| Description: | CES-wide authentication system | ||
| Projects: | BYU-Hawaii, CES, CES-wide Authentication, Shibboleth | ||
| Priority: | 50 | Task ID: | 51 |
| Long Description: | We need a way to authenticate the students, faculty, and employees of all CES schools and the libraries of the COB. Ideally, this will be a system maintained by each of the schools so that Provo does not maintain lists of users from other schools. | ||
| Status: | Open | ||
| Owner: | Price, Ryan | Contributors: | Lacanienta, Ranny |
| Due: | TBD | Opened: | 3/14/2002 |
| Changed: | 9/9/2004 | ||
| 12/15/2003 | We need to look at some open source solutions such as PubCookie http://pubcookie.org/ and Shibboleth http://shibboleth.internet2.edu/. Shibboleth is a lot more overhead, but may in the end be a better solution. LIS will meet on January 6 to discuss this. | ||
| 3/16/2004 | We have been contacted by BYU-Hawaii to set up access to their LDAP server. Ryan is working on this. | ||
| 6/3/2004 | Bill Holman announced recently that there will be a single CES-wide authentication through LDAP by September 2004. At that point we will convert to using that system instead of our own. The OIT managed system will support students at first and include employees later. | ||
| 8/18/2004 | The Nexus system is being rolled out this fall term. There is a meeting for the CSRs on 8/19/04. We will determine how this affects our existing systems. | ||
| 9/9/2004 | Bill Lund writes: "Ultimately, Nexus will provide a means for any of us to create applications that can authenticate users from any of the CES schools. However, at this point it time it does not appear that it will meet our needs. Consequently, I am not recommending any changes to our current CES-wide authentication systems.
Although Nexus will accommodate directory entries, including IDs and passwords for the four CES schools, currently, the only IDs populated into the system will be those of BYU-Provo and BYU-Idaho. At this point neither BYU-Hawaii nor LDS-BC are populating the directory system. Additionally, the only information that is being pushed down from the central directory to the LDAP server at BYU-Provo is the information for BYU-Provo. Lastly, we were told that there was no current means to differentiate between IDs of Provo and Idaho in the directory. In order for the system to be useful to us, it will need to push all CES information into the LDAP directories at each school, including information on the individual's affiliation. Once that happens, we can dismantle the CES-wide authentication system put in place by the Lee Library and convert to Nexus. I don't have a time frame for when that will be possible, but we will keep our ears open for new updates. It should also be noted that at this point the CES Seminaries and Institutes have not chosen to join Nexus and it will not include the libraries of the Church in Salt Lake. We would need to continue our own authentication systems to cover the Church libraries." | ||
| Description: | BYU-Hawaii Secure LDAP | ||
| Projects: | BYU-Hawaii, CES, CES-wide Authentication | ||
| Priority: | 99 | Task ID: | 100 |
| Long Description: | Implement a secure LDAP system to query their database for user IDs and passwords. | ||
| Status: | Open | ||
| Owner: | Price, Ryan | Contributors: | Lacanienta, Ranny |
| Due: | Phase 1 | Opened: | 3/18/2002 |
| Changed: | 9/9/2004 | ||
| 12/10/2002 | No word from Hawaii on their LDAP server. | ||
| 2/6/2003 | I've asked Ryan to contact people in Hawaii regarding this. The last word we had was that they were working on what the IDs would look like and how they would be implemented. In the mean time, we are using the library's 14 digit IDs and PINs for authentication. The information is downloaded to our LDAP server. This item will remain on hold until we get word from BYU-Hawaii regarding their secure LDAP. | ||
| 3/2/2004 | We've been contacted by OIT at BYU-Hawaii regarding their LDAP server. Ryan has successfully tested access from CESdb to their test LDAP server. He will be working with the BYU-Hawaii's library and OIT staff to convert CESdb to their LDAP server. | ||
| 8/18/2004 | This may be obsoleted by Nexus. | ||
| 9/9/2004 | This is not obsoleted by Nexus. We still need LDAP access to BYU-Hawaii's directories. | ||
| Description: | Evaluate the impact of Nexus on CES libraries | ||
| Projects: | BYU-H Unicorn, BYU-Hawaii, BYU-Idaho, CES, CES-wide Authentication | ||
| Priority: | 35 | Task ID: | 797 |
| Long Description: | Nexus is the CES-wide authentication system supported by OIT. We should replace our home-grown authentication with Nexus. | ||
| Status: | Hold | ||
| Owner: | Hold, Unowned | Contributors: | |
| Due: | TBD | Opened: | 8/18/2004 |
| Changed: | 9/9/2004 | ||
| 8/18/2004 | There is a CSR meeting on 8/19 to discuss the roll-out of Nexus.
We need to evaluate all of our systems that use authentication and determine what changes are needed. | ||
| 9/9/2004 | As implemented, Nexus will not serve the needs of the CES libraries. The current release will only export Provo IDs to the Provo LDAP server. Only Provo and Idaho will be in the edge directory, but that is not accessible to us. LDS-BC and Hawaii will not be in the system at this point. The Church Office Building has no plans on being in the system. At this point I am moving this to hold. | ||
| Description: | Shibboleth Investigation | ||
| Projects: | CES-wide Authentication, Shibboleth | ||
| Priority: | 99 | Task ID: | 637 |
| Long Description: | LIS will investigate the possibility of using Shibboleth for CES-wide authentication. | ||
| Status: | Hold | ||
| Owner: | Hold, Unowned | Contributors: | |
| Due: | TBD | Opened: | 1/7/2004 |
| Changed: | 8/16/2004 | ||
| 12/12/2003 | At CNI it appeared that Shibboleth is ready to be used. I would like to determine whether it would be an appropriate replacement for CESdb, catauth, and remoteauth. This task should evaluate the technology and determine what it would take to implement it for CES. | ||
| 1/7/2004 | Ryan is going install it on a test machine so that we can kick the tires. We also looked at PubCookie, but Ryan felt that Shibboleth was more likely to be robust and supported in the long term, due to its affiliation with Internet2. | ||
| 1/28/2004 | Ryan is reading the documentation at this point. | ||
| 8/16/2004 | Based on OIT's current plans to provide LDAP based authentication for all schools by September 2005, this project is on hold. | ||
Version: 4.0
©BYU 2002, 2003, 2004