Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sun Proprietary/Confidential: Internal Use Only Stuart Sim Chief Architect Global Education & Research Identity Management.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Sun Proprietary/Confidential: Internal Use Only Stuart Sim Chief Architect Global Education & Research Identity Management."— Presentation transcript:

1 Sun Proprietary/Confidential: Internal Use Only Stuart Sim Chief Architect Global Education & Research http://blogs.sun.com/stuart Identity Management

2 Sun Proprietary/Confidential: Internal Use Only What Is Identity Management? "Identity management is the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of digital identities." –The Burton Group

3 Sun Proprietary/Confidential: Internal Use Only Follow a standard workflow for tasks such as adding a new faculty member or deleting student access to course materials after a term has completed Essential Functions of Identity Management ● Provision access _ Establish, change, and remove user accounts and privileges ● Authenticate _ Confirm that users are who they claim to be ● Authorize _ Allow access to services based on business rules for group affiliations and roles ● Protect Privacy and Comply with Regulations I'm John Doe and here's my ID and password to prove it Hide personal data and track usage patterns for audit trail without tracking private usage information such as who checked out specific books from the library All members of the group “Prof_Smith_Physics_301” have access to Professor Smith's Physics 301 online lecture notes

4 Sun Proprietary/Confidential: Internal Use Only Identity Addresses Top Priorities in Education Top ten business trends in 2004 according to a Chronicle of Higher Education/Gartner survey of selected Chronicle subscribers, December 2003 Security breaches/business disruptions Operating costs/budgets Data protection and privacy Identity Management Can Improve Security, Reduce Costs, and Protect Privacy, the Top Three Business Priorities in Education

5 Sun Proprietary/Confidential: Internal Use Only Why Identity Is So Important in Education ● More stringent regulations ● Complex identity requirements & rapidly changing user roles ● Enormous scale ● 85% have experienced security breaches in the last 12 months ● Managing access to licensed digital content ● Federation to support collaborative research

6 Sun Proprietary/Confidential: Internal Use Only Higher Education Faces More Regulations 1 ● External regulations requiring greater protection of personal information – e.g. Gramm-Leach-Blilely Act, Student and Exchange Visitor Information System, HIPAA, and FERPA ● New legislation regarding copyright protection ● Threats of lawsuits over intellectual property abuse or identity theft 1 Zastrocky, Yanosky, and Harris, “Higher Education Faces More Regulations,” Gartner, Research Note, December 23, 2003.

7 Sun Proprietary/Confidential: Internal Use Only Identity Requirements in Education are Complex ● Many roles with different access requirements ● Users often have multiple roles ● Frequently changing roles ● Multi-campus environment ● Legacy of multiple fragmented identity databases

8 Sun Proprietary/Confidential: Internal Use Only Rapidly Changing User Identities ● Faculty member leaves ● Student graduates or drops out ● Research contracts expire ● Non-digital resources retrieved and/or canceled ● User info entered via student admissions, faculty hiring, etc. ● Accounts provisioned to enterprise systems, applications, directories ● Non-digital resources assigned and/or initiated ● Faculty job/role/status changes ● Student classes change at end of term ● Password changes and resets ● Profile or contact information changes ● Additional requests for account access or non-digital resources

9 Sun Proprietary/Confidential: Internal Use Only Security Incidents on the Rise ● Unauthorized access to sensitive institutional data ● Threats or abusive behavior ● Altered/vandalized Web site ● Research database hacked More Than 85% Have Experienced IT Security “Incidents” in the Past 12 Months* * Based on a Chronicle of Higher Education/Gartner survey of selected Chronicle subscribers, December 2003

10 Sun Proprietary/Confidential: Internal Use Only Implementing Identity Management

11 Sun Proprietary/Confidential: Internal Use Only Every Application for Itself ● Authentication and logging functionality only ● Every application for itself in performing these functions ● Multiple user names and passwords must be remembered by users Many Institutions Still Function Without a Centralized Directory Service, Despite the Inefficiencies Authentication

12 Sun Proprietary/Confidential: Internal Use Only Central Authentication Services ● Applications have access to a single trusted authoritative source ● Simplifies User Management through a single source of user credentials ● Open Standards and APIs promotes adoption across the enterprise Enables Central Identity Management for Participating Applications Central Authentication Service

13 Sun Proprietary/Confidential: Internal Use Only Single Sign On Services ● Applications have access to services without re-authentication once initial session is granted ● Support for multiple implementations – Web Initial Sign- On (Web ISO) – Pubcookie – CAS ● The beginnings of Federated Identity to simplify collaboration – SAML –Liberty –Shibboleth Enables Web and non-Web Sign-On for Participating Applications SSO Authentication Service

14 Sun Proprietary/Confidential: Internal Use Only Complete Identity Management ● Workflow task automation ● Roles and rules-based authorization ● System-wide auditing and reporting ● Password self-administration ● Federation of identity information Research ERP Digital Library SIS e-Learning Administration Services Transaction Services Data Repositories

15 Sun Proprietary/Confidential: Internal Use Only Components of Complete Identity Management

16 Sun Proprietary/Confidential: Internal Use Only Benefits of Full Identity Management Layer ● Enhanced Security and Privacy ● Improved user experience ● Lower systems integration costs ● Improved services scalability ● ‘Real world’ SOA

17 Sun Proprietary/Confidential: Internal Use Only ● Complete, integrated, centralized solution – Centralized authentication, authorization and auditing – Integrated components ● Modular and scalable – Start small with specific components and extend to a full solution ● Integrate-able – Open standards-based interfaces allow investment protection Summary of Identity Solution Requirements Integrateable Complete, Integrated, & Centralized Modular & Scalable

18 Sun Proprietary/Confidential: Internal Use Only Sun’s Identity Management Product Family ● Comprehensive software solution that include: > Directory Services > Access Control, Single Sign-on, Federation > Provisioning and Meta-Directory Services Open and integrate-able to reduce integration cost and complexity Sun Java  System Directory Server Enterprise Edition Sun Java  System Identity Manager Sun Java  System Access Manager

19 Sun Proprietary/Confidential: Internal Use Only Sun Java  System Directory Server ● Most widely deployed LDAP-based directory server – over 1.5 billion licenses sold ● Built-in security – prevents DoS attacks, controls access, intercepts unauthorized operations ● Password synchronization with Active Directory Secure, highly available, and scalable directory services Sun Java  System Directory Server Enterprise Edition Sun Java  System Identity Manager Sun Java  System Access Manager

20 Sun Proprietary/Confidential: Internal Use Only Sun Java  System Access Manager ● Provide consistent, strong security for all campus IT services ● Reduce complexity and operational costs ● Improve regulatory compliance Alumni Web Services Directories Databases Business Applications Faculty Students Federation Access Manager Single Sign-on Web Access Control ● Role and rule-based access control ● Centralized authentication services ● Real-time audits Custom Systems

21 Sun Proprietary/Confidential: Internal Use Only Sun Java System Identity Manager Databases Directories Mainframes Databases Business Applications Operating Systems Business Applications App Server Admin Delegated Admin End User Self-Service Provisioning Identity Synchronization Password Management Identity Manager ● Automated user provisioning ● Secure, automated password management ● User self-service and delegated administration ● Automated data synchronization ● Comprehensive auditing and reporting Manage Identity Profiles and Permissions Throughout the Identity Lifecycle

22 Sun Proprietary/Confidential: Internal Use Only Provisioning Today: Fragmented, Manual, and Insecure Human Resources System Library Management System Facilities/ Purchasing Help Desk Faculty Other AssetsStudent Information System PeopleSoft Financials Exchange and Active Directory Chargeable Assets Mobile phone/service Conference call account Credit card Office space Phone Laptop Students Researchers Alumni ● Where are my risks? ● Who has access? ● What recurring charges am I still paying for? ● How much does all of this cost?

23 Sun Proprietary/Confidential: Internal Use Only Provisioning with Sun: Streamlined, Automated and Secure Approving Manager ● Reduced risk ● Complete view of user’s identity ● Efficient, automated operations Former Students Faculty Students Researchers Alumni Other AssetsStudent Information System PeopleSoft Financials Exchange and Active Directory Chargeable Assets Mobile phone/service Conference call account Credit card Office space Phone Laptop

24 Sun Proprietary/Confidential: Internal Use Only How Sun's Product Offering Stacks Up

25 Sun Proprietary/Confidential: Internal Use Only Identity Management Is More than Enterprise Directory Enterprise directory can provide: > Enterprise security — Single common repository for all authentication and access control rules > Efficiency in application development — Leverage the enterprise directory to simplify development > Simplified collaboration — Federated identity sharing Identity management adds: > Enhanced user experience — Single sign-on and faster access to applications > Reduced help desk cost — Online password reset > Workflow efficiency — Automated tasks such as adding access to course materials when users register for specific classes > Support for regulatory requirements — More complete tracking and audit trail features

26 Sun Proprietary/Confidential: Internal Use Only Identity Management Implementation ● Adopt Best Practices – Identify and Recruit Systems Stakeholders – Model the Data – Consider Design Patterns – Stage the Implementation

27 Sun Proprietary/Confidential: Internal Use Only Identity Management at Salford ● Identity solution requirements: – Assign a single ID to each person – Eliminate multiple directories (and maintenance) – Automatically provision & allow use of appropriate services – Adjust or remove access as roles change – Provide mappings between systems ● The solution: – Directory Server – Identity Manager Provisioning Module – Identity Manager Meta Directory Module – Identity Manager Password Management Module – Resource adapters for Active Directory, MS Outlook, Blackboard, SAP – Shibboleth connector for Athens

28 Identity Management Stuart Sim Chief Architect Global Education & Research http://blogs.sun.com/stuart

29 Sun Proprietary/Confidential: Internal Use Only Backup Slides

30 Sun Proprietary/Confidential: Internal Use Only Why Sun For Identity Management ● Complete solution ● Integrated yet modular ● Best-in-class provisioning & workflow ● Connectors for third party applications in Edu ● Experience in Federated Identity

31 Sun Proprietary/Confidential: Internal Use Only Identity Management at UC Merced ● Identity solution requirements: – Assign a single UCMNetID to each person – Eliminate multiple directories (and maintenance) – Automatically provision & allow use of appropriate services – Adjust or remove access as roles change – Provide mappings between systems ● The solution: – Directory Server – Identity Manager Provisioning Module – Identity Manager Meta Directory Module – Identity Manager Password Management Module – Resource adapters for LDAP, Oracle and Active Directory

32 Sun Proprietary/Confidential: Internal Use Only Identity Manager Partial Customer List 15 New references in Q2! Universidad de Oviedo, Spain Universidad Rovira i Virgili, Spain University of Salford, UK Université Catholique de Louvain, Belgium Schulen ans Netz, Germany Western Michigan University, USA University of California Santa Cruz, USA University of Victoria, Canada Notre Dame University. Australia

33 Sun Proprietary/Confidential: Internal Use Only Agenda ● What is Identity Management? ● Why Identity Is Important in Education ● Stages of Implementing Identity Management ● Identity Solution Requirements in Education ● Sun’s Comprehensive Identity Management Offering ● Why Sun? ● Customer Examples

34 Sun Proprietary/Confidential: Internal Use Only Federation Requirements ● Federation is necessitated by collaborative research and other inter- institution collaboration ● There are 2 implementation approaches: – The Liberty Alliance Project – An alliance of more than 150 companies, non-profit and government organizations developing an open standard for federated network identity (http:/www.projectliberty.org/)/www.projectliberty.org/ – Shibboleth – An open source implementation of federated identity information that has gained a lot of momentum in education ● Shibboleth and Liberty are working on interoperability through SAML 2.0, expected in 12-15 months Federation Enables Sharing Identity Information Outside the Firewall While Protecting Privacy

35 Sun Proprietary/Confidential: Internal Use Only Federation in Java System Access Manager ● Supports Federation using Liberty specification ● Interoperability with Shibboleth through SAML 2.0 (expected in 12-15 months) Standards-based Approach Allows Integration With Shibboleth Java System Access Manager Shibboleth Server Applications SAML 2.0 Firewall

36 Sun Proprietary/Confidential: Internal Use Only Integrate-able Identity Management ● Provides broad cross-platform compatibility – Protects customers’ existing investments – Provides increased flexibility ● Supports standards at EVERY touch point

37 Sun Proprietary/Confidential: Internal Use Only Integrated, End-to-End Identity Management Identity Manager Access Manager Directory Server EE User Provisioning Password Management Synchronization Services Web-Based Administration Audit & Reporting Web Single-Sign-On Access Control Federation Directory Services Security/Failover AD Synchronization

38 Sun Proprietary/Confidential: Internal Use Only Solaris TM Operating System for x86 Platforms: Come Join Us! Building on a leading platform Offering customers true choice and true value Investing in partnerships LET'S GROW TOGETHER

Download ppt "Sun Proprietary/Confidential: Internal Use Only Stuart Sim Chief Architect Global Education & Research Identity Management."

Similar presentations

Unified Communications Bill Palmer ADNET Technologies, Inc.

Unified Communications Bill Palmer ADNET Technologies, Inc.
Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.

How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Autenticazione e Gestione delle Identità Giacomo Aimasso – CISM – CISA.

Autenticazione e Gestione delle Identità Giacomo Aimasso – CISM – CISA.
© 2013 IBM Corporation IBM Security Systems 1 © 2013 IBM Corporation Identity Management And Session Recording A Partnership with IBM and ObserveIT.

© 2013 IBM Corporation IBM Security Systems 1 © 2013 IBM Corporation Identity Management And Session Recording A Partnership with IBM and ObserveIT.
Securing the Digital Campus With Identity Management Philippe Trautmann Stuart Sim.

Securing the Digital Campus With Identity Management Philippe Trautmann Stuart Sim.
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.

Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.
Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.

Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.
Understanding Active Directory

Understanding Active Directory
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Identity and Access Management

Identity and Access Management
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
Identity and Access Management — at the Core of Business Andrew A. Afifi, M.Sc. Network Security, CISSP Technology Strategist.

Identity and Access Management — at the Core of Business Andrew A. Afifi, M.Sc. Network Security, CISSP Technology Strategist.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

Similar presentations

Ads by Google