Schema: eduPerson views - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

Schema: eduPerson views

Description:

Hazelton/Gettes set ground rules for development of eduPerson objectclass with ... subscriber_at_nytimes.com (!?!) Raises problems about who is authorized to assert what ... – PowerPoint PPT presentation

Number of Views:42
Avg rating:3.0/5.0
Slides: 15
Provided by: michael864
Learn more at: http://www.terena.org
Category:

less

Transcript and Presenter's Notes

Title: Schema: eduPerson views


1
Schema eduPerson views
  • Michael R Gettes
  • Duke University
  • EuroCAMP, November 2005

2
Whence we came
  • Phoenix, Arizona Airport, February 2000
  • Hazelton/Gettes set ground rules for development
    of eduPerson objectclass with eye towards DoDHE,
    Shibboleth to be and other inter-institutional
    applications.
  • Low-hanging fruit and controlled vocabularies.
  • Learn why schools will want more instead of
    flexibility
  • A better definition than the standard OCs (like
    CN)
  • Assist local directory implementations -- not be
    the answer!
  • DomainComponent Naming (eduPerson, dukeEduPerson)
  • eduPerson 1.0 released Jan. 2001
  • First version July 2000 0.6 (or something like
    that)

3
Where we are now?
  • Schema (LDAP) for US Higher Education
  • Low hanging fruit, interoperable data
  • Easy stuff that we can all agree is true
  • eduPerson LDAP-Recipe go together
  • Auxiliary OC extending Person, orgPerson,
    inetOrgPerson
  • localEduPerson
  • local attributes are a local problem (clear
    enough?)
  • eduOrg (and edu schemas being developed)
  • usPerson / govPerson? (work just beginning)
  • http//middleware.internet2.edu

4
Where are we going?
  • Use the past as a predictor of the future
  • Not much change in perspective
  • Current view is serving well
  • We are considering some new attributes
  • We are NOT expanding our vocabularies as much as
    we thought
  • Continuing struggle local vs. non-local
  • Has been difficult getting Intl involvement
  • This has been improving over the last 18 months
  • UML for general schema LDAP is one expression

5
eduPerson 200312
  • eduPerson
  • OrgDN, OrgUnitDN, NickName, PrincipalName,
    PrimaryAffiliation, Affiliation Entitlement,
    ScopedAffiliation,
  • eduPersonPrimaryAffiliation
  • Values faculty, student, staff, alumni,
    employee, member, affiliate
  • Considering parent, prospect

6
eduPersonPrincipalName
  • What is a Principal? (think security)
  • This is NOT a Kerberos Principal
  • And it is not a Mail Address
  • gettes_at_duke.edu, pbh_at_mit.edu
  • An inter-institutional identifier
  • SINGLE-VALUE definition
  • Used by Shibboleth -- this was the intent from
    the beginning
  • But, used in ACLs by other tools as well

7
eduPersonScopedAffiliation
  • Driven by Shibboleth needs
  • Syntax like eduPersonPrincipalName
  • student_at_brown.edu
  • alumni_at_duke.edu
  • subscriber_at_nytimes.com (!?!)
  • Raises problems about who is authorized to assert
    what
  • An inter-realm metadirectory function
  • A field full of ratholes and land mines

8
eduPersonEntitlement
  • Original problem how to change schema without
    changing schema. Needed by GRIDs
  • Values are URIs (URL or URN)
  • urnmace accepted by IETF and registered with
    IANA
  • Gives us a way to make values unique in the
    entitlement namespace without elaborate registry
    mechanism
  • urnmacewisc.edubucky-bundle
  • urnmaceoclcorgauthoNNNN
  • urnmaceduke.edulibraryoclccontract-NNN
  • namespace registry by MACE

9
eduPersonTargetedID
  • Not likely to be found in Directories
  • Form id (no context, a problem??)
  • Persistent, non-reassigned, privacy preserving.
    At some definition of persistent.
  • Further discussion in the shibboleth and
    federation talks at EuroCAMP.

10
eduOrg 200210
  • Higher Ed Organization object class
  • Basic organizational info attributes from X.520
  • Telecomm, postal, locale
  • eduOrgHomePageURI
  • eduOrgIdentityAuthNPolicyURI
  • eduOrgLegalName
  • eduOrgSuperiorURI
  • eduOrgWhitePagesURI

11
LDAP Analyzer (part of NMI)
  • Todd Piket, Michigan Tech
  • Web based tool to empirically analyze a directory
  • eduPerson compliance
  • Indexing and naming
  • LDAP-Recipe guidance (good practice)
  • H.350 compliance
  • eduOrg compliance
  • http//middleware.internet2.edu/dir/

12
Other related work
  • eduCourse (200506)
  • eduCourse Data Model (200505)
  • Globally unique identifiers for course offerings
    (200505)
  • LDAP representations of eduCourse attributes and
    an auxiliary object class (200505)
  • H.350
  • Effort associated with Internet2 Vid-Mid working
    group. VidMid MACE-Dir co-developed.
  • Pushed through ITU by Tyler Johnson, UNC

13
LDIF Management
  • See http//www.educause.edu/eduperson
  • LDIF used to describe schema and also manage
    schema. Provides history and technical details
    in one place.
  • File

14
  • Questions???
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Schema: eduPerson views" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!