Simon Fraser University currently uses a legacy identity management system and plans to implement the open source OpenRegistry system to better manage user identities and attributes from across the university. OpenRegistry will capture information about all student, faculty, and staff populations from sources of record into a single user directory. It utilizes modern web interfaces, role-based access controls, and real-time synchronization to provide a better user experience and allow the university to definitively manage identity information. SFU will implement OpenRegistry in three phases over time to replace its legacy system.
1. OpenRegistry
at Simon Fraser University
In House to Open Source
Open Registry at SFU / IT4BC 2010
2. • Jeremy Rosenberg
• Senior Java Developer
• At SFU since 2004
• IdM Strategy
• Jasig Open Source Contributor
About Me
Open Registry at SFU / IT4BC 2010
3. • One University - Three campuses
• Burnaby
• Surrey
• Vancouver
• 32,000 students
• 900 faculty
• 1600 staff
• 100,000 alumni
Simon Fraser
1776 -1862
About SFU
Open Registry at SFU / IT4BC 2010
4. • SFUʼs legacy identity management solution
• How OpenRegistry Project came about
• How OpenRegistry works
• Benefits SFU expects from OpenRegistry
• How SFU plans to develop and deploy OpenRegistry
About This Presentation
Open Registry at SFU / IT4BC 2010
5. Web PeopleSoft
CAS LDAP
Server
Amaint
Shibboleth
UDD Account
Eduroam
Provisioning
Mail
Zimbra AD WebCT Lists
SFU’s Legacy IdM Layout
Open Registry at SFU / IT4BC 2010
6. • Open source software application
• Initiated by Rutgers University
• Jasig Incubation project
• Combines information about people in a University
into single identity records
• Generally NOT authoritative for data
• Web, batch and REST interfaces with Systems of
Record
• Directory Builder
• Provisioning and Deprovisioning
What is OpenRegistry?
Open Registry at SFU / IT4BC 2010
7. • “Off the shelf” solutions require significant
customizations and integration work
• Lots of institutions still rolling their own
• Leverage scant resources and learn from others'
experience
• Sakai, uPortal, CAS, Shibboleth, Kuali
• OpenRegistry is tailored to the needs of higher ed
• Decades of combined experience
Why OpenRegistry?
Open Registry at SFU / IT4BC 2010
9. • Capture information about all university populations
• Real Time data transfer readiness
• Role based access controls
• Modern user interface
• Definitive user directory
• Business Rules based data transformations
• User settable privacy settings
• Comprehensive audit trails
• Better user experience for everyone
What’s in it for us?
Open Registry at SFU / IT4BC 2010
10. CODE WebCT
SIS Bronte, Emily
Faculty
OpenRegistry
Kipling, Rudyard
HR
Undergrad
Staff
Bookstore Clerk
Bookstore
Capture all university populations
Open Registry at SFU / IT4BC 2010
11. • Faster updates throughout the University
• SOAP services
• Widely used by commercial solutions
• Easily exchange identity information with black
boxes
• REST services
• Lightweight
• Ideal for Ajax applications
• Growing popularity
Real Time data transfer readiness
Open Registry at SFU / IT4BC 2010
12. • Current Roles:
• Staff, Faculty, Grad, Undergrad, Other
• Additional roles need to be assigned by Systems of
Record (departments)
• Potential Roles:
• Archaeology professor
• Office Administrator
• Allows things like building access based on roles
Role based access controls
Open Registry at SFU / IT4BC 2010
13. • All Web 2.0ʼd up
• jQuery libraries
• Skinnable
• Customize look and feel for each institution
• Apache Tiles
• Provides extensible, reusable components
• Spring WebFlow
• Allows complex, custom workflows
Modern user interface
Open Registry at SFU / IT4BC 2010
14. • HR can only track a limited amount of information
• Details are quickly out of date
• HR not the authority for offices or phone numbers
• Roles provided by departments can have:
• Phone Numbers
• Office Numbers
• Campus Information
• Information captured from the most accurate source
Definitive user directory
Open Registry at SFU / IT4BC 2010
15. • Provide end user interface
• Anybody can verify their personal information
• User can set access limitations for:
• Public directory listings
• Other systems of record (for fast lookup)
• Self service activation and username selection
User settable privacy settings
Open Registry at SFU / IT4BC 2010
16. • Distributed access to the system requires greater
audit capabilities
• Logging will track account changes
• Who made a change?
• What data was modified?
• When was the account last accessed?
• Where was the account accessed from? On
campus?
Comprehensive audit trails
Open Registry at SFU / IT4BC 2010
18. Phase 1
How are we going to do it?
Open Registry at SFU / IT4BC 2010
19. Phase 2
How are we going to do it?
Open Registry at SFU / IT4BC 2010
20. Phase 3
How are we going to do it?
Open Registry at SFU / IT4BC 2010
21. • Visit the Jasig Wiki at:
• http://www.ja-sig.org/wiki/display/OR/Home
• Join the OpenRegistry Dev mail list:
• openregistry-dev@lists.ja-sig.org
• Attend a Jasig event
• http://www.jasig.org/
• Contact me:
• Jeremy_rosenberg@sfu.ca
More information on OpenRegistry
Open Registry at SFU / IT4BC 2010
22. Thank You
Rosenberg@sfu.ca
THANK YOU
Open Registry at SFU / IT4BC 2010