F T, G. Agnew, K. Hazelton
Choices ahead on formation of course-offering-section identfiers
•More prescriptive, standardized vs. more local autonomy, local preferences
–Stipulate ISO start-end dates rather than idiomatic “fall-04”
•More opaque vs. more suggestive components–:uchicago.edu:35433:A2334:3002-1 vs. earlier example
•More self-contained vs. more reliant on associated metadata
–:uchicago.edu:IPEDS-Physics-sequence-for-majors:first-semester-….section-lead:j-spencer01
14 October 2003 Internet2 Fall Member Meeting 9
Discussion items
Scope of CourseID work•What to work on•What to work on first, second,…•What NOT to tackle (leave for others)•Scenarios offer guidance on scope question•Tug between mind sets of WG participants
– requirements to support individual Shib pilots– requirements to support general IMS models
Related initiatives
Inter-group coordination
14 October 2003 Internet2 Fall Member Meeting 10
Group toolset: a brief history
• February 2002: “Practices in Directory Groups” completed
• Operational issues attending deployments of groups:–Automated update from source systems–Ad hoc maintenance delegated to individuals or processes–Maintaining referential integrity–Provisioning of group information in multiple locations–Orderly removal of stale groups (aging)–Partial orderings of groups (e.g., subgroups)–Direct vs. indirect membership –Group math: referring to set theoretic combinations of
groups–Meeting security, privacy, & visibility requirements
14 October 2003 Internet2 Fall Member Meeting 11
Group toolset: a brief history
• June 2002: Initial discussion of RIbot, Grouper, GASP
• July 2002: “SAGE” replaces “GASP”, then discussion thread GASPs…
• November 2002: initial “SAGE Scenarios” draft
• February 2003: restart MACE-Dir-Groups conference calls to develop SAGE Scenarios doc
14 October 2003 Internet2 Fall Member Meeting 12
Group toolset: a brief history
• “SAGE Scenarios” released with NMI R3 in April 2003.
• High level requirements• Don’t build a metadirectory
• Automatic processing for enterprise groups
• Manual processing for ad hoc groups
• Multiple representations (in ldap)
• Multiple group types (security, courses, roles, …)
• Group math
• Web service
14 October 2003 Internet2 Fall Member Meeting 13
Group toolset: a brief history
• May 2003: design oriented discussions begin
• June 2003: We discover that “SAGE” name is taken
• July 2003: Inception of “export Stanford’s Authority Manager” idea
• August-September 2003: • “Grouper” replaces “SAGE”• Begin consideration of relationship between Stanford’s work
and MACE-Dir-Groups (ergo, “Group Toolset”)
• October 2003: Straw Man architecture
14 October 2003 Internet2 Fall Member Meeting 14
14 October 2003 Internet2 Fall Member Meeting 15
Group Toolset architecture elements
http://middleware.internet2.edu/dir/groups/docs/draft-barton-grouptools-arch-01.html
Stream Loader – automated• Processes streams of records according to a set of rules
to add/remove members from groups• Must already have an identity management system –
distinct member identifiers in source streams must refer to distinct real world objects
Groups Manager Applications – ad hoc• Delegate aspects of group management to humans• One per “type” of group being managed
14 October 2003 Internet2 Fall Member Meeting 16
Group Toolset architecture elements
Groups Registry• Relational database containing membership & other
group metadata• Supports multiple (locally defined) group types
– Basic– Course (ala courseID work, perhaps)– Department– Role– Your type here
• Supports multiple “membership attributes”– Members, owners, enrollees, instructors, TAs, permissions,
obligations, …
• Supports subgroups
14 October 2003 Internet2 Fall Member Meeting 17
Group Toolset architecture elements
API• Integrates all access to the Groups Registry by elements of this architecture
• Serializes updates• Determines & enumerates atomic changes
Provisioning Connectors• Pulls all changes since last change number• Responsible for all aspects of group presentation in connected consumer
• LDAP, AD, flat files, xml docs, …
14 October 2003 Internet2 Fall Member Meeting 18
Group Toolset: next steps
Refine the architecture into finer level of detail
Resolve several thorny issues• Nature of rules to process streams• Representation of compound groups• Representation of changes
Decide which subset of the result should be built, initially
14 October 2003 Internet2 Fall Member Meeting 19
otherPerson schema efforts
localPerson schema survey by MACE-Dir
Int’l coordination of person schema efforts
14 October 2003 Internet2 Fall Member Meeting 20
localPerson schema survey by MACE-Dir
http://middleware.internet2.edu/dir/
http://middleware.internet2.edu/dir/localsurvey.html
14 October 2003 Internet2 Fall Member Meeting 21
localPerson schema survey by MACE-Dir
institution-level need for attributes not provided in existing object classes
describe the attributes you’ve added & why
have you created a container object class for them?
•Auxiliary, structural?
14 October 2003 Internet2 Fall Member Meeting 22
localPerson schema survey by MACE-Dir
Are there emergent common or best practices?
Are there some attributes that could be promoted to eduPerson?
Other actions suggested by survey results?
Thanks to Brendan Bellina (Notre Dame) and Ann West (Mich. Tech. U) for driving this!
14 October 2003 Internet2 Fall Member Meeting 23
Int’l Collaboration on Schema Work
Person schema activities are flourishing
http://domen.uninett.no/~im/schema/ (Ingrid Melve, Uninett)• norEduPerson• funetEduPerson• swissEduPerson• NLEduPerson
• DEEP survey questions on schema needs• & further afield, WALAP activity in Australia
14 October 2003 Internet2 Fall Member Meeting 24
Collaboration on Schema Work
What to work toward?
(In order of increasing difficulty and decreasing probability of success)• Agreement on a list of interesting attributes• Common syntax and semantics across schema for given attribute
type– A kind of inter-federation diplomatic activity
• Agreement on inclusion in a standard schema– eduPerson?– Next release of X.520?– Other candidates?
• Processes for ongoing schema coordination
Even common syntax & semantics would boost interoperability in attribute mapping
14 October 2003 Internet2 Fall Member Meeting 25
Collaboration on Schema Work
How will we do the work?
Internet2 is scheduling a concentrated series of conference calls• Europe & US (one set of calls)• …and Pacific -- US (a second, parallel set of calls)
Charter is to tackle the identified work items• Time permitting, move on to organizational object
schema
14 October 2003 Internet2 Fall Member Meeting 26
Roundup of other activity
eduPersonScopedAffiliation attribute• Driven by Shibboleth needs• Syntax like eduPersonPrincipalName
• Raises problems about who is authorized to assert what
–An “inter-realm metadirectory function”–A field full of ratholes and land mines…
eduPersonAffiliation value vocabulary growth• Prospect, parent
14 October 2003 Internet2 Fall Member Meeting 27
Roundup of other activity
eduPerson implementation files• .ldif, .schema, programmatic loader
eduOrg• Should it support Shibboleth based Federations?
H.350 & video middleware cookbook• http://metric.it.uab.edu/vnet/cookbook
LDAP Analyzer• Will rev to track changes to eduPerson, eduOrg, & H.350.
14 October 2003 Internet2 Fall Member Meeting 28
Roundup of other activity
isMemberOf• What: attribute in member objects that lists references to groups to which that object belongs
• Status: Related work in IETF being reviewed, prior to submitting a proposal to ITU study group 16 to include in X.520.
14 October 2003 Internet2 Fall Member Meeting 29
Authorization Perspective on MACE-Dir Work Areas
Support for authZ: metadir, registry, directory• Coming to fore in Group toolset work with
Grouper, Stanford• Info model to support authZ requirements:
– Non-person objects (courses, services, resources,...)– Relationally structured authZ info: "instructors in physics”– Identifiers for each and every one of these info objects
(principles on naming)
14 October 2003 Internet2 Fall Member Meeting 30
MACE-Dir BoF
Where: Lincoln room
When: 5:45 – 7:15 tonight (i.e., now)
What: • Discussion of future work• Food & drink