CIFER and Friends IMPROV – A Provisioning Solution at UNC-Chapel Hill

October 4 , 2012 Dedra Chamber l in , Celeste Copeland, Kei th Hazel ton

•  Several years ago, did an RFP for a Provisioning solution –  Already have a home-grown Person Store

•  UNC, like many others, bought Sun IDM –  Then Oracle came along…

•  Left us with a few options –  Re-do RFP – seemed like a waste –  Go ahead and implement Sun IDM without knowing the future of the

product –  Wait and see what Oracle would choose to do –  Grow our own –  Grow our own AND make it Open Source

The Problem of Provisioning

2 – © 2012 Internet2

•  OASIS Standard, currently v2.0 •  OASIS Provisioning Services TC

–  Karsten Huneycutt •  XML-based •  Core: listTargets, add, lookup, modify, delete •  Others: batch, bulk, search, suspend, update •  Custom: better error codes, Challenge-Response

Service Provisioning Markup Language (SPML)

3 – © 2012 Internet2

•  Onyen service •  UNC Guest ID service •  Resource correlation service •  SPML router service

–  Not actually a service, but a single join point around the "create" method of all services that calls a set of scripts to check eligibility for services

–  Eligibility is determined by consulting with the resource correlation service before routing any request to the backend services

–  After any successful add/delete/modify, the service will update the correlation service with any necessary changes

–  This is an initial implementation for our phase one project; may switch to Grouper for eligibility

SPML Services

4 – © 2012 Internet2

IMPROV data f low

5 – © 2012 Internet2

IMPROV User Interface

6 – © 2012 Internet2

•  Available under LGPL license •  http://code.google.com/p/spml-toolkit/downloads/list •  SPML Router 1.0.0 •  Resource Correlation Service 1.0.0 •  UNC Prop Service 1.0.0

–  Simple example service –  Shows how the focus on the service implementation side is almost

exclusively on the business logic rather than the SPML plumbing •  SPML Toolkit 2.0.0

–  Java library that contains everything needed to write an SPML service or client

Code release

7 – © 2012 Internet2

•  De-provisioning of Onyens, Guest IDs, etc. •  More services: Exchange, Live@EDU/MS 365 •  Workflow •  Grouper •  Replace our current Person Registry solution

Future phases

8 – © 2012 Internet2

•  Participating on calls •  UNC-Chapel Hill as use-case •  Broader understanding of Provisioning as part of all data delivery • 

CIFER Provisioning

9 – © 2012 Internet2

CIFER and Friends

D e d r a C h a m b e r l i n – t g d @ a n d r e w. c m u . e d u C e l e s t e C o p e l a n d – c e l e s t e _ c o p e l a n d @ u n c . e d u K e i t h H a z e l t o n – h a z e l t o n @ d o i t . w i s c . e d u C I F E R w e b s i t e - h t t p : / / c i f e r p r o j e c t . o r g C I F E R t e a m w i k i p a g e s - h t t p s : / / s p a c e s . i n t e r n e t 2 . e d u / d i s p l a y / c i f e r / H o m e