Site Search

Related Links

NMI-EDIT has concluded, as it was tied to a specific NSF program that is no longer active. For updates and current information about identity and access management tools and practices developed by the Internet2 Middleware Initiative (I2MI), InCommon, and the EDUCAUSE Identity and Access Management Working Group.
This website is maintained for archival purposes only...

Below are contributions that may be of general use to those implementing identity and access management. The submissions, including local schemas, resource sites, project documents and the like, are categorized in the following groups:

• Project Management and RFP Documents
• Identifier Information, Reconciliation, and Feed Examples
• Enterprise Directory Implementation Examples
• Authentication Examples
• Key References

Each item has an associated contact name, but users of the supplied resource should assume that no warranty or support is necessarily offered or provided. These contributions are intended as examples and references and will most likely need to be customized to reflect your campus environment, architecture, and data structures. Check with the institutional contact for the most up-to-date version or information.

If you're interested in sharing a resource with your fellow implementers, please send email to i2mi-info@internet2.edu.

Contributions

Project Management and RFP Documents

• Umeå University (Sweden) has developed an ROI calculation model for service provisioning. (XLS).
  Contact: Dr. Torbjörn Wiberg at torbjorn.wiberg@adm.umu.se.
  
• McGill University offers two versions of their meta-directory RFP: a full copy (RTF) and one with the legalese removed (RTF). Marc is interested in hearing campus feedback.
  Contact: Marc Huffstickler at marc.huffstickler@mcgill.ca
  
• University of Wisconsin-Madison has a well-developed LDAP requirements list that they include in the RFPs to vendors.
  Contact: Tom Jordan at tjordan@doit.wisc.edu
  

Identifier Information and Reconciliation Examples

• University of Texas System has developed a suite of Java Identity Management tools, including identifier reconciliation, person registry schema, and provisioning examples.
  Contact: Mark Jones at Mark.B.Jones@uth.tmc.edu.
  
• University of Michigan also provided their campus identifier mapping from 2000. (DOC)
  Contact: Gavin Eadie at gavin@umich.edu
  

Template and Sample Campus Identifier Mappings

• Michigan Tech provided their campus identifier mapping from their original directory project. (DOC)
  Contact: Dan deBeaubien at dan@mtu.edu
  

Enterprise Directory Implementation Examples

• University of California-Berkeley's CalNet Active Directory® (CalNetAD) service implemented a IBM Directory Integrator-based process to integrate Active Directory® with their campus Sun/iPlanet™-based CalNet Directory. Basic user account information is synchronized between the two directories. The implementation is based on the IBMDI engine, the IBMDI "Delta mechanism", and custom ADSI scripting using primarily JScript® code.
  
  Documentation on the integration process as well as details for the MM assembly lines, EventHandlers, connectors, and XML-based MM export files for the MM code is available on their site.
  Contact: Mike Blasingame at mblaz@socrates.berkeley.edu
  
• The London School of Economics uses Active Directory® as their enterprise directory to support inter-institutional uses such as Shibboleth. They assembled a roadmap and documentation to help other campuses do the same thing.
  Contact: John Paschoud at J.Paschoud@lse.ac.uk
  
• Georgia State provided their gsuPerson LDIF as an example of a campus-specific localdomainPerson.
  Contact: Victor Bolet at vbolet@gsu.edu
  
• University of Wisconsin-Madison has a well-developed schema site and documentation on their localdomainPerson.
  Contact: Tom Jordan at tjordan@doit.wisc.edu and
  Jon Miner at miner@doit.wisc.edu
  

Authentication Examples

• The University of Texas at Arlington developed tools to synchronize passwords between a Kerberos Authentication System and Microsoft Active Directory.
  Contact: Digant Kasundra at digant@uta.edu
• Dartmouth College and their PKI Lab maintains a public key infrastructure deployment website.
  Contact: Mark Franklin at mark.j.franklin@dartmouth.edu

Key References

• NIST Special Publication 800-63 - Electronic Authentication Guideline (PDF)
• OMB M-04-04, E-Authentication Guidance (PDF)

 

Home Site Map Contact Us

This material is based in whole or in part on work supported by the National Science Foundation under the NSF Middleware Initiative - Grant No. ANI-0123937, OCI-0330626, OCI-0721896. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation (NSF).