Wiki Markup |
---|
h2. Design Meeting - 2008-11-05 |
...
Attendees
h3. Attendees 1. [~steiner |
...
] 2. [~nmond |
...
] 3. [~dima767 |
...
] 4. |
...
Term Definitions
- System of Record - Authoritative source of information. Responsible for providing accurate information.
- Downstream System - Systems that are fed from the OpenRegistry. Rutgers is looking at scoping this to only include systems that things belong to the Identity Infrastructure. Other systems that need data should look to standard APIs such as LDAP.
Design Goals
- OpenRegistry will be an open standard-based system. Standards such as SOAP, REST, etc. should be used wherever there will be interaction with non-OpenRegistry Systems.
- OpenRegistry will be loosely coupled. This means that common interfaces will be provided that can be used to substitute components.
- A Database Abstraction layer will be utilized to abstract the database specific needs.
- System will be extensible and general enough that deployers can utilize extension points to add their own additional needs and capabilities to it without modifying the system source code for common use cases.
Open Questions
- Are we going to have a Business Rules repository? Business Rules seem like a generally useful thing to have at the University but may be outside the scope of identity data (one can imagine non business-rules identity-data). The OpenRegistry system may benefit from having a pluggable rules engine system that can use an external University-defined Business Rules Repository/engine but may also just rely on something such as a rules engine.
- Permissions Repository - hold all permission data and push out to system as needed? i.e. populate LDAP ACLs from permission data Permissions should include privacy information.
Implementation Details
- Messaging Queue for downstream systems to poll for retrieving updates. This may be a system such as LDAP or a deprovisioning tool watching for specific items.
- Audit Log should be specific enough that we can track redo, undo and troubleshoot, whether its automatic or manual.
- Batch, Real-time, and Web Interface. Real-time could be REST, SOAP, JMS, etc. Web Interface is a UI for entering data in real time, using the OpenRegistry as a system of record.
Release 1 Scope
...
[~battags] h3. Term Definitions * System of Record - Authoritative source of information. Responsible for providing accurate information. * Downstream System - Systems that are fed from the OpenRegistry. Rutgers is looking at scoping this to only include systems that things belong to the Identity Infrastructure. Other systems that need data should look to standard APIs such as LDAP. h3. Design Goals * OpenRegistry will be an open standard-based system. Standards such as SOAP, REST, etc. should be used wherever there will be interaction with non-OpenRegistry Systems. * OpenRegistry will be loosely coupled. This means that common interfaces will be provided that can be used to substitute components. * A Database Abstraction layer will be utilized to abstract the database specific needs. * System will be extensible and general enough that deployers can utilize extension points to add their own additional needs and capabilities to it without modifying the system source code for common use cases. h3. Open Questions * Are we going to have a Business Rules repository? Business Rules seem like a generally useful thing to have at the University but may be outside the scope of identity data (one can imagine non business-rules identity-data). The OpenRegistry system may benefit from having a pluggable rules engine system that can use an external University-defined Business Rules Repository/engine but may also just rely on something such as a rules engine. * Permissions Repository - hold all permission data and push out to system as needed? i.e. populate LDAP ACLs from permission data Permissions should include privacy information. h3. Implementation Details * Messaging Queue for downstream systems to poll for retrieving updates. This may be a system such as LDAP or a deprovisioning tool watching for specific items. * Audit Log should be specific enough that we can track redo, undo and troubleshoot, whether its automatic or manual. * Batch, Real-time, and Web Interface. Real-time could be REST, SOAP, JMS, etc. Web Interface is a UI for entering data in real time, using the OpenRegistry as a system of record. h3. Full Scope * <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} /* List Definitions */ @list l0 {mso-list-id:984159483; mso-list-type:hybrid; mso-list-template-ids:333505362 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;} @list l0:level1 {mso-level-tab-stop:.5in; mso-level-number-position:left; text-indent:-.25in;} @list l0:level2 {mso-level-number-format:alpha-lower; mso-level-tab-stop:1.0in; mso-level-number-position:left; text-indent:-.25in;} ol {margin-bottom:0in;} ul {margin-bottom:0in;} -->Provide repositories for identity data: Person, Group, Course, Account, Credential. * Support following populations: <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} /* List Definitions */ @list l0 {mso-list-id:984159483; mso-list-type:hybrid; mso-list-template-ids:333505362 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;} @list l0:level1 {mso-level-tab-stop:.5in; mso-level-number-position:left; text-indent:-.25in;} @list l0:level2 {mso-level-number-format:alpha-lower; mso-level-tab-stop:1.0in; mso-level-number-position:left; text-indent:-.25in;} ol {margin-bottom:0in;} ul {margin-bottom:0in;} -->students, continuing ed students, joint program students, alumni, new employees, faculty, staff, retirees and guests. * Support updates via: batch, real-time (system-to-system), web interface (manual input) * Perform following input processing: ** normalization ** reconciliation ** generate attribute data based on rules ** populate repositories based on rules ** provide identifier assignment for new individuals * Provide services: ** accept data from SORs ** expose data to downstream systems feeding identity infrastructure * Provide permssion model for privacy policy enforcement * Provide audit capability that may be used for trouble shooting and manual/mechanized error correction. h3. Release 1 Scope * Focus on Guest Management ** Is Real-time Interface needed at this point? ** Batch and Web UI appear needed ** Input Processing may be simpler |