Date: Fri, 29 Mar 2024 06:24:43 +0000 (UTC) Message-ID: <1697688153.7547.1711693483735@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_7546_593138605.1711693483734" ------=_Part_7546_593138605.1711693483734 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
What this is:=
We've done some preliminary test of concept work here at Penn State to b= uild out eduCourse: in our case, as a schema called psuCourse and a sub-cla= ss, psuCourseOffering.
These schema permit representation in LDAP of course offerings and infor= mation related to those offerings for purposes of lookup. The entries can b= e granular to the section level.
We establish that there "is such a thing as English 101" in psuCourse, a= nd then instantiate it as an offering in psuCourseOffering. The offering ca= rries such attributes as semester, campus, section, etc.
We also have introduced psuPlaces into the picture, a schema for the rep= resentation of locations, granular down to the room level. The schema inclu= des an attribute for the GPS location of the building in which a room resid= es (and could, with the inclusion of a single additional attribute, take GP= S location to the room level).
These schema tie together with Person entries from our Central Person Re= gistry (CPR), OrgUnit entries from our eduORG directory, as well as interac= ting with each other.
Taken to the extent permitted by such schema, virtually all associations= between persons, courses, and locations, and orgUnits, could be represente= d as DNs pointing to the appropriate entries in the appropriate trees. Plea= se consider the thoughts behind this effort, outlined below.
My thanks to Jim Vuccolo and to Derek Morr for generously giving of thei= r time as we gave formal expression to these ideas. Without their assistanc= e, this document would be merely the ephemeral ramblings of one putatively = versed in information representation, without regard to the constraints con= fronting any pure idea through encounter with reality.
The PowerPoint slide deck may be found at https://iam.psu= .edu/sites/default/files/psucourse.ppt
About the thinking behind th= is:
This approach has emerged in our thinking as just one possibility means = to "de-silo-ize" the bewilderingly difficult, entirely intractable informat= ion landscape that has grown up over decades of accretion at our university= . The reader should regard this work, I suppose, as theoretical, that is, t= heoretically possible, even if not immediately (or perhaps ever) practicabl= e. Even those among our Penn State Identity and Access Management Technical= Architects Group who are intrigued enough by this approach to investigate = it don't believe this is something we can simply "up and do" right out of t= he gate. That said, the obstacles to adoption of these ideas probably have = more to do with the world into which they would be introduced than to their= merit in abstract.
We are in the midst of building out a Central Person Registry - it is de= signed to structure and store information relating to persons and their ide= ntity. We have come to see the potential desirability of a limited numb= er of purpose-designed registries, whose entries are related to one an= other, but which do not duplicate one another: in effect, a total deconstru= ction of the massively duplicated information currently spread across our i= nformation landscape. In place of the vast field of information silos we're= now confronted with, we can envision "a neighborhood of registries", with each registry holding cardinal entries for a "type" of information= .
In many respects, this represents a massive simplification in t= he representation of core information. Of course, such simplification at th= e center probably comes at costs elsewhere. At the present time, though, we= are paying those costs already; our present landscape appears to achieve s= implicity only to the extent we can muster by storing needed, but redundant= , data at the local level, without consideration to the complexity accrued = through maintenance, modification, even analysis of the "as-built" overall.=
In truth, the degree of complication we're already living with is unsust= ainable. The overwhelming complexity is felt now both the center and at the= localities.
Toward the goal of that simplification, the schema discussed here are en= visioned primarily as targets for lookup from the perspective of local need= s. The data in these directory structures are intended to be "authoritative= enough" to permit routine business decisions and processes to rely upon th= em. The registry-based cardinal entries upon which these data views themsel= ves would depend would be created and/or updated only by agents that have b= een given authority to perform such updates under a regimen of controls.
Such an architecture is, in many respects, a natural progression from th= e architecture required to reach the level of control we're trying to achie= ve with person identity information.
To sum up, in this investigation we're applying, by analogy, a kind of f= ractal approach, iterating a pattern and growing out the coherent structure= of the CPR to see what would happen if such coherency were permitted to sp= read.
Indeed, failure to bring similar levels of control, and similar simplici= ties of approach, to ancillary data related to persons and their complex in= teractions with our organizational units, programmatic offerings, business = services, and multiple locational contexts might doom the control we'= re hoping to bring to identity with the CPR.
In the present landscape even the Central Person Registry, however elega= ntly conceived and designed, may not be the sufficiently irresistible force= we would hope to wield against the immovable object of our present inertia= : such stasis born as it is out of legacy thrown upon legacy, kluge duct ta= ped to prior jury rig, reactionary crisis avoidance heaped upon emergency i= ntervention, along with a general disinclination to veer too far from an es= tablished trajectory.
Thanks for your time and consideration,
--Michael Pelikan