MACE: Directories at Work

1
MACE Directories at Work

• Keith Hazelton, Senior IT Architect, Univ. of
  Wisconsin-Madison
• Chair, MACE-Dir Working Group

2
MACE Directories at WorkTOPICS

• Recent accomplishments and current tasks
• Edu object classes
• Groups in directories, LDAP Recipe v. 2.0
• Affiliated directories
• Technical Advisory Board (MACE-Dir-TAB)

3
eduPerson 1.5 object class

• Included as part of the NSF Middleware Initiative
  (NMI) Release 1.0 announced May 7th
• eduPerson 1.0 is the production version, 1.5
  status is released for public review (RPR)
• Next NMI release will include final 1.5 based on
  review period discussions

4
eduPerson 1.5 object class

• Two new attributes
• eduPersonPrimaryOrgUnitDN
• eduPersonEntitlement
• Simple case value is the name of a contract for
  licensed resource
• http//xstor.com/contract1234
• Values of eduPersonEntitlement can be URLs or URNs

5
eduPerson 1.5 object class

• eduPersonEntitlement
• Values of eduPersonEntitlement can be URLs or
  URNs
• http//www.w3.org/Addressing/
• RFC2396 Uniform Resource Identifiers
• RFC2141 Uniform Resource Names
• URNs to allow federation of name creation without
  name clashes.
• urnmacebrown.edufoo
• mace-submit_at_internet2.edu for information on URN
  registration

6
eduOrg 1.0

• eduOrg 1.0 released as Experimental object
  class
• Basic organizational info attributes from X.520
• Telecomm, postal, locale
• Set of common items of interest
• eduOrgHomePageURI
• eduOrgIdentityAuthNPolicyURI
• eduOrgLegalName
• eduOrgSuperiorURI
• eduOrgWhitePagesURI
• Expect top-down schema work to taper off
• Shibboleth pilots comms of interest typical new
  efforts

7
Groups in directories document (RPR)Tom Barton,
Univ. of Memphis, editor

• Referential integrity
• Delegating management personal groups
• Privacy visibility
• Group math
• Forward referencing
• Namespace issues
• Application examples
• LDAP Recipe v. 2 includes new section on groups

8
Whither next for groups?

• Groups Implementers Guide (Eileen Shepard,
  Boston College, editor)
• Roles, relations and access control architecture
• Is this an extension to core middleware
• Referential integrity, group math utilities
  (running code)
• Standardization of isMemberOf?

9
Affiliated (federated) directories

• Affiliated directories scenario development
• Identity management, access control across health
  organizations
• Working with MACE Medical Middleware WG
• Multi-campus institutional directories
• Preliminary document on metadirectory practices
  (RPR), Brendan Bellina, Notre Dame, editor
• Characteristic requirements
• Assembling info on the fly
• Data/metadata bundles as units of exchange
• Exploring with our Technical Advisory Board

10
Upcoming tasks

• Authorization information support (including
  policy assertions)
• Privacy management in Shibboleth domain
• Interoperation with GRID Metacomputing Directory
  Services (MDS)

11
MACE-Dir-TABTechnical Advisory Board

• Two conference call meetings to date
• Members include
• Kurt Zeilenga
• Ed Reed
• Kim Cameron
• Mark Smith
• And some esteemed colleagues at this conference
• David Chadwick
• Roland Hedberg
• Peter Gietz

12
Conclusion

• The root URLs for all these topics
• http//middleware.internet2.edu
• http//nsf-middleware.org (for NMI Release 1.0)
• QA