Dedra Chamberlin, UC Davis Eric Westfall, Indiana University June 10-15, 2012 Growing Community; Growing Possibilities An agile, best-of-breed, community governed, comprehensive IAM solution for higher education 2012 Jasig Sakai Conference 2 Build upon existing open source IAM projects Create a comprehensive, modular IAM stack Implement open, standards-based architecture Reduce ops costs (TCO) through improved integration, automation, QA Focus on needs, challenges distinctive to HE Avoid vendor lock-in Do so by pooling community resources 2012 Jasig Sakai Conference 3 2012 Jasig Sakai Conference 4 What are we talking about, what have we done, and what are we going to do? 2012 Jasig Sakai Conference 5 2012 Jasig Sakai Conference 6 Objective of the Group ◦ Develop a plan to identify current gaps in identity registries ◦ Evaluate options for developing a single person registry ◦ Move forward to close the gaps by developing a registry Involved Partners ◦ UC Berkeley, UCSF, Brown, U. Washington, Internet2, Indiana, Kuali, SFU, PSU, Open Registry, Rutgers, others What are we looking at? ◦ A central, single authority Registry ◦ Identity Match functionality ◦ Working closely with the Provisioning side of CIFER 2012 Jasig Sakai Conference 7 TODO…add an awesome diagram here… 2012 Jasig Sakai Conference 8 Identity Registry Functional Model Core Requirements Evaluation ID Match ◦ Strawman design for ID match system ◦ Evaluation of OpenEMPI Evaluations of three different Open Source Identity Registry solutions ◦ OpenRegistry ◦ Penn State’s Central Person Registry (CPR) ◦ Kuali Identity Management (KIM) 2012 Jasig Sakai Conference 9 For identity match ◦ Evaluated OpenEMPI and will decide w/in a month to use or explore other options (integrations, selfwritten) For Registry ◦ Evaluated OpenRegistry and CPR ◦ Both fairly well-developed, team feels both are viable candidates Likes/Dislikes of each What about KIM? 2012 Jasig Sakai Conference 10 Next Steps ◦ Work on shared APIs from SOR’s into a registry ◦ Define other common interfaces and integrating id Match tools into OpenRegistry, CPR, or both Other Potential Goals ◦ Try and get OR out of incubation status ◦ Work with PSU to full “open-source” CPR ◦ Get involvement from other, interested parties Other Initiatives ◦ Kuali is doing an evaluation of CPR mapping to KIM ◦ UC is doing architectural evaluations 2012 Jasig Sakai Conference 11 Why are we involved and what do we need 2012 Jasig Sakai Conference 12 TODO… 2012 Jasig Sakai Conference 13 Kuali Identity Management ◦ Shared identity and access management Used by many Kuali projects ◦ Finance, research, student, library, HR “Identity registry-like” functionality ◦ but wasn’t originally designed for this purpose Serves as an “integration platform” for IAM within Kuali This has worked well for Kuali for a long time…but things are changing. 2012 Jasig Sakai Conference 14 Kuali People Management for the Enterprise (KPME) Kuali Student (KS) These are traditionally Systems of Record for identity ID Match is critical for both of these systems TODO… 2012 Jasig Sakai Conference 15 TODO… 2012 Jasig Sakai Conference 16 Your Input! ◦ We need your input on the integration points How to get particular SOR information into CPR or OR? Development of shared APIs Your Experiences ◦ If you’ve been or are going through the process, if available, what would you need to make this work 2012 Jasig Sakai Conference 17 Summary statement here 2012 Jasig Sakai Conference 18 Links Links Links Links 2012 Jasig Sakai Conference 19 For more information contact: info@ciferproject.org 2012 Jasig Sakai Conference 20