centralizing and automating peoplesoft authority management (security) session #20647 march 14, 2006...
TRANSCRIPT
![Page 1: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/1.jpg)
Centralizing and Automating Centralizing and Automating PeopleSoft Authority Management PeopleSoft Authority Management
(Security)(Security)
Session #20647
March 14, 2006
Alliance 2006 Conference
Nashville, Tennessee
![Page 2: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/2.jpg)
2
Your PresentersYour Presenters
Kevin Dale – Information System Analyst−At Stanford since July 2001 –
• Business Analyst for Financial Aid, Student Records and Security.
• Lead for the Authority Manager Automation Project.
Minh Nguyen – Software Architect−At Stanford since June 1997 –
• Lead the development of Authority Manager, version 3.0
• Part of the Signet core development
![Page 3: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/3.jpg)
3
Stanford UniversityStanford University
• Founded in 1891Founded in 1891
• Private university Private university
• 6,753 undergraduate 6,753 undergraduate
• 8,093 graduate 8,093 graduate
• 1,775 faculty1,775 faculty
• 7,565 staff7,565 staff
Located 30 miles south of San Located 30 miles south of San Francisco and just north of Francisco and just north of Silicon Valley.Silicon Valley.
![Page 4: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/4.jpg)
4
Your Organization and Your Organization and OracleOracleCampus Solutions 8 SP1Campus Solutions 8 SP1
• PeopleTools 8.22.05PeopleTools 8.22.05
Enterprise Portal 8.8 SP1Enterprise Portal 8.8 SP1• PeopleTools 8.44.03PeopleTools 8.44.03
Enterprise Learning Management 8.8 SP1Enterprise Learning Management 8.8 SP1• PeopleTools 8.45.12PeopleTools 8.45.12
Oracle e-Business Suite 11.5.9Oracle e-Business Suite 11.5.9
![Page 5: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/5.jpg)
5
AgendaAgenda
Authority Manager – SignetAuthority Manager – Signet• What is Signet?What is Signet?• FeaturesFeatures• BenefitsBenefits• ConceptsConcepts• TechnologiesTechnologies
PeopleSoftPeopleSoft• Before AutomationBefore Automation• Project GoalsProject Goals• How it Works – Business ProcessHow it Works – Business Process• DemoDemo• How it Works - TechnicalHow it Works - Technical• MetricsMetrics
Questions and AnswersQuestions and Answers
![Page 6: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/6.jpg)
SignetSignet
Minh Nguyen
![Page 7: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/7.jpg)
7
What is Signet?
Privilege Management System• Web application• Toolkit/API• XML Schema
Open Source Project from NMI-EDIT Consortium
Based on Stanford’s Authority Manager
![Page 8: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/8.jpg)
8
NMI-EDIT ConsortiumNMI-EDIT Consortium
• Comprises Internet2 and EDUCAUSE − NSF Middleware Initiative (NMI)-Enterprise and Desktop
Integration Technologies Consortium (EDIT)
• Funded in 2001 by NSF Middleware Initiative
• Researches and develops inter-institutional Identity and Access Management tools
• Guided by MACE – Middleware Architecture Committee for Education
− Group of R&E IT architects from US, Europe, and Australia
![Page 9: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/9.jpg)
9
FeaturesFeatures
• Grant/Revoke Privileges
• Grant-only
• Distributed Delegation
• Rules-Based Conditions
• Proxy
• Grant to Groups
![Page 10: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/10.jpg)
10
BenefitsBenefits
• Standard user interface for users to grant privileges
• Consistent, simplified policy definition via role-based privileges
• Improved visibility, understandability, and audit ability of privileges across the enterprise
• Reduces latency in access privileges lifecycle events (activating/deactivating)
![Page 11: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/11.jpg)
11
Building Blocks - ConceptsBuilding Blocks - Concepts
• Function - things a person can do; what they are getting privileges for.
• Scope - organizational hierarchy governing distributed delegation
• Limits - qualifiers, constraints for a privilege.
• Permission - atomic units of control that map to specific access rules in systems.
![Page 12: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/12.jpg)
12
Building Blocks – Concepts Building Blocks – Concepts (cont.)(cont.)
Condition
• Must be true to retain a privilege• Provides automatic revocation of privileges• Based on date, person’s status, affiliation,
etc.
Pre-requisite - pre-conditions that must be met to activate privileges, e.g., training
![Page 13: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/13.jpg)
13
ExampleExample
By authority of the Dean grantor
principal investigators grantee (group/role)
who have completed training prerequisite
can approve purchases function
in the School of Medicine scope
up to $100,000 limit
until January 1, 2007
as long as a faculty member at…
conditions
![Page 14: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/14.jpg)
14
TechnologiesTechnologies
• Java Language
• Servlet Container, e.g. Tomcat
• Struts MVC Framework
• Tiles for UI Customization
• Hibernate for Data Access Layer
![Page 15: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/15.jpg)
15
ResourcesResources
• NMI-EDIT – http://www.nmi-edit.org
• MACE – http://middleware.internet2.edu/MACE
• Signet – http://middleware.internet2.edu/signet
![Page 16: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/16.jpg)
PeopleSoft & Authority PeopleSoft & Authority ManagerManager
Kevin Dale
![Page 17: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/17.jpg)
17
Before AutomationBefore Automation
• Totally Manual Process
• No Tracking
• Potential for Incorrect Assignment
• Delay in Assignment
• No Audit / Validation Process
![Page 18: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/18.jpg)
18
Automation BenefitsAutomation Benefits
• Prerequisites – Enforcement
• Assignment Expiration
• Acting As
• Auto Revocation
- Identity ManagementLoss of Single Sign-On = Loss of PS Security
![Page 19: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/19.jpg)
19
PeopleSoft - Project Goals PeopleSoft - Project Goals
• Assignments or changes made in authority manager update PeopleSoft directly.
• The process will no longer require manual intervention.
• Minimal changes to the Authority Manager user interface, Student Admin will no longer use limit data.
• Speed up the authority process. Assignments to PeopleSoft are made in near real time.
![Page 20: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/20.jpg)
20
How it works – Business How it works – Business ProcessProcess1. Grantor inputs Assignment
2. Authority Sends Data to PS to update Security (Application Messaging)
3. Row Level / Data Permission Security is updated
4. Application Sends Security to Portal
![Page 21: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/21.jpg)
Start DemoStart Demo
![Page 22: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/22.jpg)
22
125 objects in project.125 objects in project.
30 Records
20 Fields
2 Translate Values
9 Pages
2 Menus
8 Components
24 Record PeopleCode
2 Process Definitions
8 SQL
2 Application Engine Programs
10 Application Engine Sections
1 Message Node
1 Message Channel
1 Message Definition
2 Subscription PeopleCode
2 Application Engine PeopleCode
1 Page PeopleCode
![Page 23: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/23.jpg)
23
How it works – How it works –
XML from authority
Transformed (XLST)
Application Messaging
Message Definition (STF_USER_PROFILE)
PeopleCode
Security Gets Assigned
![Page 24: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/24.jpg)
24
XML – XLST - XMLXML – XLST - XML XML snippetfrom Authority
Manager
XML snippetFrom XSLT
XML snippetfrom PS
![Page 25: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/25.jpg)
25
Application MessagingApplication Messaging
![Page 26: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/26.jpg)
26
MetricsMetrics
Volume
• On average 38 (includes HR, Student and Financials) new / changes to security assigned each day
Latency
• Events harvested every 10 minutes
• All updates completed within 1-2 minutes
![Page 27: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/27.jpg)
End DemoEnd Demo
![Page 28: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/28.jpg)
Questions?Questions?
![Page 29: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/29.jpg)
29
ContactsContacts
Kevin DaleKevin Dale
Information Systems Analyst, Administrative SystemsInformation Systems Analyst, Administrative Systems
Stanford UniversityStanford University
E-mail: E-mail: [email protected]@stanford.edu
Minh NguyenMinh Nguyen
Software Architect, Administrative SystemsSoftware Architect, Administrative Systems
Stanford UniversityStanford University
E-mail: E-mail: [email protected]@stanford.edu
![Page 30: Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee](https://reader036.vdocument.in/reader036/viewer/2022062422/56649ebb5503460f94bc40a2/html5/thumbnails/30.jpg)
This presentation and all Alliance 2006 This presentation and all Alliance 2006 presentations are available for presentations are available for
download from the Conference Sitedownload from the Conference Site
Presentations from previous meetings are also availablePresentations from previous meetings are also available