logging in or signing up Fps fazil Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 118 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: December 19, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Friends of Penn State - FPS: Friends of Penn State - FPS James A. Vuccolo Lead Research Programmer Advanced Information Technologies (AIT) in Academic Services and Emerging Technologies (ASET), a unit of Information Technology Services (ITS) Agenda: Agenda Introduction The Development Process Using FPS Upcoming Features Application Providers Wrap-Up Introduction: IntroductionNames: NamesWhat FPS IS: What FPS IS The Friends of Penn State Account System is a digital identity management system designed to be used by application providers from within the Penn State community to establish and manage an end-user’s identity who does not have a Penn State Access Account. (Most likely for Web-based applications.) It is a database that holds various attributes about a person, including contact info AND a means for authentication. It provides a set of APIs which establish and manage account information. What FPS is NOT: What FPS is NOT It is NOT a set of end-user applications. It’s a database, Kerberos V (K5) KDC, and APIs. It is NOT for organizations or companies outside of the Penn State community to use for their applications. It enables people outside the Penn State community to access applications from within the Penn State community. The Development Process: The Development ProcessAssemble a Team: Assemble a Team FPS team members include representatives from: Administrative Information Systems (AIS) Academic Services and Emerging Technologies (ASET) Advanced Information Technologies (AIT) Consulting and Support Services (CSS) Interview Stakeholders: Interview Stakeholders Stakeholder A person/group who has a vested interest in FPS for use in their Web-based applications. Each organization was interviewed to determine what their needs are relative to FPS. Who are they? Office of Undergraduate Admissions, College of Agricultural Sciences, Alumni Association, Penn State Great Valley, University Library, Office of Human Resources (OHR), Outreach & Cooperative Extension (O&CE), PA State Data Center, Office of the University Registrar, Office of Student Aid, Office of the University Bursar, Undergraduate Education, World Campus and eCommerce What Did We Ask?: What Did We Ask? Indicate the number of users you intend to serve in the next 3, 5, and 10 years. What type of user identity is needed for your application(s) i.e., userid/password, personal cert., Penn State Id+ number, etc.? Indicate examples of data that would need to be stored and whether this data would be stored in our database (userid, email address, address,...)? Do you anticipate the migration of your users between the external and internal (production cell) authentication realms? Indicate what determines an inactive account and the length of time in which data for this account should remain online. Do you need specific APIs to a access the central data store to retrieve information about the user? Do you interface with other universities and/or organizations where identity must be exchanged? What authentication method is sufficient/needed now and in the future? Do you have a need for different classifications of accounts?Design: Design After the stakeholder interviews the project team was able to do the following: Derive FPS requirements Determine the technology to be used to satisfy the requirements Design the data store to be used to store user attributes Determine what software would be developedRequirement Categories: Requirement Categories General Authentication Database Graphical User Interface (GUI) Security Application Programming Interface (API) Migration Stakeholder SpecificSelected Technology: Selected Technology Authentication Process for determining whether someone or something is, in fact, who or what it is declared to be. MIT Kerberos V (K5) Authorization Process of giving someone permission to do or have something IBM DB2 Database IBM Directory Server (IDS) LDAP Server What is Kerberos?: What is Kerberos? Kerberos is: “…a network authentication protocol. It is designed to provide strong authentication for client/server applications using secret-key cryptography” http://www.mit.edu/kerberos/www/ Components Key Distribution Center (KDC) Master (located in Computer Building) Slave (located offsite) Clients Application ServersDatabase Design: Database DesignArchitecture: Architecture fps.psu.edu Master KDC LDAP Master DB2 Database Apache SSL Web Server fops.offsite.psu.edu Slave KDC LDAP Replica Kerberos Propagation LDAP Replication Native Kerberos FPS APITechnology Summary: Technology SummaryImplement: Implement CGI Programs (https://fps.psu.edu/) Create identity, change password, reset password, remove identity, update information and check identity HTTPS POST APIs (XML output) Create identity, change password, reset password, authenticate identity, set data, get data, certify identity, un-certify identity, lock identity, unlock identity, sign identity, un-sign identity, remove identity, get all data and remove role Help Desk Consultants InterfaceTest: Test Testing was performed in the following areas: Verification and validation of FPS CGIs and APIs Propagation of data from the Master to the Slave KDC Creation and maintenance of information in the LDAP serverUsing FPS: Using FPSObtaining An Account: Obtaining An Account Migration People who leave the University (e.g. graduates) will be migrated automatically to the external realm. FPS accounts holders who establish a formal relationship with Penn State (e.g. an applicant who registers) will be migrated automatically to the internal realm. Web Site Those who would like to have an FPS account can go to the FPS Web site (https://fps.psu.edu/) to create an account for themselves.Developing Applications: Developing Applications Interested groups who want to develop applications should do the following: Consult the FPS project site at http://www.psu.edu/fpsproject/ Contact the FPS development team at fps@psu.edu to discuss their specific application Using APIs: Using APIs FPS APIs can be used with the following languages: Perl Java C ASP SmalltalkA Sample API: A Sample API <html> <head><title>Test Create</title></head> <body> <form name=“auth_identity” method=“post” action=“https://fps.psu.edu/api/auth_identity.cgi”> <input type=“hidden” name=“userid” value=“jav5002> <input type=“hidden” name=“password” value=“someval”> <input type=“hidden” name=“group_id” value=“1”> <input type=“hidden” name=“in_fields” value=“userid,password”> <input type=“hidden” name=“min_flds” value=“userid,password”> <input type=“submit” name=“s” value=“submit”> </form> </body> </html>A Sample API (cont’d): A Sample API (cont’d) <?xml version="1.0" encoding="utf-8" ?> - <authentication> <status>SUCCESS</status> <realm>external</realm> <personID>243649</personID> <roleList /> </authentication>What Are Roles?: What Are Roles? Attributes that are assigned to a user User paid using a credit card. A picture ID was checked. Identity was migrated from the internal realm. A signature for a Penn State Access Account exists on file. Notary Enables access account holders to assign specific roles to an FPS identity Upcoming Features: Upcoming Features Unified Lab Consultants Interface Automated migration of identities from the internal to external realm Will happen before identity is locked in the internal realm Migration of identities from the external to the internal realm Example: when an applicant becomes a paid acceptApplication Providers: Application Providers World Campus Automated Registration System Courses.worldcampus.psu.edu ANGEL All auth via FPS server CWC Campus Advisory Committee Members Admissions Student Application Application Providers (cont’d): Application Providers (cont’d) Graduate School AIS/Registrar Transcripts Application Dairy and Animal Science Web based extension activities Great Valley Information kiosk DLT http://etda.libraries.psu.edu/ Wrap-Up: Wrap-Up Questions? Comments! You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
Fps fazil Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 118 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: December 19, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Friends of Penn State - FPS: Friends of Penn State - FPS James A. Vuccolo Lead Research Programmer Advanced Information Technologies (AIT) in Academic Services and Emerging Technologies (ASET), a unit of Information Technology Services (ITS) Agenda: Agenda Introduction The Development Process Using FPS Upcoming Features Application Providers Wrap-Up Introduction: IntroductionNames: NamesWhat FPS IS: What FPS IS The Friends of Penn State Account System is a digital identity management system designed to be used by application providers from within the Penn State community to establish and manage an end-user’s identity who does not have a Penn State Access Account. (Most likely for Web-based applications.) It is a database that holds various attributes about a person, including contact info AND a means for authentication. It provides a set of APIs which establish and manage account information. What FPS is NOT: What FPS is NOT It is NOT a set of end-user applications. It’s a database, Kerberos V (K5) KDC, and APIs. It is NOT for organizations or companies outside of the Penn State community to use for their applications. It enables people outside the Penn State community to access applications from within the Penn State community. The Development Process: The Development ProcessAssemble a Team: Assemble a Team FPS team members include representatives from: Administrative Information Systems (AIS) Academic Services and Emerging Technologies (ASET) Advanced Information Technologies (AIT) Consulting and Support Services (CSS) Interview Stakeholders: Interview Stakeholders Stakeholder A person/group who has a vested interest in FPS for use in their Web-based applications. Each organization was interviewed to determine what their needs are relative to FPS. Who are they? Office of Undergraduate Admissions, College of Agricultural Sciences, Alumni Association, Penn State Great Valley, University Library, Office of Human Resources (OHR), Outreach & Cooperative Extension (O&CE), PA State Data Center, Office of the University Registrar, Office of Student Aid, Office of the University Bursar, Undergraduate Education, World Campus and eCommerce What Did We Ask?: What Did We Ask? Indicate the number of users you intend to serve in the next 3, 5, and 10 years. What type of user identity is needed for your application(s) i.e., userid/password, personal cert., Penn State Id+ number, etc.? Indicate examples of data that would need to be stored and whether this data would be stored in our database (userid, email address, address,...)? Do you anticipate the migration of your users between the external and internal (production cell) authentication realms? Indicate what determines an inactive account and the length of time in which data for this account should remain online. Do you need specific APIs to a access the central data store to retrieve information about the user? Do you interface with other universities and/or organizations where identity must be exchanged? What authentication method is sufficient/needed now and in the future? Do you have a need for different classifications of accounts?Design: Design After the stakeholder interviews the project team was able to do the following: Derive FPS requirements Determine the technology to be used to satisfy the requirements Design the data store to be used to store user attributes Determine what software would be developedRequirement Categories: Requirement Categories General Authentication Database Graphical User Interface (GUI) Security Application Programming Interface (API) Migration Stakeholder SpecificSelected Technology: Selected Technology Authentication Process for determining whether someone or something is, in fact, who or what it is declared to be. MIT Kerberos V (K5) Authorization Process of giving someone permission to do or have something IBM DB2 Database IBM Directory Server (IDS) LDAP Server What is Kerberos?: What is Kerberos? Kerberos is: “…a network authentication protocol. It is designed to provide strong authentication for client/server applications using secret-key cryptography” http://www.mit.edu/kerberos/www/ Components Key Distribution Center (KDC) Master (located in Computer Building) Slave (located offsite) Clients Application ServersDatabase Design: Database DesignArchitecture: Architecture fps.psu.edu Master KDC LDAP Master DB2 Database Apache SSL Web Server fops.offsite.psu.edu Slave KDC LDAP Replica Kerberos Propagation LDAP Replication Native Kerberos FPS APITechnology Summary: Technology SummaryImplement: Implement CGI Programs (https://fps.psu.edu/) Create identity, change password, reset password, remove identity, update information and check identity HTTPS POST APIs (XML output) Create identity, change password, reset password, authenticate identity, set data, get data, certify identity, un-certify identity, lock identity, unlock identity, sign identity, un-sign identity, remove identity, get all data and remove role Help Desk Consultants InterfaceTest: Test Testing was performed in the following areas: Verification and validation of FPS CGIs and APIs Propagation of data from the Master to the Slave KDC Creation and maintenance of information in the LDAP serverUsing FPS: Using FPSObtaining An Account: Obtaining An Account Migration People who leave the University (e.g. graduates) will be migrated automatically to the external realm. FPS accounts holders who establish a formal relationship with Penn State (e.g. an applicant who registers) will be migrated automatically to the internal realm. Web Site Those who would like to have an FPS account can go to the FPS Web site (https://fps.psu.edu/) to create an account for themselves.Developing Applications: Developing Applications Interested groups who want to develop applications should do the following: Consult the FPS project site at http://www.psu.edu/fpsproject/ Contact the FPS development team at fps@psu.edu to discuss their specific application Using APIs: Using APIs FPS APIs can be used with the following languages: Perl Java C ASP SmalltalkA Sample API: A Sample API <html> <head><title>Test Create</title></head> <body> <form name=“auth_identity” method=“post” action=“https://fps.psu.edu/api/auth_identity.cgi”> <input type=“hidden” name=“userid” value=“jav5002> <input type=“hidden” name=“password” value=“someval”> <input type=“hidden” name=“group_id” value=“1”> <input type=“hidden” name=“in_fields” value=“userid,password”> <input type=“hidden” name=“min_flds” value=“userid,password”> <input type=“submit” name=“s” value=“submit”> </form> </body> </html>A Sample API (cont’d): A Sample API (cont’d) <?xml version="1.0" encoding="utf-8" ?> - <authentication> <status>SUCCESS</status> <realm>external</realm> <personID>243649</personID> <roleList /> </authentication>What Are Roles?: What Are Roles? Attributes that are assigned to a user User paid using a credit card. A picture ID was checked. Identity was migrated from the internal realm. A signature for a Penn State Access Account exists on file. Notary Enables access account holders to assign specific roles to an FPS identity Upcoming Features: Upcoming Features Unified Lab Consultants Interface Automated migration of identities from the internal to external realm Will happen before identity is locked in the internal realm Migration of identities from the external to the internal realm Example: when an applicant becomes a paid acceptApplication Providers: Application Providers World Campus Automated Registration System Courses.worldcampus.psu.edu ANGEL All auth via FPS server CWC Campus Advisory Committee Members Admissions Student Application Application Providers (cont’d): Application Providers (cont’d) Graduate School AIS/Registrar Transcripts Application Dairy and Animal Science Web based extension activities Great Valley Information kiosk DLT http://etda.libraries.psu.edu/ Wrap-Up: Wrap-Up Questions? Comments!