When Account Management Is Not Enough Identity at RIT - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

When Account Management Is Not Enough Identity at RIT

Description:

Ex. ADDIDENTITY, MODIDENTITY ... Student, Alumni, Employee, etc. Any identity lacking an affiliation is purged from the system. ... – PowerPoint PPT presentation

Number of Views:14
Avg rating:3.0/5.0
Slides: 18
Provided by: MattCa76
Category:

less

Transcript and Presenter's Notes

Title: When Account Management Is Not Enough Identity at RIT


1
When Account Management Is Not EnoughIdentity at
RIT
  • Matt Campbell
  • Sr. Infrastructure Engineer
  • Matt.Campbell_at_rit.edu

2
About RIT
  • RIT is one of the nations top comprehensive
    universities and sets the national standard for
    career-oriented education. Located in suburban
    Rochester, N.Y., RIT is a private university that
    enrolls more than 15,500 students in its eight
    colleges. RIT is recognized for its programs in
    business, engineering, art and design,
    photography, science and mathematics, liberal
    arts, computing, and many other areas.

3
The Challenge
  • Students, Faculty, and Staff university ID number
    was SSN
  • No authoritative system needed since everyone
    has one.
  • International students issued a fake number
    starting with 999 by the student records system.

4
What we had to work withAccount Management
System
5
What We Needed
  • AMS not standards based, proprietary protocol,
    limited PHP API.
  • Interfaces with existing systems that needed
    University IDs (SR, HR)
  • AMS was a real time system with no ability to
    have an offline update mode.
  • Performance, adequate for interactive use, to
    slow for large batches that would be necessary.

6
Standards Based Transition
7
Subscription Model
  • AMS sent all client requests to all modules.
  • CLAWS utilizes a subscription model that sends
    only the XML documents that match the
    subscription for a module.
  • Modules categorized into two types
  • Real-time modules (blocking)
  • Pick-up modules (non-blocking)

8
Real-Time Modules
  • Modules are subscribed only to documents that
    they care about.
  • Ex. ADDIDENTITY, MODIDENTITY
  • Modules are delivered the document and the server
    waits until they respond.
  • Good for modules that perform work the client
    cares about.

9
Pick-up Modules
  • Modules can subscribe to updates and pick them up
    at their leisure.
  • Useful for antiquated systems that can not
    effectively provide a web service.
  • Modules that choose to not act in real time
    sacrifice the ability to return data to the
    original requestor.
  • These modules require that we keep requests saved
    in a database until they pick them up. This has
    a side effect of being useful for debugging
    purposes.

10
Modular Is Handy
11
Duplicate Prevention
  • Identities are scored based on how well they
    match new additions.
  • If the score is above a certain threshold, the
    add is denied.
  • There is a minimum score required to even attempt
    the addition.
  • Allows the user to find identities even if they
    misspell part of an attribute.
  • This method causes very few false positives,
    usually siblings and spouses.

12
AffiliationThe Most Important Attribute
  • All identities are required to have one or more
    affiliations.
  • Student, Alumni, Employee, etc.
  • Any identity lacking an affiliation is purged
    from the system.
  • Identity system security closely tied to
    affiliation.

13
Integration with Account Management
  • Accounts previously linked to SSN or the fake SSN
    generated by the SR system.
  • Now accounts are linked to the new University ID.
  • Accounts must be linked to an identity with an
    affiliation that allows the account to exist.
  • Removal of an authorizing affiliation results in
    the removal of the account automatically.
  • Using an identitys affiliation allows for much
    more granular account level access restrictions.

14
Technical Challenges
  • Duplicate prevention.
  • Efficiency
  • Heavy user load
  • PSAT score file loads
  • Excessive amounts of data
  • Security.
  • Legacy mainframe application integration.

15
Other Issues
  • Moving requirements target.
  • Sample data provided during development came not
    even close to representing production data.
  • Customers unable or unwilling to modify business
    processes that result in bad data.
  • As a result, a requirement was added for an
    override function to force the addition of an
    identity the system would reject.
  • Data possessiveness, fix this first!

16
Open Source!
  • CLAWS has been released under the GPL at
    claws.rit.edu
  • Currently only available through subversion, but
    archives are planned.
  • Very RIT centered at this time, but we are
    anxious to take patches and updates from other
    schools.
  • Build environment is in its infancy, but is a
    definite start.

17
Questions?
  • Get CLAWS at
  • http//claws.rit.edu
  • Matt Campbell
  • Sr. Infrastructure Engineer
  • Matt.Campbell_at_rit.edu
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "When Account Management Is Not Enough Identity at RIT" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!