paper -
61 Centralized Directory Services and Accounts Management Project
Rob
Murawski, University of Pittsburgh
The Information Technology (IT) field and its
constituent technologies continue to develop and mature at a rapid rate. Nowhere is this change more prevalent than
in the security of IT resources.
Emerging authentication technologies, combined with forthcoming
directory service solutions, provide unique opportunities for developing and
integrating comprehensive solutions to central directory services and single
sign-on environments. The University of
Pittsburgh has reviewed its computing account structure and how the system
manages access to an array of IT assets
Account discrepancies and anomalies led to the need to develop a
progressive solution, reflecting advances in security, network and end-user
technologies. In 1998 the University
assembled a team to design and implement a comprehensive central directory and
account system.
The Centralized Directory Services and Accounts
Management Project can be broken into four major components:
1. Centralized Directory Services. This component is the full listing of all
University of Pittsburgh-affiliated individuals and allows an authoritative
listing of all individuals at the University of Pittsburgh.
2. Web-based Tools.
The web-based user and administration tools need to interface with the
directory, authentication systems, and other directory information.
3. Single-Sign-On and Authentication. This component handles the authentication of
users and allows for the single-sign-on.
4. Data Cleansing.
A data-cleansing project will be ongoing during all of the migration efforts. This component ensures that each account
maps to a person affiliated with the University of Pittsburgh and any other
accounts have justification.
The presentation will report on the goals of the project as proposed, and will compare these items to the final implementation. Significant time will be devoted to strategies, design considerations, technical specifications, hardware/software parameters and the implementation process, with particular attention given to lessons learned. A portion of the presentation will focus on future functionality and additional features that are scheduled for long-term implementation.
Keywords: Single sign-on, directory service, public key infrastructure, authentication and security.