Presentation is loading. Please wait.

Presentation is loading. Please wait.

Peter Deutsch Director, I&IT Systems July 12, 2005

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Peter Deutsch Director, I&IT Systems July 12, 2005"— Presentation transcript:

1 Peter Deutsch Director, I&IT Systems July 12, 2005
An IdM Architecture you can Build At Home! - Cal Poly Pomona’s Scalable IdM Infrastructure Peter Deutsch Director, I&IT Systems July 12, 2005

2 Goals for ID Management @ Cal Poly Pomona
Protect and secure access to information Reduce provisioning and maintenance costs Meet legal and audit requirements Improve user experience and services Integrate with CSU and national projects

3 Key Components… We have implemented a Campus-wide Identity Management System that provides: Automated Multi-Role Account and Capabilities Provisioning System Distributed User Authentication and Authorization Directory and Registry Services Close integration with Peoplesoft, Blackboard and other key campus services

4 Directory and Registry Services
Heart of the system is the Identity Registry, a database that serves as the central identity management repository for people affiliated with CPP It enables authentication and authorization of individuals and serves as the authoritative repository for a number of attributes associated with each identity and associated roles

5 Implementing ID Management
System Architecture Business Processes What Works So Far What Pieces Are Next? Lessons Learned So Far

6 System Architecture . . . Capabilities System Systems of Record
Systems of Record Management System Capability Feed Management System Peoplesoft LDAP White Pages Active Directory Identity Registry Photo IDs Blackboard . . . Affiliate #1 Account Mgmt System . . . Photo IDs Affiliate #n Namespace #1 Namespace #2 Namespace #n Namespace Management System Business Rules/Processes Software Modules Federated Namespace System

7 Business Processes Not easily shown is the full effect of business rules & processes: Each System of Record had its own access issues (getting raw data is hard) Each Capability feed requires its own set of business rules Not shown is the implicit system governing data access: Requires AVP or higher level authorization to initiate new capabilities Requires approval of originating data stewards This is intended to be a non-trivial process

8 What Works So Far Identity Registry & Automated Account Management System up Peoplesoft is System of Record for Employee & Student Roles LDAP alive and authoritative for multiple other systems Exchange feed with auto-population of groups Blackboard course feeds are up ID Card feeds work (in both directions)

9 What Pieces Are Next? We’re still working at getting Affiliate Roles into Peoplesoft We’re still working on improved password management (complexity, aging, etc) We’re about to go live with the Student Applicant Role We’re still looking at distributing Systems of Record, White Pages management

10 Lessons Learned So Far Technology is not the hard part But…
Getting people to think globally is hard Getting people to “surrender control” is hard Hidden business processes are hard Generating technical requirements is hard Writing things down is hard…

11 Integrate with CSU & National Initiatives
Secure Identity Management Infrastructure (CSU) Shibboleth (Internet 2) ( InCommon (built on Shibboleth) (

12 Questions?

Download ppt "Peter Deutsch Director, I&IT Systems July 12, 2005"

Similar presentations

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
Team: SuperBad Cats MSIT 458 – Dr. Chen Authentication through Password Protection.

Team: SuperBad Cats MSIT 458 – Dr. Chen Authentication through Password Protection.
Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager,

Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager,
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.

Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.

NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.
Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.

Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.
Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.
SIMI: Secure Identity Management Infrastructure for the CSU A. Michael Berman, Cal Poly Pomona.

SIMI: Secure Identity Management Infrastructure for the CSU A. Michael Berman, Cal Poly Pomona.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity1 Provisioning Services Collaborative CSU, East Bay and CSU, San Bernardino.

July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity1 Provisioning Services Collaborative CSU, East Bay and CSU, San Bernardino.
Enterprise Directory Services A Common Registry (Identity Management) & Common Source of Authoritative Attributes Presentation to the Office of the President.

Enterprise Directory Services A Common Registry (Identity Management) & Common Source of Authoritative Attributes Presentation to the Office of the President.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
SIMI: ISO Perspective Al ISO CSU Northridge

SIMI: ISO Perspective Al ISO CSU Northridge
Identity Management, what does it solve By Gautham Mudra.

Identity Management, what does it solve By Gautham Mudra.
Directory Services Project University of Colorado at Boulder.

Directory Services Project University of Colorado at Boulder.
Identity Management: The Legacy and Real Solutions Project Overview.

Identity Management: The Legacy and Real Solutions Project Overview.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,

Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Similar presentations

Ads by Google