Registries Lets put everything in AD Person Registry
- Slides: 21
Registries
“Lets put everything in AD”
Person Registry Just another consumer of identity
Person Registry • Remember we spoke about authorities? These feed your registry… • Unique identifier • Name (from HR) • Email address (from IT) • Employee number (from HR)
Person Registry - Software • Net. IQ (Novell) Identity Manager • Microsoft Identity Manager (MIM) • IBM Tivoli Identity Manager • Oracle Identity Manager • Open. IAM • Apache Syncope
Person Identifiers
Person Identifiers • Username • National ID • Passport number • Student number • Employee/staff number • Email address? • ORCID i. D Is there ever duplication? What are the privacy implications Do we agree on formatting? In what circumstances can they change?
What makes a good person identifier? 4 NF
Identifier concepts/terminology • Persistent vs transient • Transferable / reassignment • Unique • Pseudo-anonymous • Opaque • Pseudonym • Targeted
Privacy-preserving identifiers • Should be generated • not the same as the identifier in your person registry/directory • Must be opaque and uni-directional • e. g. a SHA-256 hash • Think about making them targeted
ORCID i. D • Open Researcher and Contributor Identifier • http: //orcid. org/0000 -0002 -9388 -8592 • Persistent, opaque • Institutionally independent • Like a DOI for people
inet. Org. Person A person schema for the Internet… https: //tools. ietf. org/html/rfc 2798
inet. Org. Person • given. Name • sn • display. Name • mail • ou Used by default in most directory services (e. g. Active. Directory)
edu. Person A person schema for higher education… https: //www. internet 2. edu/products-services/trust-identity/eduperson-eduorg/
edu. Person • edu. Person. Principal. Name • edu. Person. Affiliation • edu. Person. Scoped. Affiliation • edu. Person. Orcid • edu. Person. Entitlement
edu. Person - scoping • How do you make an identifier globally unique? • We can leverage on DNS • RADIUS does this with realms • guy@staff. tenet. ac. za
edu. Person. Affiliation • Controlled vocabulary: • • alum affiliate employee faculty library-walk-in member staff student • Can have national extensions https: //www. terena. org/activities/refeds/docs/e. PSAcomparison_0_13. pdf https: //safire. ac. za/technical/resources/generating-edupersonaffiliation/
edu. Person. Entitlement • Widely used by library providers • But slowly being superseded by edu. Person. Scoped. Affiliation • urn: mace: dir: entitlement: common-lib-terms
Group Registries
Group Registries • Define the relationships between entities • Can be as simple or complex as you like/need
Access control • Groups (GBAC) • Attributes (ABAC) • Roles (RBAC)
Nurseregistry
Person person = new person()
Example of personal pronoun
Singular 2
Third person writing
Newspeak
Put everything together
How to put god first in everything you do
Describe in detail
You put your right foot in you put your right foot out
Put out that light
Person-job fit and person-organization fit
One person's garbage is another person's treasure
A person swings on a swing when the person sits still
Public class person private string name
What is the external conflict in fahrenheit 451
When a person is logrolled, the person is
Informal writing
"hi jack. what are you doing?"
Chapter 18 safely moving the person
Excerpt from the car by gary paulsen answer key
First person vs third person writing
