Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 4 Next »

Table of Contents

Enterprise Middleware, Identity and Access Management

A popular definition of middleware

"the intersection of the stuff that network engineers don't want to do with the stuff that applications developers don't want to do."
               — http://middleware.internet2.edu/overview/

IAM Services

  • UHIMS - University of Hawaii Identity Management System
    • Metadirectory/Person Registry with data from:
      • Banner
      • PeopleSoft
      • RCUH
      • WPMS - White Pages Management System
    • Provisions the following services:
      • Active Directory (tentatively planned for summer 2012)
      • Banner - Provides the UH Number (aka Student Id number).
      • Core LDAP
      • Google@UH Services
      • Grouper
      • LISTSERV (automated subscriptions lifecycle for affiliation-based mailing lists)
      • PeopleSoft HR - Provides the UH Number (aka Employee Id) through a manual process utilizing UHIMC.
      • Portal
      • UNIX shell/Personal Home Pages|MDR:UNIX LDAP and Home Directory Service
    • Provides the following audit functions
      • Google@UH Email Audit Utility - facilitates UH responses to legal requests for email account information.
    • Utilizes internal components
      • Roles and affiliation management subsystem
      • Email notification subsystem
      • Internal message broker
  • Identity Administrative Applications:
    • UHIMC - UH Identity Management Console
    • UHIMS Shell - (bmt) Administrative command line interface to UHIMS and identity/access management tools to various ERPs.
    • UHIMS Web Service - The UHIMS Web Services provide an API that exposes common UHIMS functions.  It is currently being overhauled to make it RESTful and to formalize the ACLs.
  • User Applications:
    • ACER - UH Acknowledgements and Certifications Self Service - ACER allows individuals to view and review acknowledgements and certifications.
    • CAS - UH Web Login Service v3.0 (upgrade to CAS 3.x under development)
    • UHIMS Groups enhanced LISTSERV lists - an extension of UHIMS Groups
      • Includes Automated campus LISTSERV discussion lists with supporting Grouper inclusion and exclusion groups.
    • IAM Self Service functions for UH Username creation - UH Username Bootstrapping and password creation page.
    • IAM Self Service functions for UH Username management - Password resets, Secret Questions and Answers.
    • IAM Self Service functions for app developers - under development.
    • Shib - UH Shibboleth Identity Service Provider (UH IdP) provides federated authentication to external Service Providers, such as Google, research.com, internet2.edu, educause.edu, etc.
    • UHIMS SSO Server - Banner Login Proxy
    • WPMS - White Pages Management System
  • Enterprise Middleware Applications:
    • UH LDAP - Enterprise Directory Services, to be based on 389DS; co-managed with TI-SYS.
    • UH Message Broker - Enterprise Message Broker, based on RabbitMQ.
    • UHIMS Events - UHIMS Events publishes UHIMS Person Registry updates. Consumer applications can subscribe to UHIMS Events in order to detect terminations for example, in order to automatically deprovision access authorizations.
    • UHIMS Groups - UHIMS Groups provides a standard Role Based Access Control solution for application authorization, LISTSERV Lists management, etc, based on Grouper.
    • UHIMS Views - (planned new service) The UHIMS Views provides access to data in the UHIMS person registry as well to person information, such as home address data, in select Systems of Record.  UHIMS Views can also be used to crosswalk between UH Username and UH Number.
  • ITS Security Group Support
    • Assist Security Group with Audits and Gmail extractions.
    • Google@UH Audit - Google Email Audit utility
  • UH Data Governance Support
    • Assist Data Governance committee with requests that impact authorization and authentication.
  • UH Data Center Instrumentation and Metadata Management (was SITAR)
  • Community and Developer Support (last, but not least)
    • Help other departments leverage ITS middleware infrastructure, especially our Identity Management infrastructure.
    • Facilitate the quarterly UH Applications Developers meeting
      • Provide UH developers the opportunity to be involved very early in the conceptualization and initial design of new projects.
      • Keep developers abreast of the status of projects that may be beneficial or otherwise impact them.
      • Provide developers an opportunity for early access to new technologies.
      • Provide developers with boot camps and hands on experience with technologies deployed by the IAM group.

Special Projects and Solutions developed by IAM and since moved elsewhere

  • Broadcast Announcements and Health and Safety Alerts
  • Google@UH email migrations - migrate email to the cloud

Random Notes

  • UHIMS was formerly known as the UH Metadirectory (Metadir), which was formerly known as Unison 2. The original Unison 1 was replaced by UHIMS on September 15, 2003.
  • The term Metadirectory now refers to just one aspect of UHIMS. It refers to both, the intelligence and the data resulting from merging data from our core business systems and other asynchronous sources. The Person Registry refers to the aforementioned merged data. Usually, Metadirectory and Person Registry are used interchangeably.
  • No labels