Posts by Adam Franco

 
 
 

Introducing: The Identity Management Project

March 5, 2010 by
Categories: Midd Blogosphere

The Identity Management Project kicked off in December of 2009. The current project team (small ‘t’) is Tom Cutter, Adam Franco, Mike Lynch, Chris Norris, Carol Peddie, Mark Pyfrom, Jeff Rehbach, Mike Roy, and Marcy Smith.

The Identity Management (IDM) project seeks to organize our concept of a “person” or “identity” among our various systems (including Banner, the Active Directory, web-applications, hosted systems, and others). This project focuses on three facets of each identity:

Unique identifier:
Every identity would have a unique identifier. Currently, only people in Banner have one of its identifiers (guests and vendor-staff aren’t in Banner) and only people in AD have log-in names (alumni, parents, and others aren’t in the AD).
Unified Properties:
Each identity will have a set of properties (name, email, address, title, department, etc) that is consistent and available to all of our applications. Currently user properties may be different or unavailable depending on which source of user information is used; a person’s title is a good example of this inconsistency.
Roles:
Identities will gain zero or more “roles” that can be used to grant or deny access to our systems and services. We currently have no consistent way (in AD or web applications) of determining if a person is a current student, faculty, staff, or other role — the best we can do now is to look at membership in certain mailing lists like “All_Faculty”. With the IDM project, we will be able to access an authoritative list of the current roles for a person (visitors would have no roles) and will be able to ensure that access to services properly matches an individual’s relationship to the college.

In addition to organizing and improving the properties and roles of our current set of users (current students, faculty, staff, emeriti, vendors, spouses, and limited guests), the IDM project will also enable us to expand the number of usable (authenticate-able) accounts to include alumni, prospective students, and visitors. As well, we gain the potential to include users from other institutions via federated authentication systems such as Shibboleth.

Here is a list of a few things that will become possible with completion of the IDM project:

  • Rather than accounts being immediately deleted upon graduation, they instead would loose the “student” role and gain the “alumnus” role. These users would continue to use their same log-in credentials access alumni-only and public resources (i.e. commenting on blogs, renewing library books), but would loose access to student-only resources (i.e. course websites, JStore and other subscription library materials).
  • We will be able to grant access (individually or in groups) to many of our online systems for guests, alumni, emeriti, visitors, vendors, perspectives, and others with loose affiliations with the college.
  • Inter-institutional projects will be able to make use of any of our online systems as collaboration platforms.
  • A fan of Middlebury Hockey could create a visitor account to use for purchasing panther gear from the college book store, then come back and log in with the same account to purchase tickets from the box office, make comments on the coach’s blog, and fill out a form to sign up their kids for participation in the Winter Carnival ice show. Their name, email, mailing address, and other properties would be available to all of the systems.

Please note that some of these examples will require additional changes and development projects beyond the IDM project itself. However, all require aspects of the IDM project to be possible.

Tags: , , , , , , , , , , ,
Comments Off

Website Improvements #3: Better Performance

February 12, 2010 by
Categories: Midd Blogosphere

During the week since the new website has launched you many have noticed slow page-load times, especially when logged in and saving edits. For the past week the Web Application Development team and our colleagues in Central Systems & Network Services have been working to improve the performance of the site and prevent low performance from overwhelming the servers and causing intermittent outages. We have made several fixes over the past few days that bring us out of the slow-site woods and into sunny pastures of snappy responses.

The first big change was documented by Ian in Website Improvement #1: Reducing home page load time by 80%.

The second big change this week was a fix to prevent Google and other search engines from crawling a particularly slow editing page. Repeated hits to this page were overwhelming one our web-servers and slowing down requests for everyone.

The big change today was to move the databases for other web applications off of the database-server used by Drupal. This change has drastically improved our query-cache hit-rate and been the main factor in speeding up saves and other editing operations.

Travis has reworked how the Athletics-roster images were fetched from their database, improving the image-load times from 11 seconds to 12 milliseconds. The Athletics page loads much faster now.

The last performance improvement this week came from a fix to the access denied page. This fix prevents browsers from periodically falling into a loop of redirects that never ended. Preventing a never-ending stream of redirects gives a better user experience when trying to access a restricted page, as well as leaves more server power available for handling pages that will load successfully.

At this point authenticated users should be experiencing page-load times between 300 milliseconds and 5 seconds for almost all view and edit operations (down from a range of 2-25 seconds). Unauthenticated users should be experiencing page-load times between 20 milliseconds and 3 seconds for all page views. We plan to improve performance even further in the coming weeks, but our hope is that page speed is no longer a major impediment to performing needed tasks.

Thank you to our whole community for your patience while we worked through these growing pains.

Tags: , , ,
Comments Off

Website Improvements #2: Custom Redirects

February 9, 2010 by
Categories: Midd Blogosphere

Our GO service has been and will continue to be our supported way for maintaining permalinks to resources. By publishing GO links to resources online and in print, you are able to move your resources to new homes (such as a different location in the new site, a blog, or a wiki) and update the go link with the self-service GO management screens.

During the web-makeover project planning it was decided that we need to move forward with a new site architecture (where everything lives) and drop support for the old URLs from previous versions of the site that are 3-15+ years old. Most of the time links can and should be updated at their original locations, but if that is impossible (such as in a print mailing), you can now ensure that the correct link shows up on the main site’s 404 page.

404-with_link_annotated

Steps to add a link for a 404 page on the main site:

  1. Create a nice GO shortcut to the new destination if one doesn’t exist.
    Go to the GOtrol Panel and create a new go shortcut to the new destination URL.
    If a go shortcut for this destination already exists, then you can skip this step.
  2. In the GOtrol Panel, click on the ‘Create’ tab and add an alias for your shortcut from step one. The important thing here is that the alias ‘name’ is the path portion of the URL that is hitting the 404 page after the initial ‘/’.

    For example, if this URL is getting a 404 page:
    http://www.middlebury.edu/area/department/someimportantpage/default.htm
    then the alias name should be:
    area/department/someimportantpage/default.htm

    go_admin-alias

  3. Go back to the 404 page and verify that it now includes the GO link to your resource.
    404-with_link

We still recommend that you update the pages that link to the site to use their new URLs or GO links, but if that is impossible, you now have a work-around to direct users to the appropriate place.

Tags: , , , , ,
Comments Off