Enterprise Directory Strategy

1
Enterprise DirectoryStrategy Recommendations

• Georgia State University

2
Enterprise Directory

• eUniversity Environment
• Opportunities - account mgmt, mail,
• Requirements - functional technical
• ID, Directory, Authentication, Authorization
• Policy, Procedure, Practice
• Strategic Process Methodology
• Goals

3
eUniversity Environment

• The electronic, wired environment of the
  information age is pervasive - eUniversity
• Work learning interactions are not bounded by
  time, place, distance
• Interactions and access in the electronic world
  are strategic advantages, necessities
• Enterprise Directory is a basic infrastructure

4
Gartner Group Recommendation
Business Strategy Will Drive Directory
Services Pressures from intranet, extranet and
E-commerce applications are increasing the need
for an enterprise strategy for directories. This
will not be easy to achieve, but tactical
solutions will cause greater problems. GartnerGr
oup has been advising clients for some time that
directory services will be key to success in
electronic workplace implementations to analyze
usage and requirements for such services, and to
focus on opportunities for directory
synchronization pending consolidation of the
multiple directory services found in most
enterprises. While this advice remains valid, we
are now recommending that enterprises proactively
plan for directory implementation as part of
their overall Internet and electronic workplace
strategies. Why this change of emphasis?
Directories are moving from an incidental support
role in workgroup systems toward the core of the
required infrastructure. Research Note, S.
Hayward, J. Graff, N. MacDonald, 11 March 1999,
(Tactical Guidelines, TG-07-4615)
5
The Burton Group Recommendation
Major Recommendations The University System
must begin implementation of the common directory
infrastructure discussed in the October 1999
Directory Services Workshop. The long-term
success and scalability of the GLOBE, Banner,
PeopleSoft, GALILEO, and GIL applications are
dependent upon this happening immediately.
... Member institutions should not deploy PKI
without a clear understanding of their directory
plans. And to create scalable and manageable
inter-institutional capabilities, the University
System must build a directory infrastructure that
binds the member institutions to a community,
allowing them to view each other as authoritative
sources for information on their own students,
faculty, and services. Public Key
Infrastructure (PKI) Strategy Workshop, Summary
Observations and Recommendations Prepared for
the University System of Georgia, March 22, 2000
6
Internet2 Middleware Initiative
Directories are the operational linchpin of
almost all middleware services. They can contain
critical customization information for people,
processes, resources and groups. By placing such
information in a common storage area, diverse
applications from diverse locations can access a
consistent and comprehensive source for current
values of key data. In future information
technology environments, directories will be
among the most critical services
offered. http//www.internet2.edu/middleware/c
ore/directories.shtml
7
Internet2 Middleware what?
The items included under the heading of
middleware differ depending on who is making the
list. These categorizations are all centered
around sets of tools and data that help
applications use networked resources and
services. Middleware has emerged as a
critical second level of the enterprise IT
infrastructure. The need for middleware stems
from growth in the number of applications, in the
customizations within those applications and in
the number of locations in our environments.
These and other factors now require that a set of
core data and services be moved from their
multiple instances into a centralized
institutional offering. Interoperable
middleware between organizations is a particular
need of higher education. http//www.interne
t2.edu/middleware/overview/
8
Internet2 Middleware core.
Identifiers A set of computer-readable codes
that uniquely specify a subject. Authentication
The process of a subject electronically
establishing that it is, in fact, the subject
associated with a particular identity.
Directories Central repositories that hold
information and data associated with
identities. Authorization Those permissions
and workflow engines that drive transaction
handling, administrative applications
and automation of business processes.
Certificates and Certificates and PKI are
related to the previous four core public-key
middleware services in several important ways.
Infrastructures http//www.internet2.edu/midd
leware/core/
9
Account Administration - Opportunities for
management
10
Lookup Phonebooks - Opportunities for searching
11
Directory Technology - Opportunities for
interfaces
12
Functional Requirements - driving needs

• Management of application access
• Coordinating and change management
• IT Audit Finding
• Finding email addresses, group lists
• Standard groups automated? (class rosters?
  departments?)
• Use of lists is appropriately managed
• Preparing for future applications
• eCore and GLOBE potential
• SCT Banner strategic direction
• Federal financial aid interfaces

13
Technical Requirements - basic infrastructure

• Scalable solutions
• Standards based technology
• Interoperable architecture
• Reusable components (object oriented)
• Infrastructure to enable future applications
• Trusted security model
• Manageable administration

14
ID, Directory, Registration Authentication,
Authorization

• UUID - Identify entities (persons, resources)
  with Universal Unique ID
• DIRECTORY - Implement/maintain directory storing
  UUID related information
• REGISTER/AUTHENTICATE - Verify register
  establish authentication method
• AUTHORIZATION - Permit authenticated users to
  access resources and services

15
Policy, Procedure, Practice

• Policy issues must be addressed
• Official persons or entities - who/what,
  role(s)/service(s)
• Legal - FERPA, Open records, application
  specific...
• Security - responsibility accountability
• Procedures to implement policy
• How to establish unique ID (SSN, application
  specific, random)
• Who is involved in ID process, how access is
  requested, how access is permitted, how access is
  changed/terminated
• Practice as the long term success factor
• Management, monitoring, audits, change control

16
Strategic Process Methodology

• Work with existing resources
• University System of Georgia (Georgia Tech, UGA,
  OIIT)
• The Burton Group - Directory PKI workshops for
  USG
• Internet2 Middleware Initiative
  (www.internet2.edu/middleware)
• Common Solutions Group (www.stonesoup.org)
• IETF Internet Engineering Task Force (protocol
  standards - LDAP, PKI, etc.) (www.ietf.org)
• CREN Corporation for Research Educational
  Networking (Tech Talks) (www.cren.net/know/techtal
  k/archives.html)
• CNI Coalition for Networked Information
  (www.cni.org/)
• Educause Information Resources Library
  (www.educause.edu/ir/ir-library.html)
• Prototypes, feedback, working group process

17
Strategic Goals

• Build an enterprise directory infrastructure
• Use standards-based protocol architecture
• Coordinated, strategic response - not ad hoc
  fixes
• Use collaborative methodology
• IETF working group model
• IST Directors / GSU campus groups / University
  System
• Higher Education alliances
• Deliver Account Management 3/2001
• Establish UUID
• Implement directory, load with legacy extracts
• Adopt policy and procedure guidelines

18
Recommended Reading

• Building Directories The Fundamentals, with Ken
  Klingenstein and Keith Hazelton - 2/17/00
  http//www.cren.net/know/techtalk/events/directaut
  hen.html
• Directories on Campus Getting Started, with
  Frank Grewe Mike LaHaye - 11/4/99
  http//www.cren.net/know/techtalk/events/getstarte
  d.html
• Campus Directories, with Frank Grewe Jeff
  Hodges - 4/22/99 http//www.cren.net/know/techtalk
  /events/directories.html
• Stanford Registry Directory Infrastructure A
  Case History, Jeff Hodges - 5/10/1999
  http//www.stanford.edu/hodges/talks/EMA99-Direct
  oryEnabledApps/StanfordRegistryAndDirectoryCaseHis
  tory/index.htm
• Introduction to Directories and the Lightweight
  Directory Access Protocol, Jeff Hodges - 1997
  http//www.stanford.edu/hodges/talks/mactivity.ld
  ap.97/index.html
• Early Harvest Technical Workshop, September
  23-24, 1999, Denver, Colorado http//www.internet2
  .edu/middleware/earlyharvest/
• Current Activities in Middleware, Ken
  Klingenstein, Project Director, Internet2
  Middleware Initiative http//www.internet2.edu/mid
  dleware/
• Schema Design Workshop presentations, Common
  Solutions Group, May 1999 meeting
  http//www.stonesoup.org/Meetings.past/9905/schema
  .pres/
• A White Paper on Authentication and Access
  Management Issues in Cross-organizational Use of
  Networked Information Resources, Clifford Lynch,
  editor, Revised Discussion Draft of April 14,
  1998 http//www.cni.org/projects/authentication/au
  thentication-wp.html