InCommon Federation Discussions About Online Student Services

[Jeff Alderson <>]

Jimmy,

Thanks for the quick reply.  All of this makes a lot of sense, and I would
like to see some product literature and pricing on any component of this
system and approach that is not FOSS (DataFlux).

Also, I think this is incorrect:  "No the person_id is a database primary
key, it has to be a sequence."  As long as the primary key of the table is
"unique" it does not necessarily have to be a sequence.  UUIDs can
certainly be used in this situation.  Then, I guess it comes down to
knowing what else the person_id is used for, and if end users ever need to
"know" their person_id.  I'm only curious here for application
compatibility with what we are already doing to uniquely identify person
objects in our application.  Certainly something we could handle with an
update to the code.

Jeff

On 11/27/12 10:32 AM, "James Vuccolo" 
<>
 wrote:

>
>On Nov 27, 2012, at 10:05 AM, Jeff Alderson wrote:
>
>> Arnie,
>> 
>> I am going to try to attend the call, as I am very interested in this
>>open source solution.  In case I get double booked, can you raise the
>>following questions with Jimmy?
>
>Hi,
>
>> 
>>      € The docs mention that multiple "userids" can be assigned to a
>>specific person.  Would we use this for our approach, or would we focus
>>on the service provisioners method of connecting all the various service
>>providers?  Is there a linkage between SPs and userids?
>
>From our end we need to support multiple userids for various
>applications, for example I have three, one for testing, one as an admin
>and one as my normal account.  I would hope your application could just
>have to only need to use one.  It makes it easier for students when they
>only need to remember a single userid.
>
>>      € Have you considered other message queuing implementations for
>>Service Provisioners to subscribe to events, such as MSMQS?
>
>We have pretty much stayed in the JMS/STOMP family for message queues.
>We have used from a broker perspective, Geronimo, WebSphere, WebLogic and
>ActiveMQ.  We ended up picked ActiveMQ for our implementation.  Other
>features that we are looking at in relation to the CIFER project are the
>use of XMPP messages for change notification events.  In addition to
>Queues, we can also do Topics that Services Provisioners can subscribe
>to.  We are currently using persistence for all of our Queues.
>
>> Is that something we would need to build adapters for as service
>>providers?
>
>Yes, you would need to build a message processor (which we have sample
>code) that would process the message and provision the service.
>
>>      € Can the automatic generation of person_id be configured to be
>>anything but a one-up sequence?
>
>No the person_id is a database primary key, it has to be a sequence.
>
>>  Can we do something more secure/guaranteed unique like using UUIDs?
>>Would that require code modification?
>
>Sure UUIDs are something that can be done.  We do them today in our
>existing IdM implementation, the code for it can be ported to the CPR
>very easily.
>
>>      € Are the Identity Assurance Profiles compatible with InCommon or NIST
>>assurance levels?
>
>InCommon.
>
>>  If so, which ones are supported?
>
>Bronze and Silver.
>
>>      € There seems to be mention of commercial software being required to
>>support person Matching as well as address validation.  Can you identify
>>the commercial provider used and licensing costs associated with the
>>current implementation?
>
>The vendor is DataFlux, it is their Data Management Platform.  In that
>platform they have several modules, one is called the quality module
>(match codes) and the other one is called the enrichment module (address
>validation).  We can get you a number for the price.
>
>> Is there any possibility of developing or using an open source
>>alternative?  Our goal may be to provide a pure free and open source
>>(FOSS) stack here.
>
>The CIFER Project is looking at OS matching products.  Here is a link to
>the Strawman ID Match API:
>
>https://spaces.internet2.edu/display/cifer/SOR-Registry+Strawman+ID+Match+
>API
>
>UCB and UCSF were in the process of taking one of the products and
>attempting to convert it to satisfy their needs.
>
>Here is a link to the Match Evaluation:
>
>https://spaces.internet2.edu/display/cifer/ID+Match+Evaluation
>
>And one more link:
>https://spaces.internet2.edu/display/cifer/ID+Match+Engine
>
>They are currently looking at OYSTER from University of Arkansas as a
>potential open source solution.
>
>If we could find something that does the functionality of DataFlux when
>it comes to match code generation, then our matching algorithms for
>International and Domestic can be used.  The algorithms have been in
>production now for the past ten years and have been refined to produce
>the best match.
>
>Jimmy.
>
>
>> Thanks again for making this available.
>> 
>> Jeff
>> 
>> 
>> Jeff Alderson
>> 
>> Senior Director, Product Innovation
>> ConnectEDU Inc.
>>  
>> e: 
>> 
>> o: 617.532.3008
>> c: 617.251.8410
>> a: 600 Atlantic Ave, Floor 20, Boston, MA 02210
>>  
>> connectedu.com | epsilen.com | experience.com
>> <B6516268-2277-4949-9635-6F83BDEC0B50.png>
>><5E6009A2-CF2F-4365-9CB7-3D96CD8AA380.png>
>><831282D7-09FA-4960-BB2D-019B5C073912.png>
>><4D137996-9EEF-453E-8E4D-9D76C2A9A530.png>
>>  
>> CONFIDENTIALITY: This email (including any attachments) may contain
>>confidential, proprietary and privileged information, and unauthorized
>>disclosure or use is prohibited. If you received this email in error,
>>please notify the sender and delete this email from your system. Thank
>>you.
>> 
>>  
>> 
>> From: Arnie Miles 
>> <>
>> Reply-To: 
>> ""
>><>
>> Date: Tuesday, November 27, 2012 9:12 AM
>> To: CommIT mailing list 
>> <>,
>>  InCommon
>>Students Mailing List 
>><>,
>> EA2 Mailing List
>><>
>> Subject: [admissions-project] This week's CommIT Technical working
>>group call
>> 
>> Hi all,
>> 
>> In a "very special" (remember all those '70's TV special events?)
>>CommIT Technical Working Group call, Jimmy Vuccolo from Penn State will
>>be visiting to discuss the Central Person Registry, and it's potential
>>place in CommIT.
>> 
>> The Central Person Registry is a open source product from Penn State.
>>I'm not going to steal Jimmy's thunder, but it should handle user
>>provisioning, matching, password management, and other chores that we
>>have identified as requirements for CommIT.
>> 
>> You can read more about it:
>> 
>>https://wikispaces.psu.edu/display/IAM/Central+Person+Registry+Design+Wik
>>i
>> 
>> I've already sent out a Collaborate web conference announcement. For
>>those who aren't on the admissions-project list, the details are
>>repeated at the bottom of this message. The dial-in numbers for those
>>who don't want to or can't connect to the web conference is the same as
>>it's always been. Assuming I can get things working correctly, the web
>>conference will be dialed into the teleconference bridge.
>> 
>> We'll see.
>> 
>> 866-411-0013 PIN: 0104082#
>> 
>> Anyway, I'm looking forward to an interesting meeting. This will be our
>>first teleconference after the round of successful demonstrations we've
>>gone through, and I'm excited to get re-started on things.
>> 
>> Arnie
>> 
>> Admissions Project:
>> 
>> You are invited to attend the following Blackboard Collaborate session:
>> Name:        Commit Tech Working Group Call - Central Person Registry
>>Demonstration
>> Type:        None
>> Starts:      Nov 30, 2012 02:00 PM Eastern (EST, North America/US)
>> Ends:        Nov 30, 2012 04:00 PM Eastern (EST, North America/US)
>> 
>> To join the session, please click on the link below within 30 minutes
>>of the session start time.
>> Join the Blackboard Collaborate session
>> 
>> To invite others to join the session, e-mail the following Guest Link:
>> 
>>https://sas.elluminate.com/m.jnlp?sid=2009414&password=M.9C749B4835DCF136
>>E653BF0022FB4C
>> 
>> To add this Blackboard Collaborate session to your calendar, please
>>click the following link:
>> 
>>https://sas.elluminate.com/mvc?sid=2009414&miuid=64A621635F100404B4016506
>>7D43ED59
>> 
>> To view the hardware and software pre-requisites for Blackboard
>>Collaborate please visit support.blackboardcollaborate.com
>> Arnie Miles
>> 
>> Email: 
>> 
>
>--
>James "Jimmy" Vuccolo, 
>
>Technical Manager, Identity and Access Management
>The Pennsylvania State University
>215B Computer Building, University Park, PA 16802
>Office: 814-865-5635
>http://www.personal.psu.edu/jvuccolo/
>