1999 - 2004: University of Notre Dame, Office of Information Technology
In 1999 I was hired by the University of Notre Dame to be their Manager of Information Engineering. The focus of this new position was to develop an ongoing program around data warehousing, data modeling, and to encourage best practices in data management. In early 2000 central IT management directed the immediate development of an Enterprise Directory Service using the Lightweight Directory Access Protocol (LDAP) in support of Single-Sign On (SSO) and, in contrast to existing account based systems, establishing a person-based identity registry for students, staff, and faculty of the University. I became responsible for this effort, focusing on directory schema, provisioning scripts, access controls, application integration using LDAP, and the development of web interfaces for directory search and user profile self-service. While the directory and registry could have been developed as separate components of this new IdM infrastructure, instead they were combined into a single directory with person-based entries and account-based attributes. In time the directory schema and provisioning applications were enhanced to include automated groups, allowing features of both roles based access control (RBAC) and discretionary access control (DAC). During this time I was appointed the Internet2 Meta Directory Services Campus Architect, was an active participant in the Middleware Architecture Committee for Education Directories working group ("MACE-Dir") and gave many presentations at Internet2, CUMREC, EDUCAUSE, and other higher-education focused conferences, as well as consulting with several universities included among them George Mason University and the University of Southern California.Publications during this period 2002 to 2004 include:
June/2004 “Pseudonymous Instant Messaging Case Studies”NMI MACE-I2IM working group
May/2004 “Local Domain Person Object Class Study – Survey Results”, DraftNSF Middleware Initiative document - NMI-R5
Dec/2003 “Internet2 Directory Services Diagnostic Scenarios”NMI MACE-Dir working group
Oct/2002 “Metadirectory Practices for Enterprise Directories in Higher Education”, v200210
Co-author, editor
NSF Middleware Initiative document - NMI-R2May/2002 “Metadirectory Practices for Enterprise Directories in Higher Education”, v1.0Co-author, editor
NSF Middleware Initiative document - NMI-R1
2002 Presentations
10/28/02 “Middleware Technology - Operational Issues in Directories” tutorial session; Internet2 Member Meeting
10/3/02 “LDAP-Enabled Privacy at the University of Notre Dame” poster session; EDUCAUSE Annual conference
10/2/02 “The University of Notre Dame Enterprise Directory: Engineering Order from Chaos” poster session; EDUCAUSE Annual conference
7/31/02 “Directory Service Operational Performance Monitoring at Notre Dame”; Internet2 Advanced CAMP (Campus Architectural Middleware Planning) Workshop, July 2002, Boulder, Colorado
6/25/02 “MACE-Dir: Metadirectories - Practices in Higher Ed”; Internet2 Base CAMP (Campus Architectural Middleware Planning) Workshop, Boulder, Colorado
5/7/02 “MACE-Dir: Metadirectories”; Internet2 Member Meeting 4/17/02 “Enterprise Directory for Single Sign-On”; American Association of Collegiate Registrars and Admissions Officers (AACRAO) Annual conference
2003 Presentations
11/6/03 “Directory-Enabling Applications: Techniques from the Trenches”; EDUCAUSE Annual conference
6/6/03 “Ask the Experts” expert panel session moderated by Ken Klingenstein, Project Director, Internet2 Middleware Initiative & Chief Technologist; NMI-EDIT Campus Architectural Middleware Planning (CAMP) Meeting, Boulder, Colorado
6/4/03 “Leveraging Applications and Network Services Using Authentication” expert panel session moderated by Michael Gettes, Sr. Technical Architect & Strategist, Duke University; NMI-EDIT Campus Architectural Middleware Planning (CAMP) Meeting, Boulder, Colorado
5/13/03 “Self-service Privacy Using LDAP at the University of Notre Dame”; CUMREC Annual conference
5/13/03 “The University of Notre Dame Enterprise Directory: Engineering Order from Chaos”; CUMREC Annual conference
4/10/03 “Metadirectory: A Tool For Multiple Directories”; Internet2 Member Meeting
4/9/03 “Recent Developments in Directories: Performance Monitoring with “Look””; Internet2 Member Meeting
3/25/03 “LDAP-Enabled Privacy at the University of Notre Dame”; EDUCAUSE Midwest Regional Annual conference 3/13/03 “Middleware At ND” webcast; Internet2 Day, Notre Dame, Indiana
2/6/03 “Managing Enterprise Directories: Operational Issues - Performance Monitoring” co-presented with Dr. Thomas Barton, University of Memphis); NMI-EDIT Base CAMP (Campus Architectural Middleware Planning) Workshop
2/5/03 “Architecting Your Data and Metadirectory Model”; NMI-EDIT Base CAMP (Campus Architectural Middleware Planning) Workshop
2004 Presentations
10/20/04 “Directory-Enabling Applications: Techniques From The Trenches”; EDUCAUSE Annual conference
7/2/04 “Connectors & Provisioning” expert panel session moderated by Keith Hazelton, Senior Technical Architect, University of Wisconsin-Madison; NMI-EDIT Advanced Campus Architectural Middleware Planning (CAMP) Meeting, Boulder, Colorado
5/18/04 “Canning the Spam: Winning the War at Notre Dame”; CUMREC Annual conference
5/17/04 “Directory-Enabling Applications: Techniques From The Trenches”; CUMREC Annual conference
4/22/04 “Getting to Win-Win: Leveraging Active Directory With Campus Enterprise Services”; EDUCAUSE Midwest Regional Annual conference
4/21/04 “Enterprise Directories: An Implementation Roadmap”; EDUCAUSE Midwest Regional Annual conference - seminar co-presented with Joel Cooper, Carleton College Director of IT, Chicago, Illinois
4/20/04 “Directories: Recent Schema Work - Local Domain Person”; Internet2 Member Meeting
2005 - 2014: University of Southern California, Information Technology Services
From 2005 to 3/2014 I developed and managed the Identity Management services at USC. As I had previously at Notre Dame, I designed and maintained the schema, access controls, and provisioning scripts for the Enterprise Global Directory Service and supervised the team of technologists with responsibility for the Shibboleth Identity Provider for web-based SSO, the Person Registry database, the Affiliate Identity System ("iVIP"), the Groups Management self-service application ("MyGroups"), the self-service password management application, and the self-service federated guest registration application. I worked closely with other offices at the University in the development of a governance program for Identity Management and served as the technical lead for that program. During this time I chaired the MACE-Dir working group, co-chaired the NISO Institutional Identifiers (I2) E-Learning working group (12/1/08 - 3/2009), and spoke regularly at a large number of higher-education focused conferences.Publications during the period 2004 to 3/2014 include:
March/2010 “Ready the Pipes: Campus Technology Magazine”http://campustechnology.com/articles/2010/03/01/ready-the-pipes.aspx?sc_lang=enInterviewed for this article
Sept/2005 “Higher Education Person: A Comparative Analysis of Collaborative Public LDAP Person Object Classes in Higher-Education”NMI MACE-Dir working group
May/2005 “Local Domain Person Object Class Study – Survey Results”Author
NSF Middleware Initiative document – NMI-R7
2005 Presentations
10/21/05 “Leveraging Data Warehousing Assets in Enterprise Directory Design”; EDUCAUSE Annual conference
9/21/05 “Recent Advancements in Metadirectory Development in Higher Education” expert panel moderated by Brendan Bellina; Internet2 Member Meeting 9/19/05 “Metadirectories / Provisioning” Birds of a Feather session; Internet2 2005 Member Meeting
6/29/05 “Identity Management: Forming the Game Plan and Next Steps” expert panel session with accompanying presentation; NMI-EDIT CAMP Identity and Access Management Integration Workshop, Denver, Colorado
6/27/05 “Identity Management: Reflect and Join”; NMI-EDIT CAMP Identity and Access Management Integration Workshop, Denver, Colorado
5/17/05 “Enterprise Directory Design – Facing the Initial Challenges”; CUMREC Annual Conference
5/2/05 “Metadirectories & Resource Provisioning BoF: Feeding the USC Person Repository” Birds of a Feather session with accompanying presentation; Internet2 Member Meeting
3/22/05 “Middleware Authorization Using Groups”; EDUCAUSE Midwest Regional Annual conference
2006 Presentations
10/10/06 “Enterprise Directory Design – Facing the Initial Challenges”; EDUCAUSE Annual conference
10/9/06 “Care and Feeding of the Institutional Directory Service – Advanced Issues, Problems, and Solutions” half day seminar; EDUCAUSE Annual conference
10/9/06 “Deploying Shibboleth: Technical Requirements, Policy Issues, and Case Studies” half day seminar; EDUCAUSE Annual conference
6/27/06 “Using Shibboleth as Your WebSSO Authentication System”; CAMP Shibboleth, Burlington, Virginia
4/24/06 “Enterprise Directory Design – Facing the Initial Challenges”; EDUCAUSE Western Regional annual conference
3/21/06 “IdM and AuthX @ USC”; NMI Signet and Grouper Early Adopters Deployment Workshop, Los Angeles, California
3/21/06 “eduPermissionGroup draft”; NMI Signet and Grouper Early Adopters Deployment Workshop, Los Angeles, California
2007 Presentations
10/25/07 “Collaborators at the Gates of Troy – Extending eServices at USC”; EDUCAUSE Annual conference
10/23/07 “Architecting the Institutional Directory Service – Advanced Issues, Problems, and Solutions” full day seminar; EDUCAUSE Annual Conference
5/9/07 “Extending the Reach of eServices – Policy and Practice at USC”; EDUCAUSE Western Regional Annual conference
2008 Presentations
11/6/08 “The Launch of Google Apps at USC: Determinants, Decisions, and Deterrents”; TERENA EuroCAMP Annual conference, Athens, Greece
11/6/08 “USC Identity and Access Management”; TERENA EuroCAMP Annual conference, Athens, Greece
11/5/08 “Typical Directory Implementations at Institutions in Higher Education”; TERENA EuroCAMP Annual conference, Athens, Greece
10/30/08 “The Launch of Google Apps For Education at USC: Determinants, Decisions, and Deterrents”; (audio recording available here); EDUCAUSE Annual conference
10/29/08 “Applying Data Governance in Identity Management: To Serve and Protect” lightning talk session; EDUCAUSE Annual conference
10/29/08 “Applying Data Governance in Identity Management: To Serve and Protect” poster session; EDUCAUSE Annual conference
10/15/08 “The Launch of Google Apps For Education at USC: Determinants, Decisions, and Deterrents”; Internet2 Member Meeting
10/14/08 “Kerberos role in Unified Identity and Access Management”; Internet2 Member Meeting
10/13/08 MACE Directories Working Group update; Internet2 Member Meeting
8/8/08 EDUCAUSE Live! “Spotlight on Identity Management at USC”; online seminarhttps://library.educause.edu/resources/2008/8/spotlight-on-identity-management-identity-management-at-usc-collaboration-governance-and-access
7/10/08 “Identity Management at USC: Collaboration, Governance, Access”; American Association of Collegiate Registrars and Admissions Officers (AACRAO) Identity Management Workshop
4/21/08 MACE Directories Working Group update; Internet2 Member Meeting
4/1/08 “Applying Data Governance in Identity Management: To Serve and Protect”; EDUCAUSE Western Regional Annual conference
2009 Presentations
10/7/09 “InCommon Collaboration Activities – National Student Clearinghouse”; Internet2 Member Meeting
10/5/09 MACE Directories Working Group update; Internet2 Member Meeting
4/27/09 MACE Directories Working Group update; Internet2 Member Meeting
2/11/09 “Google@School: Apps, Tools, & Tips for Your College”; online Higher Ed Hero seminar
2/5/09 “Student Identity Life Cycle - Stage 2: Managing Digital Identity - USC IAM”; Internet2/EDUCAUSE CAMP
2/4/09 “Student Identity Life Cycle - Stage 1: Establishing a Relationship” co-presented with Dr. Kenneth Servis, USC Registrar; Internet2/EDUCAUSE CAMP
2010 Presentations
6/10/10 InCommon IAM Online: “Hot Topics and Current Issues in Identity Management – Handling Affiliate Populations”; online seminar
6/9/10 “USC Identity Management, Shibboleth, and SAML”; Open Web Application Security Project (OWASP), Los Angeles chapter
4/24/10 “Using Shibboleth to Connect: Applications for the Clearinghouse and other Federated Applications”; American Association of Collegiate Registrars and Admissions Officers (AACRAO) Annual conference
4/14/10 “Identity Management for Security Professionals: Leveraging Federations” seminar; EDUCAUSE Security Professionals Conference
4/14/10 “Federated Identity Management: Addressing the Risky Business”; EDUCAUSE Security Professionals Conference
2012 Presentations
4/25/12 “Supporting a Widely Deployed Campus Shibboleth Implementation” co-presented with USC, Duke, and Ohio State University; Internet2 Member Meeting
4/25/12 “USC Shibboleth Support Model” co-presentation with Russell Beall, USC; Internet2 Member Meeting
2013 Presentations
4/25/12 “USC Shibboleth Support Model” co-presentation with Russell Beall, USC; Internet2 Member Meeting
2013 Presentations
11/13/13 “USC: Managing Your Service Provider Interactions”; Internet2 Identity Week
10/17/13 “Multi-Factor Authentication in Higher Education”; EDUCAUSE Annual conference
5/13 “USC’s OAuth Recipe: OAuth + Enriched Identity Data + Central Authorization”; Common Solutions Group (CSG Stonesoup) member meeting
5/13 “An Overview of Identity Management: Where It Has Been and Where It Is Going”; EduSoCal Annual conference
10/17/13 “Multi-Factor Authentication in Higher Education”; EDUCAUSE Annual conference
5/13 “USC’s OAuth Recipe: OAuth + Enriched Identity Data + Central Authorization”; Common Solutions Group (CSG Stonesoup) member meeting
5/13 “An Overview of Identity Management: Where It Has Been and Where It Is Going”; EduSoCal Annual conference