1. © 2011 The University of Chicago InCommon Silver Implementation at UChicago Tom Barton 1

2. Which people will need Silver? Time frame sooner later User group size smaller larger NI H TeraGri d Open Science Grid CILogon NSCNat’l Labs CIC shared storage CIC CourseShare Payroll caBIG Benefits Student Loans Financial aid TIAA- CREF research.go v

3.  Support research & scientific collaborations  Ability to deliver SaaS solutions with higher LoA  Enhance local confidence in our ability to manage access  Eg, allay Registrar’s concerns with students using UChicago netIds for transcript delivery  All faculty, staff, and students needing Silver should be able to get it, easily  But most won’t need it right away, so don’t make them do anything special until they do 3 UChicago Silver Objectives

4.  Central IdM one of several activities supported by a staff pool – inability to sustain focus on IdM  Inadequate operating practices and doc  Unknown if HR on-boarding process good enough to leverage as-is  Student admissions process most likely not  ID Card office co-operative with ITS & Library  UC Medical Center IdM  user account management integrated with central IdM  but separate password store 4 Circumstances – Initial State

5.  Re-org IdM  Use existing username/password credentials  Stored in LDAP and in Active Directory  Leverage ID card issuing process to meet Silver identity vetting & credential issuance requirements  Strengthen management of ID Card office  Assimilate ID Card back-end operations into central IdM 5 Implementation Approach

6.  Move IdM servers to central sysadmin group Document operating practices of both groups  Provide IT Security an opportunity to define good operating practices  Plan IdM audit with Risk Management  Extend IdMS to track who has met which Silver pre-requisites (ID vetting, good password, no security hold) 6 Implementation Approach

7. Managing password exposure browserIdP/logi n authN service 1 app authN service 2 app IdM S password sync VaTech-style policy to apply to all apps

8.  Medical Center  Unlikely to be needed soon (Drs are BSD faculty and have centrally-issued credentials)  identity vetting options independent ID Card office eventually to be assimilated leverage HR on-boarding process  ID vetting for remote people needing Silver  Predicated on anticipated specifications in InCommon Silver IAP v1.1 8 Unknowns

9. Are you organized to enable a Silver implementation (if you wanted to do it)? And are the necessary stakeholder relationships in good shape? 9

10. What would motivate you to start a Silver implementation? What obstacles hinder that? 10

11. Do you already have the right set of tools, operating practices, and technologies to fold into a Silver implementation? 11

12. The CIC has found it extremely helpful to go together, as a cohort. Do you have any friends to share the experience with? Do you want some? 12