Dedra Chamberlin, UC Davis
Eric Westfall, Indiana University
June 10-15, 2012
Growing Community;
Growing Possibilities
An agile, best-of-breed,
community governed,
comprehensive IAM solution
for higher education
2012 Jasig Sakai Conference
2







Build upon existing open source IAM
projects
Create a comprehensive, modular IAM stack
Implement open, standards-based
architecture
Reduce ops costs (TCO) through improved
integration, automation, QA
Focus on needs, challenges distinctive to HE
Avoid vendor lock-in
Do so by pooling community resources
2012 Jasig Sakai Conference
3
2012 Jasig Sakai Conference
4
What are we talking about,
what have we done, and what
are we going to do?
2012 Jasig Sakai Conference
5
2012 Jasig Sakai Conference
6

Objective of the Group
◦ Develop a plan to identify current gaps in identity registries
◦ Evaluate options for developing a single person registry
◦ Move forward to close the gaps by developing a registry

Involved Partners
◦ UC Berkeley, UCSF, Brown, U. Washington, Internet2,
Indiana, Kuali, SFU, PSU, Open Registry, Rutgers, others

What are we looking at?
◦ A central, single authority Registry
◦ Identity Match functionality
◦ Working closely with the Provisioning side of CIFER
2012 Jasig Sakai Conference
7

TODO…add an awesome diagram here…
2012 Jasig Sakai Conference
8



Identity Registry Functional Model
Core Requirements Evaluation
ID Match
◦ Strawman design for ID match system
◦ Evaluation of OpenEMPI

Evaluations of three different Open Source
Identity Registry solutions
◦ OpenRegistry
◦ Penn State’s Central Person Registry (CPR)
◦ Kuali Identity Management (KIM)
2012 Jasig Sakai Conference
9

For identity match
◦ Evaluated OpenEMPI and will decide w/in a month
to use or explore other options (integrations, selfwritten)

For Registry
◦ Evaluated OpenRegistry and CPR
◦ Both fairly well-developed, team feels both are
viable candidates
 Likes/Dislikes of each
 What about KIM?
2012 Jasig Sakai Conference
10

Next Steps
◦ Work on shared APIs from SOR’s into a registry
◦ Define other common interfaces and integrating id
Match tools into OpenRegistry, CPR, or both

Other Potential Goals
◦ Try and get OR out of incubation status
◦ Work with PSU to full “open-source” CPR
◦ Get involvement from other, interested parties

Other Initiatives
◦ Kuali is doing an evaluation of CPR mapping to KIM
◦ UC is doing architectural evaluations
2012 Jasig Sakai Conference
11
Why are we involved and what
do we need
2012 Jasig Sakai Conference
12

TODO…
2012 Jasig Sakai Conference
13

Kuali Identity Management
◦ Shared identity and access management

Used by many Kuali projects
◦ Finance, research, student, library, HR

“Identity registry-like” functionality
◦ but wasn’t originally designed for this purpose

Serves as an “integration platform” for IAM
within Kuali
This has worked well for Kuali for a long
time…but things are changing.
2012 Jasig Sakai Conference
14





Kuali People Management for the Enterprise
(KPME)
Kuali Student (KS)
These are traditionally Systems of Record for
identity
ID Match is critical for both of these systems
TODO…
2012 Jasig Sakai Conference
15

TODO…
2012 Jasig Sakai Conference
16

Your Input!
◦ We need your input on the integration points
 How to get particular SOR information into CPR or
OR?
 Development of shared APIs

Your Experiences
◦ If you’ve been or are going through the process,
if available, what would you need to make this
work
2012 Jasig Sakai Conference
17

Summary statement here
2012 Jasig Sakai Conference
18




Links
Links
Links
Links
2012 Jasig Sakai Conference
19
For more information contact:
info@ciferproject.org
2012 Jasig Sakai Conference
20