Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2011 The University of Chicago Organizational Grouping, or Some New Authority & Risk Issues In Absentia: RL "Bob" Morgan, Kevin Morooney, Michael Gettes.

Published byLucas Hall Modified over 7 years ago

Similar presentations

Presentation on theme: "© 2011 The University of Chicago Organizational Grouping, or Some New Authority & Risk Issues In Absentia: RL "Bob" Morgan, Kevin Morooney, Michael Gettes."— Presentation transcript:

1 © 2011 The University of Chicago Organizational Grouping, or Some New Authority & Risk Issues In Absentia: RL "Bob" Morgan, Kevin Morooney, Michael Gettes In Conscripta: Tom Barton, U Chicago

2  Integrating institutional groups into a group management system increases capability but also both enhances and challenges authority and risk management  Financial & course groups  Enabling users to access federated services they value by releasing a few attributes about them.  Eg, NIH apps Ken showed us yesterday  Grids, VOs, services discounted for students CSG June 20112 Discussion Areas

3 CSG June 20113

4 4

5 5

6 Discussion questions – institutional groups 1.Do you lift institutional groups out of their native context and use them for new things? 2.Have you assessed whether these new uses pose new risks? 3.Who’s responsible for determining appropriate use and appropriate controls? How widely accessible are these groups? 4.Do you (intend to?) enable delegated use of institutional groups? CSG June 20116

7 How many HE Participants enable users to decide to access how many Sponsored Partners? CSG June 20117

8 The Problem  Federations like InCommon enable inter-organizational transactions to happen at scale (do the math!)  But most campuses send specified attributes about their users only to Service Providers with whom they have made a specific arrangement  What happens when a user wants to go somewhere else, if that place needs an attribute about them? Doesn’t work.  What should they, or Service Provider people, do to resolve the matter? They don’t know. CSG June 20118

9 Two approaches to cut this problem down  user consent (not discussed today)  pre-approved attribute release policies  What kinds of attributes seem to be needed?  name  email  affiliation (faculty, staff, student, …)  persistent and lucent identifier, eg, tbarton@uchicago.edu rather than 09ju4fncon43jc3fdfe3 CSG June 20119

10 Which of these policies work for you? Automatically release that “attribute bundle” for … CSG June 201110 OptionWhich Service ProvidersWhich Campus People 1All members of InCommonFaculty & staff 2All non-commercial members of InCommon Faculty & staff 3All members of InCommonFaculty, staff, students that haven’t exercised Buckley under FERPA 4All non-commercial members of InCommon Faculty, staff, students that haven’t exercised Buckley under FERPA 5discuss

Download ppt "© 2011 The University of Chicago Organizational Grouping, or Some New Authority & Risk Issues In Absentia: RL "Bob" Morgan, Kevin Morooney, Michael Gettes."

Similar presentations

GridShib Tom Barton, U Chicago. 2 Grid Computing Distributed computing and/or data resources Heterogeneous computing & storage environments Interfaces.

GridShib Tom Barton, U Chicago. 2 Grid Computing Distributed computing and/or data resources Heterogeneous computing & storage environments Interfaces.
1 Student Engagement in Times of Crisis. Session Aims By the end of the session you will be able to: analyse what kind of relationship you have with your.

1 Student Engagement in Times of Crisis. Session Aims By the end of the session you will be able to: analyse what kind of relationship you have with your.
IAM Online Friday, February 12, 2010 “Introduction to Federated Identity Management” John O’Keefe, Lafayette College Questions either via Adobe Connect.

IAM Online Friday, February 12, 2010 “Introduction to Federated Identity Management” John O’Keefe, Lafayette College Questions either via Adobe Connect.
Federated Identity, Shibboleth, and InCommon Tom Barton University of Chicago © 2009 The University of Chicago.

Federated Identity, Shibboleth, and InCommon Tom Barton University of Chicago © 2009 The University of Chicago.
A Different View of IdM Biz Process? Michael R Gettes Duke University Denver, June 2005.

A Different View of IdM Biz Process? Michael R Gettes Duke University Denver, June 2005.
Starting Your Roadmap: Concepts and Terms Paul Caskey, The University of Texas System Copyright Paul Caskey 2007. This work is the intellectual property.

Starting Your Roadmap: Concepts and Terms Paul Caskey, The University of Texas System Copyright Paul Caskey This work is the intellectual property.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
NSF Middleware Initiative: GridShib Tom Barton University of Chicago.

NSF Middleware Initiative: GridShib Tom Barton University of Chicago.
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.

June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.

Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
Peer Information Security Policies: A Sampling Summer 2015.

Peer Information Security Policies: A Sampling Summer 2015.
A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.

A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,
GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005 Von Welch

GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005 Von Welch
1 Kuali Identity Management Advanced CAMP: Identity Services Summit for Higher Ed Open / Community-Source Projects.

1 Kuali Identity Management Advanced CAMP: Identity Services Summit for Higher Ed Open / Community-Source Projects.
Identity Management 2.0 George O. Strawn NSF CIO.

Identity Management 2.0 George O. Strawn NSF CIO.
Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.

Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.
Interfederation RL “Bob” Morgan University of Washington and Internet2 Digital ID World 2005 San Francisco.

Interfederation RL “Bob” Morgan University of Washington and Internet2 Digital ID World 2005 San Francisco.

Similar presentations

Ads by Google