talk1_Watanabe

ID Management in University
Kenzi Watanabe
Saga University, Japan
[email protected]
5 Faculties
Approx.
7,000Students
2,000 Faculty Members
16/02/2012
The 33rd APAN Meeting
ID Management History of
Saga University
• 1998, ID for all students
• 2001, ID for all faculty members
• 1998, ID Integration for Windows and UNIX
• 2002, Integrated authentication system
• 2010, Shibboleth
16/02/2012
The 33rd APAN Meeting
Backgrounds
• Information Literacy Education (1990〜)
• Deployments of Self-maintained Online
Systems with Web (2000〜)
16/02/2012
The 33rd APAN Meeting
Contents
•
•
•
•
•
What is ID ?
Backgrounds of ID Management History
ID Management Systems in Saga University
Issues in Implementations
Conclusion
16/02/2012
The 33rd APAN Meeting
What is ID ?
• ID is an identifier for
each user
– A symbol of yourself in
ICT world
– Known as “User ID”
• ID is used in
authentication
procedure with a
password
– Login
16/02/2012
The 33rd APAN Meeting
ID Management History of
Saga University
• 1998, ID for all students
• 2001, ID for all faculty members
• 1998, ID Integration for Windows and UNIX
• 2002, Integrated authentication system
• 2010, Shibboleth
16/02/2012
The 33rd APAN Meeting
Backgrounds of ID Management
History
• Information Literacy Education (1990〜)
• Deployments of Self-maintained Online
Systems with Web (2000〜)
16/02/2012
The 33rd APAN Meeting
PC Room History in Saga University
1990〜1994
16/02/2012
1994〜1998
The 33rd APAN Meeting
Windows & UNIX dual boot system (1998 – 2002)
16/02/2012
The 33rd APAN Meeting
ID Management Technologies
• UNIX
For stand-alone system
– /etc/passwd
– NIS (Network Information Service)
• Microsoft Windows
– DC (Domain Controller)
– AD (Active Directory)
16/02/2012
The 33rd APAN Meeting
For networked system
For small system
For novel system
Different IDs and passwords
UNIX
Inconvenient !!
sato1
pw1
Windows
sato2
pw2
16/02/2012
The 33rd APAN Meeting
Same ID and password
without Synchronization
UNIX
Inconvenient !!
Not changed
sato
pw1
Windows
sato
pw1
16/02/2012
Change!
sato
pw2
The 33rd APAN Meeting
Same ID and password
with Synchronization
UNIX authentication
Directory Server
authentication
Windows
Convenient !!
16/02/2012
The 33rd APAN Meeting
ID Management History of
Saga University
• 1998, ID for all students
• 2001, ID for all faculty members
• 1998, ID Integration for Windows and UNIX
• 2002, Integrated authentication system
• 2010, Shibboleth
16/02/2012
The 33rd APAN Meeting
Deployments of Self-maintained
Online Systems with Web
• Online Systems
– E-mail
– Educational affairs
• Syllabus, Evaluation, Registration
– Digital Library
• Teachers’ DB
• What ware changed ?
– More personalized
– Self-maintained
16/02/2012
The 33rd APAN Meeting
e.g. Teachers’ DB
• Teachers’ directory
– Gathering activities of all professors
– Research, Education, Social activities, etc..
• These outcomes become basics and evidences
for the evaluation of university
• Who inputs data ?
– By themselves
16/02/2012
The 33rd APAN Meeting
16/02/2012
The 33rd APAN Meeting
ID Management History of
Saga University
• 1998, ID for all students
• 2001, ID for all faculty members
• 1998, ID Integration for Windows and UNIX
• 2002, Integrated authentication system
• 2010, Shibboleth
16/02/2012
The 33rd APAN Meeting
Unified User DB
(PostgreSQL)
Saga Univ. @ 2002
Operation
(Add, Remove, Modify)
LDAP
General
NIS/NIS+
LDAP (Replica)
AD
IMAP4S
FTP
Other Servers
(e.g. PHP based)
16/02/2012
POP3S
Linux
The 33rd APAN Meeting
Windows
Unified User DB
• Master database for user attributes
– User ID
– Initial password
– Full name
– Affiliation
– Title
– Position
– etc …
• Authentication Infrastructure
16/02/2012
The 33rd APAN Meeting
Unified User DB
(PostgreSQL)
Saga Univ. @ 2002
Operation
(Add, Remove, Modify)
LDAP
General
NIS/NIS+
LDAP (Replica)
AD
IMAP4S
FTP
Other Servers
(e.g. PHP based)
16/02/2012
POP3S
Linux
The 33rd APAN Meeting
Windows
16/02/2012
The 33rd APAN Meeting
Shibboleth
• Increasing Web-based systems
• Inconvenience
– Entering User ID and Password many times
– More secure way
• Opengate
– A captive portal type network user authentication
system
16/02/2012
The 33rd APAN Meeting
16/02/2012
The 33rd APAN Meeting
Unified User DB
(PostgreSQL)
Saga Univ. @ 2010
Operation
(Add, Remove, Modify)
LDAP
General
IdP
LDAP (Replica)
AD
IMAP4S
FTP
Other Servers
(e.g. PHP based)
16/02/2012
POP3S
Solaris
SPs
The 33rd APAN Meeting
Windows
16/02/2012
The 33rd APAN Meeting
16/02/2012
The 33rd APAN Meeting
Issues in Implementations
• Consolidation of multiple accounts to a single
entry
– Identification
– Clear scheme definitions of ID
– ID naming rules
• Cooperation with various sections
– What section has authority ?
– Data Transfer method
• Decision making
16/02/2012
The 33rd APAN Meeting
Research associate
PhD course student
Case 1
2 IDs
Case 2
1 ID has 2 attributes
Research associate
PhD course student
user1
16/02/2012
user2
The 33rd APAN Meeting
ID Naming Rules
• Random based ? Name based ?
• Same family and personal name ?
• Same with Student ID ?
16/02/2012
The 33rd APAN Meeting
Issues in Implementations
• Consolidation of multiple accounts to a single
entry
– Identification
– Clear scheme definitions of ID
– ID naming rules
• Cooperation with various sections
– What section has authority ?
– Data Transfer method
• Decision making
16/02/2012
The 33rd APAN Meeting
16/02/2012
The 33rd APAN Meeting
Unified User DB
(PostgreSQL)
Saga Univ. @ 2010
Operation
(Add, Remove, Modify)
LDAP
General
IdP
LDAP (Replica)
AD
IMAP4S
FTP
Other Servers
(e.g. PHP based)
16/02/2012
POP3S
Solaris
SPs
The 33rd APAN Meeting
Windows
Data Transfer Method
• Online ?
– Data format
• CSV ? XML ?
– Real-time transactions or Batch jobs ?
• Both ?
• Offline ?
– Data format ?
– Media type
• DVD ? MO ?
16/02/2012
The 33rd APAN Meeting
Unified User DB
(PostgreSQL)
Saga Univ. @ 2010
Operation
(Add, Remove, Modify)
LDAP
General
IdP
LDAP (Replica)
AD
IMAP4S
FTP
Other Servers
(e.g. PHP based)
16/02/2012
POP3S
Solaris
SPs
The 33rd APAN Meeting
Windows
Issues in Implementations
• Consolidation of multiple accounts to a single
entry
– Identification
– Clear scheme definitions of ID
– ID naming rules
• Cooperation with various sections
– What section has authority ?
– Data Transfer method
• Decision making
16/02/2012
The 33rd APAN Meeting
Conclusion
•
•
•
•
What is ID ?
Backgrounds of ID Management History
ID Management Systems in Saga University
Issues in Implementations
16/02/2012
The 33rd APAN Meeting
Acknowledgements
• NTT DATA KYUSHU Corporation
• Net One Systems CO. LTD.
16/02/2012
The 33rd APAN Meeting
16/02/2012
The 33rd APAN Meeting
ID Management Technologies
• LDAP（Lightweight Directory Access Protocol）
– Directory services
• Active Directory has LDAP functions
– Windows 2003 server and later versions
User
authentication
UNIX
User authentication
Windows
16/02/2012
The 33rd APAN Meeting

Download Report