Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented by: Mark Hendricks

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Presented by: Mark Hendricks"— Presentation transcript:

1

2 Presented by: Mark Hendricks mark.hendricks@humboldt.edu

3 H U M B O L D T Background Mix of centralized and de- centralized IT support 10,000 active Student/Staff/Faculty 25,000 user entries in LDAP Small technical implementation team Committed to open source solutions when available

4 IMI Authentication Technical Team Bill Cannon – Director: Information Technology/ISO Nick DeRuyter – Manager: University Computing Services System Administrators Mark Hendricks Josh Callahan DBA Peter Johnson Analyst Programmers Michael Bradley Jason Hardin Help Desk Melinda Christensen Contact: Mark Hendricks – mark.hendricks@humboldt.edu

5 IMI Authentication Priorities Security!! Uniform password strength and policy enforcement Reduce password/secret exposure and vulnerability Improve logging User Experience Reduce logins/single sign-on Unify account information (NetID/Password) Single location for password management Administration Enforcement of policies for access to campus resources & confidential data Audit compliance Improve user administration efficiency (IT Systems & Services)

6 Design Goals Open source Create authN / AuthZ capable of supporting all applications Minimize complexity Minimize auth sources Want IMI infrastructure that will support centralized and decentralized management

7 Initial IMI Auth Infrastructure

8 Password Management/Synchronization

9 Active Directory Why AD? Windows desktop majority Distributed Windows desktop management using centralized authentication and dynamic groups Supports AuthN/AuthZ for most major operating systems “out of the box”

10 Desktop AuthN AuthZ Support

11 Active Directory Windows desktop majority Distributed Windows desktop management using centralized authentication and dynamic groups Supports AuthN/AuthZ for most major operating systems “out of the box” –Windows XP/2000 –Mac OS X –Unix (Tru64) –Linux –Samba Minimal schema extensions required Based on LDAP and Kerberos Kerberos prepares for Single Sign-On

12 Kerberos MIT vs. Microsoft Benefits –Single Sign-on - Ticket Passing –Non proprietary –Unified and secure password repository –Passwords outside Windows AD –Reduces password/secret exposure –Unified logging –Easy set up/Robust Problems –Difficult to obtain functional documentation/support –Learning curve for users & technical team –Not supported by all applications –Problems with OS integration

13 Where Are We Now? Progress Password Interface Password Synchronization Group Interface LDAP/AD/Kerberos Desktop Auth Email route/alias Library authN, authZ Wireless Auth Misc. Apache Auth Future Portal Guest Accounts Meta-Directory LDAP Standard Library Student (Central) Shares Kiosk Open Directory (Apple) Email

14 CSU Support/Collaboration CSU / eduPerson / group schema - courses Functional working groups / conference - Vendors CSU web page/list for directory/authentication collaboration CSU Grants for code and documentation development CSU Certificate Authority or contract with public CA

Download ppt "Presented by: Mark Hendricks"

Similar presentations

© 2006 IBM Corporation Tivoli Identity Manager Express Tivoli Access Manager for Enterprise Single Sign-On (Product Demonstrations) Tivoli Live! – 15 June.

© 2006 IBM Corporation Tivoli Identity Manager Express Tivoli Access Manager for Enterprise Single Sign-On (Product Demonstrations) Tivoli Live! – 15 June.
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Administrative Data and Curricular Support: The Sum is Greater Than the Parts NERCOMP 2004 Copyright Bret Ingerman, Daniel Green, and Beth DuPont, 2004.

Administrative Data and Curricular Support: The Sum is Greater Than the Parts NERCOMP 2004 Copyright Bret Ingerman, Daniel Green, and Beth DuPont, 2004.
The University of Illinois at Urbana-Champaign. The Team Ed Krol – Asst Dir. Computing & Communications Bill Mischo – Engineering Librarian Mike Grady.

The University of Illinois at Urbana-Champaign. The Team Ed Krol – Asst Dir. Computing & Communications Bill Mischo – Engineering Librarian Mike Grady.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Webdisk Storage Anywhere, Anytime for Everyone Presented at Educause, 2003 Copyright 2003, Jeremy Mortis and Harold Esche. This work is the intellectual.

Webdisk Storage Anywhere, Anytime for Everyone Presented at Educause, 2003 Copyright 2003, Jeremy Mortis and Harold Esche. This work is the intellectual.
Oracle Beehive Vivek Pavle Orabyte LLC www.orabyte.com Orabyte.

Oracle Beehive Vivek Pavle Orabyte LLC Orabyte.
Understanding Active Directory

Understanding Active Directory
July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity1 Provisioning Services Collaborative CSU, East Bay and CSU, San Bernardino.

July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity1 Provisioning Services Collaborative CSU, East Bay and CSU, San Bernardino.
CNIL Report April 4 th, 2005. CNIL Report (Apr 4 th, 2005) Two Major Goals: –Improvement of Instructional Services –Strengthening research IT infrastructure.

CNIL Report April 4 th, CNIL Report (Apr 4 th, 2005) Two Major Goals: –Improvement of Instructional Services –Strengthening research IT infrastructure.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
The Homegrown Single Sign On (SSO) Project at UM – St. Louis.

The Homegrown Single Sign On (SSO) Project at UM – St. Louis.
Streamlining Support and Management through the Implementation of Active Directory Educause 2003 Mid-Atlantic Regional Gale D. Fritsche –

Streamlining Support and Management through the Implementation of Active Directory Educause 2003 Mid-Atlantic Regional Gale D. Fritsche –
Account Management, The Next Generation Unified Directories at the Rochester Institute of Technology Dan Tobin Matt Campbell.

Account Management, The Next Generation Unified Directories at the Rochester Institute of Technology Dan Tobin Matt Campbell.
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
Windows 2000 and Active Directory Services at UQ Scott Sinclair Senior Systems Programmer Software Infrastructure Group

Windows 2000 and Active Directory Services at UQ Scott Sinclair Senior Systems Programmer Software Infrastructure Group
Single Sign-on Integration (SSI) MSIT 458 – Information Security Project Part 2 Prepared for Professor Yan Chen Prepared by Team Triad Radu Bulgaru Moniza.

Single Sign-on Integration (SSI) MSIT 458 – Information Security Project Part 2 Prepared for Professor Yan Chen Prepared by Team Triad Radu Bulgaru Moniza.

Similar presentations

Ads by Google