Edré Moreira Wilton CaldasOsvaldo Carvalho

Federal University of Minas Gerais, BrazilCAFe Federation

Advanced CAMPPhiladelphia, June 2009

EID´s Role in IAM

Philadelphia, June 2009 2Advanced CAMP

Features

• Metadirectory• Flexible and easy definition of data models• ETL (Extract, Transform and Load) tools for

simplified conection to Source Systems• Pluggable algorithms for– Unification for data coming from various sources– Record deduplication

• Flexible export to LDAP• Group management

Philadelphia, June 2009 3Advanced CAMP

EidObject

• Everything in Eid is an EidObject• An EidObject is nothing but a Global Unique

Identifier• An EidObject is linked to various EidClass

Philadelphia, June 2009 Advanced CAMP 4

EidClass

• Each EidClass is a collection of user defined attributes:– Student data, Faculty data, Address data, Email

attributes, Group membership data, ...

• For each EidClass you may plug an unification algorithm to manage data from more than one source

Philadelphia, June 2009 Advanced CAMP 5

Data Repositories

• Source or Target data• Source data may be relational DB or text file• Target is EID database• User defined mapping of source to target

fields– You may plug a transform script

Philadelphia, June 2009 Advanced CAMP 6

Process Management

• A process extracts data from source systems• For each registered process, you define:– The set of extractions to be done– Execution order (important for integrity constraints)– Scheduling parameters, including frequency and time

windows– Error recovering actions

• EID allows for process execution monitoring

Philadelphia, June 2009 Advanced CAMP 7

EID2LDAP

• Automatic LDAP feed with data from metadirectory (attributes, groups, ...)

• XSLT based, adapts to any LDAP schema

Philadelphia, June 2009 Advanced CAMP 8

Group Management

• Groups are SQL defined– (we´ll offer a better interface)

• Groups are exported to LDAP

Philadelphia, June 2009 Advanced CAMP 9

How to use EID

1. Install EID2. Define your EidClasses3. Register your source systems4. Register, configure and schedule your processes

for data extraction5. Configure xslt for your LDAP schema6. You´re in production: monitor your processes,

manage classes, source systems, processes, groups

Philadelphia, June 2009 Advanced CAMP 10

Where we are

• In production in 7 federal brazilian universities• Next steps:– English and Spanish versions– Namespace, password and certificate

management– Guest management

Philadelphia, June 2009 Advanced CAMP 11

THANKS

• Bob Morgan, Ann West• Our Sponsors

RNP – National Education and Research NetworkSESU – Secretary of Higher Education, BrazilUFMG – Universidade Federal de Minas Gerais

Philadelphia, June 2009 Advanced CAMP 12

More Information

• SourceForge, look for “eid”• CAFe Federation Project– http://www.rnp-eaa.ufc.br

• Grupo São Tomé– http://www.lcc.ufmg.br/saotome

• edre@ufmg.br• osvaldo@dcc.ufmg.br

Philadelphia, June 2009 Advanced CAMP 13