Table of Contents
| Table of Contents | ||||
|---|---|---|---|---|
|
...
Identity and Access Management
...
| Info | ||
|---|---|---|
| ||
"the intersection of the stuff that network engineers don't want to do with the stuff that applications developers don't want to do." |
...
Services
- UHIMS - University of Hawaii Identity Management System
- Metadirectory/Person Registry with data from:
- Banner
- PeopleSoft
- RCUH
- WPMS - White Pages Management System
- Provisions the following services:
- Banner - Provides the UH Number (aka Student Id number).
- Core LDAP
- Central Active Directory Authentication Service
- Email and Google@UH Services
- Grouper - UHIMS Automatic Groups populated by role, campus, etc
- LISTSERV (automated subscriptions lifecycle for affiliation-based mailing lists)
- PeopleSoft HR - Provides the UH Number (aka Employee Id) through a manual process utilizing UHIMC.
- Portal - MyUH Portal
- UH Manoa Campus Center OneCard System (BlackBoard)
- UNIX shell/Personal Home Pages
- Provides the following web services for applications developers
- Core LDAP Web Service (for ACER and VIA)
- UHIMS Web Service (for name changes, password resets, etc)
- Provides the following audit functions
- Google@UH Email Audit Utility - facilitates UH responses to legal requests for email account information.
- Utilizes internal components
- Roles and affiliation management subsystem
- Email notification subsystem
- Metadirectory/Person Registry with data from:
- Identity Administrative Applications:
- UHIMC - UH Identity Management Console
- UHIMS Shell - (bmt) Administrative command line interface to UHIMS and identity/access management tools to various ERPs.
- UHIMS Web Service - The UHIMS Web Services provide an API that exposes common UHIMS functions. It is currently being overhauled to make it RESTful and to formalize the ACLs.
- User Applications:
- ACER - UH Acknowledgements and Certifications Self Service - ACER allows individuals to view and review acknowledgements and certifications.
- CAS - UH Web Login Service v3.0 (upgrade to CAS 3.x under development)
- UHIMS Groups enhanced LISTSERV lists - an extension of UHIMS Groups
- Includes Automated campus LISTSERV discussion lists with supporting Grouper inclusion and exclusion groups.
- IAM Self Service functions for UH Username creation - UH Username Bootstrapping and password creation page.
- IAM Self Service functions for UH Username management - Password resets, Secret Questions and Answers.
- Shib - UH Shibboleth Identity Service Provider (UH IdP) provides federated authentication to external Service Providers, such as Google, research.com, internet2.edu, educause.edu, etc.
- UHIMS Home Directory Management Tools - Manage UHUNIX-based home directories for users' web sites and application development space.
- UHIMS SSO Server - Banner Login Proxy
- WPMS - White Pages Management System
- Enterprise Middleware Applications:
- UH Groupings - UH Groupings Administration and Provisioning Service provides a standard Role Based Access Control solution for application authorization and for lifecycle enhanced, automated provisioning of LISTSERV Lists, etc.
- UH LDAP - Enterprise Directory Services, to be based on 389DS; co-managed with TI-SYS.
- UH Message Broker - Enterprise Message Broker, based on RabbitMQ.
- UHIMS Events - UHIMS Events publishes UHIMS Person Registry updates. Consumer applications can subscribe to UHIMS Events in order to detect terminations for example, in order to automatically deprovision access authorizations.
- UHIMS Views - The UHIMS Views provides access to data in the UHIMS person registry as well to person information, such as home address data, in select Systems of Record. UHIMS Views can also be used to crosswalk between UH Username and UH Number.
...