Related Links
Below are contributions that may be of general use to those implementing identity and access management. The submissions, including local schemas, resource sites, project documents and the like, are categorized in the following groups:
- Project Management and RFP Documents
- Identifier Information, Reconciliation, and Feed Examples
- Enterprise Directory Implementation Examples
- Authentication Examples
- Key References
Each item has an associated contact name, but users of the supplied resource should assume that no warranty or support is necessarily offered or provided. These contributions are intended as examples and references and will most likely need to be customized to reflect your campus environment, architecture, and data structures. Check with the institutional contact for the most up-to-date version or information.
If you're interested in sharing a resource with your fellow implementers, please send email to participation@nmi-edit.org.
Contributions
Project Management and RFP Documents
-
Umeå University (Sweden) has developed an ROI calculation model for service provisioning. (XLS).
Contact: Dr. Torbjörn Wiberg at torbjorn.wiberg@adm.umu.se.
-
McGill University offers two versions of their meta-directory
RFP: a full
copy (RTF) and one with the legalese
removed (RTF). Marc is interested in hearing campus feedback.
Contact: Marc Huffstickler at marc.huffstickler@mcgill.ca
-
University of Wisconsin-Madison has a well-developed
LDAP requirements
list that they include in the RFPs to vendors.
Contact: Tom Jordan at tjordan@doit.wisc.edu
Identifier Information and Reconciliation Examples
-
University of Texas
System has developed a suite of Java
Identity Management tools, including identifier
reconciliation, person registry schema, and provisioning examples.
Contact: Mark Jones at Mark.B.Jones@uth.tmc.edu.
-
University of Michigan also provided their campus
identifier mapping from 2000. (DOC)
Contact: Gavin Eadie at gavin@umich.edu
Template and Sample Campus Identifier Mappings
-
Michigan Tech provided their campus identifier mapping
from their original directory project. (DOC)
Contact: Dan deBeaubien at dan@mtu.edu
Enterprise Directory Implementation Examples
-
University of California-Berkeley's CalNet Active
Directory® (CalNetAD) service implemented a IBM Directory Integrator-based process
to integrate Active Directory® with their campus Sun/iPlanet™-based
CalNet Directory. Basic user account information is synchronized between
the two directories. The implementation is based on the IBMDI engine, the IBMDI
"Delta mechanism", and custom ADSI scripting
using primarily JScript® code.
Documentation on the integration process as well as details for the MM assembly lines, EventHandlers, connectors, and XML-based MM export files for the MM code is available on their site.
Contact: Mike Blasingame at mblaz@socrates.berkeley.edu
-
The London School of Economics uses Active Directory®
as their enterprise directory to support inter-institutional uses such
as Shibboleth. They assembled a
roadmap and documentation
to help other campuses do the same thing.
Contact: John Paschoud at J.Paschoud@lse.ac.uk
-
Georgia State provided their
gsuPerson LDIF as an example of
a campus-specific localdomainPerson.
Contact: Victor Bolet at vbolet@gsu.edu
-
University of Wisconsin-Madison has a well-developed
schema site and documentation
on their localdomainPerson.
Contact: Tom Jordan at tjordan@doit.wisc.edu and
Jon Miner at miner@doit.wisc.edu
Authentication Examples
-
The University of Texas at
Arlington developed tools to synchronize passwords
between a Kerberos Authentication System and Microsoft Active
Directory.
Contact: Digant Kasundra at digant@uta.edu -
Dartmouth College and their PKI Lab maintains a public key
infrastructure deployment website.
Contact: Mark Franklin at mark.j.franklin@dartmouth.edu
Key References
- NIST Special Publication 800-63 - Electronic Authentication Guideline (PDF)
- OMB M-04-04, E-Authentication Guidance (PDF)
