SIMI: ISO Perspective

1
SIMI ISO Perspective

• Al
• ISO
• CSU Northridge
• ISO_at_csun.edu

2
The Challenge

• Provide service for searching and browsing of
  information that is fast
• Secure access
• Authentication/authorization
• Secure the database
• Audit and compliance

3
Secure Access

• OpenLDAP offers several mechanisms to protect the
  security of the data it stores
• access control lists
• connection encryption
• password hashing

4
Secure Access

• Authentication
• Two categories of users of the directory
  infrastructure
• Authentication required
• Public
• Secure connection (SSL)
• Encryption
• Authorization
• Restrict access to certain attributes
• Limit applications access to what is required
• Public
• Access control lists (ACL)

5
Authentication required

• Mail
• Peoplesoft Portal
• Peoplefinder
• Self Service Tools
• Samba - File Sharing
• Wireless
• Webct

6
Portal Services
CSUNs IdM
Modem, VPN Wireless
VOIP
Servers Desktops
InstantMessaging
Calendaring
Degree Planning
L
ID Reconciliation
Directory
Course Scheduling
A
Business Processes
Policy
Email
T
R
O
P
List Serve
File Services uDrive (etc.) vDrive
Specialized Web Services
IdM Web Utilities
Databases
PeopleFinder
7
Public

• Provides unauthenticated access to a subset of
  attributes in the directory
• User/application can retrieve a max of 20 records
  
• Accessible on campus - behind firewall
• Used by
• Mail clients

8
Public

• Provides unauthenticated access to a subset of
  attributes in the directory
• User/application can retrieve a max of 20 records
  
• Accessible on campus - behind firewall
• Used by
• LDAP directory search in mail
• Peoplefinder