Consolidating Application Accounts

Modification Request (FY 2009)



1. Introduction

NRAO needs one database with authoritative "user information" in it. The purpose of this MR is to make it happen.

2. Background

NRAO has two different types of accounts: applications accounts, for users to access web-based applications, and computer login accounts (e.g. AD and NIS). In the past, most applications have been built with their own user databases (e.g. GBT observing applications, scheduling systems, PST). A few years ago, EVLA launched an effort to have a single user database and this is what was used when astronomers would log in to the Proposal Submission Tool (PST) to prepare and submit observing proposals. This database was adopted by e2e in 2006 and is still being used by the PST. We decided to wait until we had the initial draft of the ALMA Project Data Model (APDM) to substantially revise the schema of this database. In the meantime, several other applications were built which needed user databases. The interim solution was for those applications to take an initial version of the PST user database, copy it, use it for their application, and synchronize the accounts with the master user database. Those applications include the Business Office System (BOS), the GBT Dynamic Scheduling System (DSS) and the new EVLA observing applications. There are also other applications that have completely independent user databases (e.g. Carl's GBT scheduling system).

The introduction of JASIG Central Authentication System (CAS) provided a mechanism for single sign-on across web applications. All of the web applications can adjust to use CAS, and as a result, will also use the master user database. The goal of this MR is twofold: 1) to transition each of the applications to CAS, and by doing so, have all applications use the same user information, and 2) to consolidate all of the records in each of the individual databases to eventually end up with one that has comprehensive information as well as good data integrity. We also want to find one person who can be charged with maintaining data integrity for all of NRAO's user community.

"User community" is very loosely defined. Although we typically refer to the user community and "NRAO users" as the astronomical users of the telescopes, we also have to keep track of other user groups: 1) internal NRAO staff who use the web applications for testing, maintenance and developing new telescope capabilities, 2) groups of visitors, (e.g. scouting groups, SARA, Governor's School), 3) summer students, and 4) "dignitaries" and other important visitors who visit NRAO sites occasionally. There may be other types of users.

The development associated with this MR will encompass unifying user information for each of these user groups, including astronomical users. Applications accounts are distinguished from computer login accounts by one point only: there are many people who are authorized to use NRAO web applications, but there are few people who are actually authorized to log in to NRAO machines and use its computing resources directly.

3. Requirements

What are the implementation-independent requirements for this MR?

  • Build a standalone app for user profile information management. (Ask Mike if he was planning on doing this within the DSS upgrade to Django, and see if we can just split it out and use it for all apps.)

4. Design

Here is the desired end state:

cas-network-diagram.jpg

5. Deployment

This activity draws from what's been done over the past few years, and ends when there is one user database, all the applications authenticate against it, and user profile management is also consolidated to remove synchronization issues:

  • Phase -4: Original user database developed by EVLA and used for PST v1.0 (2004-2006)
  • Phase -3: User database transitioned to e2e group and used for PST v2.0 (2006+); EVLA uses original user database for internal applications
  • Phase -2: BOS and DSS build separate user databases with schema identical to e2e user database; BOS adds additional tables for integration with JD Edwards financial system, managing reservations, managing NRAO site information; DSS adds additional tables for dynamic contact information and schedule construction (2008)
  • Phase -1: EVLA adapts CAS and authenticates against e2e user database (late 2008)
  • Phase 0: Write this MR.
  • Phase 1: GBT DSS uses CAS via Django module (~June 2009)
  • Phase 2: During DSS upgrade to Django, resolve user profile management process (Spring 2009)
  • Phase 3: Merge BOS user database tables into e2e user database (Spring/early Summer 2009)
  • Phase 4: BOS adapts CAS via new Turbogears module to be developed (~September 2009)
  • Phase 5: Split proposal tables and user tables; create standalone e2e user database, import Carl's GBT data and de-dupe all records manually (Fall/Winter 2009)
  • Phase 6: Create new APDM-compliant schema and retrofit e2e user database and PST database to that model (Fall/Winter 2009)
  • Phase 7: Ensure that BOS can handle new schema (Winter 2009)

6. Test Plan

  • Try updating user profile information from all applications that use the e2e user database via CAS:
    • BOS, DSS, EVLA apps, PST, Astrid??

Signatures

APPROVED: To the best of my knowledge, the request in this MR is complete. I have thought through this request, and believe it to be an important feature to implement or bug to fix. ACCEPTED: I acknowledge that I have validated the completed code according to the acceptance tests.
Written symbol - name - date
Double-Checked symbol - name - date
Approved by Sponsor symbol - name - date
Accepted/Delivered by Sponsor symbol - name - date

Symbols:
  • Use %<nop>X% if MR is not complete (will display ALERT!)
  • Use %<nop>Y% if MR is complete (will display DONE)

-- KaiGroner - 2009-02-03

-- NicoleRadziwill - 2009-02-03

-- NicoleRadziwill - 2009-01-15

-- RonDuPlain - 2009-02-03

  • CAS Network Diagram - Displays Relationship with various Applications:
Topic attachments
I Attachment Action SizeSorted ascending Date Who Comment
cas-network-diagram.jpgjpg cas-network-diagram.jpg manage 82 K 2009-02-03 - 16:18 UnknownUser CAS Network Diagram - Displays Relationship with various Applications
Topic revision: r3 - 2009-02-06, NicoleRadziwill
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding NRAO Public Wiki? Send feedback