Development of IMPROV: A Provisioning Solution at UNC-Chapel Hill


Published on

When implementing a Provisioning solution for UNC-Chapel Hill, we found there was very little available in the Open Source ecosystem that addressed this Identity Management problem space. Thus we set about writing our own solution, in the hopes that we would then be able to contribute it back to the community.

We have nearly completed the first phase of the outcome, a system we call IMPROV (Identity Management Provisioning.) It consists of a SPML-based router mechanism that interacts with individual Services that provide our login identifiers, the Onyen and the UNC Guest ID. We intend future phases to include De-provisioning for these identifiers, and Provisioning/De-provisioning for other services such as Heelmail (our Microsoft Live@EDU implementation) and Exchange.

In this session, we plan to communicate the status of the project, discuss the architecture of IMPROV, and find others who would like to contribute to making this an Open Source project.

Published in: Technology, Education
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Development of IMPROV: A Provisioning Solution at UNC-Chapel Hill

  1. 1. Celeste Copeland, UNC-Chapel Hill June 10-15, 2012Growing Community;Growing Possibilities
  2. 2.   Several years ago, did an RFP for a Provisioning solution ◦  Already have a home-grown Person Store  UNC, like many others, bought Sun IDM ◦  Then Oracle came along…  Left us with a few options ◦  Re-do RFP – seemed like a waste ◦  Go ahead and implement Sun IDM without knowing the future of the product ◦  Wait and see what Oracle would choose to do ◦  Grow our own ◦  Grow our own AND try to make it Open Source 2012 Jasig Sakai Conference 2
  3. 3.   OASIS Standard, currently v2.0  OASIS Provisioning Services TC ◦  Karsten Huneycutt  XML-based  Core: listTargets, add, lookup, modify, delete  Others: batch, bulk, search, suspend, update  Custom: better error codes, Challenge- Response 2012 Jasig Sakai Conference 3
  4. 4.   Onyen service  UNC Guest ID service  Resource correlation service  SPML router service ◦  Not actually a service, but a single join point around the "create" method of all services that calls a set of scripts to check eligibility for services ◦  Eligibility is determined by consulting with the resource correlation service before routing any request to the backend services ◦  After any successful add/delete/modify, the service will update the correlation service with any necessary changes ◦  This is an initial implementation for our phase one project; may switch to Grouper for eligibility 2012 Jasig Sakai Conference 4
  5. 5. 2012 Jasig Sakai Conference 5
  6. 6. 2012 Jasig Sakai Conference 6
  7. 7.   Available under LGPL license downloads/list  SPML Router 1.0.0  Resource Correlation Service 1.0.0  UNC Prop Service 1.0.0 ◦  Simple example service ◦  Shows how the focus on the service implementation side is almost exclusively on the business logic rather than the SPML plumbing  SPML Toolkit 2.0.0 ◦  Java library that contains everything needed to write an SPML service or client 2012 Jasig Sakai Conference 7
  8. 8.   De-provisioning of Onyens, Guest IDs, etc.  More services: Exchange, Live@EDU/MS 365  Workflow  Grouper 2012 Jasig Sakai Conference 8
  9. 9.   Contact:  Contact: 2012 Jasig Sakai Conference 9