Computing at UW-MadisonDivision of Information Technology
Students Faculty/Staff Services Services A through D Services E through L Services M through R Services S through Z Help Desk Tech Store About DoIT   

Middleware

Background on the Directory & Security Infrastructure Project

The Directory and Security Infrastructure project began in December 1999 as a series of ad-hoc teams within DoIT struggling to address problems created by the lack of an infrastructure that supported the identification of individuals across multiple system. A team was created to advance the issue and find a solution, and in February 2000 the DoIT Cabinet approved an initiative to create an enterprise directory and security infrastructure for the Madison campus

Purpose of this project
Goals
Team Members
Team Charter
Short-Term Project Strategy

Purpose
The intent of this infrastructure is to provide a mechanism for identifying a person as a single individual across multiple systems on campus (a metadirectory 'join' process) and to make this person-related information available to applications and users in a standards-based manner (via the Lightweight Directory Access Protocol - LDAP).

This infrastructure is intended to serve the following functions for end users and application developers:

  • A mechanism for resolving an identity across multiple systems
  • A directory of person-related information that is accessible to end users via LDAP for looking up contact information.
  • A directory of different identifiers that can assist application developers in determining all of the various roles that a person may fill in the University community.
  • A repository of person-related information that can form the basis of more advanced security infrastructures in the future (Public Key Infrastructure, etc).

Goals
The short term goal of the directory and security infrastructure project is to deliver an LDAP-accessible directory infrastructure for email lookups and basic authentication (the pilot application using this infrastructure will be the My UW-Madison Portal application).

Long term goals include a general purpose Public Key Infrastructure (PKI), an integrated authentication framework that supports and facililtates the web portal model, and a mechanism for end-usre maintenance of person-related information.

Team Members

Keith Hazelton DoIT Architect
Rich Larson Liason to Campus Administration
Derrian Jones Registry Database
Tom Jordan LDAP Directory
Linda Pruss PKI & Security Issues
Al LaFleur Support procedures & policies. Also the team's customer.
Lon Schoor Team Leader

A number of other ad-hoc team members will work with the above people as the project touches different functional areas.

Team Charter

Purpose
Implement a general-purpose enterprise directory and security infrastructure. 

Objectives (on-going) 
Maintain an on-going development plan to enhance the directory and security infrastructure based on application requirements. Identify, schedule, and communicate infrastructure improvements that are most important to the largest number of applications. 

Provide a method for an application to identify a person as a member of a specified community (examples: UW-Madison, Madison student, or Department of Ag.) 

Where possible, and working closely with the UDS steering committee, identify what policies need to be developed and managed to support the directory and security infrastructure.   

Provide Production Services with a production directory and security infrastructure system to manage. 

Identify and estimate system operational costs for Production Services. 

Provide access to authoritative person related information such as: name, postal address, email address, public keys, and digital certificates. Includes the function or identity management. 

Provide a developer's toolkit on how to use the infrastructure 

Provide a method of authentication, to verify a person is who they say they are. 

Objectives (My UW-Madison) 
Complete phase-1, defined to support MY UW-Madison, of the above objectives. The infrastructure will not be a complete full function service but will address the needs of the MY UW-Madison project and be well positioned to start supporting other applications. 

Complete the directory and security infrastructure requirements of the MY-UW-Madison portal project by the 2000 Fall semester, when it is scheduled to go into production. 

Enhance the UDS production system to position it to support the MY-UW-Madison directory infrastructure requirements. 

Sponsors: Judy Caruso, Ken Ebbe and John Peterson. 

Customer: Al LaFleur, manager End User Computing 

Team Roles & Responsibility 
Provide leadership, planning, and coordination for the development and on-going improvement of the general-purpose directory and security infrastructure. 

Oversee the delivery of the infrastructure to DoIT Production Services who will manage the service. 

Put this project in full view of the public during all phases of the development and implementation 

Strongly promote directory and security infrastructure use for purchased, newly developed, or enhanced applications. Provide guidance to these clients so that even if the infrastructure is not completely ready to meet their specific requirement, they can easily convert to the infrastructure when the part they need is available. 

Maintain and leverage DoIT relationships. Encourage widespread communication to assure the infrastructure efforts both align with, and leverage staff efforts. 

Initiate "mini" research projects as necessary for the completion of the primary directory and security design.

Core Team Members & Roles
Keith Hazelton: Promote a shared infrastructure service to campus technologists. Deliver requirements for directory and security infrastructure from standards committees, peer institutions and campus architecture. 

Rich Larson: Promote a shared infrastructure service to campus administration.  Deliver general-purpose application requirements from administrators and campus task forces. 

Derrian Jones: Develop and support the Registry, where the function of identity management resides. Enhance the UDS system to make the necessary data readily available and clearly understood. 

Tom Jordan: Develop and support the Directory, a commonly accessible repository of person-related information.     

Linda Pruss: Develop and support a security framework that has a clearly defined application interface for the initial purpose of verifying a user's identity relative to a particular application or service. 

Al LaFleur: Develop support procedures and policies for the administration of the infrastructure service. He is also the team's customer. 

Lon Schoor: Team leader 

Ad hoc Team Members 
In addition to the core team, other DoIT staff will attend team meetings when their participation will directly contribute to the success of a current project assignment and the improvement of the Directory/Security infrastructure. 

Examples: The project leader for MY-UW-Madison, Dirk Herr-Hoyman, because it is targeted for phases 1 implementation of the Directory, or the project leader for the development of a major piece of the infrastructure. 

Constraints 
This project will not directly provide a full function system for identification, authentication, and authorization (IAA).  However, wherever practical the security requirements will be interweaved with the directory infrastructure to support application IAA requirements, creating a framework to initially meet the needs of MY-UW-Madison. 

While this project will address policy issues for deployment of the My UW-Madison project, many significant policy issues will remain to be dealt with. Completing a framework for resolving policy issues will depend on input from campus data suppliers and consumers.