Presentation is loading. Please wait.

Presentation is loading. Please wait.

CAMP Integration Reflect & Join A Case Study The University of Texas Health Science Center at Houston William A. Weems Assistant Vice President Academic.

Published byJemimah Crawford Modified over 8 years ago

Similar presentations

Presentation on theme: "CAMP Integration Reflect & Join A Case Study The University of Texas Health Science Center at Houston William A. Weems Assistant Vice President Academic."— Presentation transcript:

1 CAMP Integration Reflect & Join A Case Study The University of Texas Health Science Center at Houston William A. Weems Assistant Vice President Academic Technology

2 CAMP Integration Middleware Makes the Global Sharing of Resources Invisible to Users.

3 CAMP Integration 3 Increasingly, people must easily and securely exchange information in cyberspace among "known" individuals and to securely access restricted resources they “know” can be trusted without having to struggle with numerous and onerous security processes.

4 CAMP Integration 4 How do you prove you are who you say you are? How do you know that someone is legitimate in his or her dealings with you, and how do you get redress if things go wrong? If your identity is stolen and used fraudulently, or personal records are altered without your knowledge or permission, how do you prove that it was not you? It is difficult enough to verify someone's identity in the tangible world where forgery, impersonation and credit card fraud are everyday problems related to authentication. Such problems take on a new dimension with the movement from face-to-face interaction, to the faceless interaction of cyberspace. Identity and Authentication by Simon Rogerson

5 CAMP Integration 5 Ideally, individuals would each like a single digital credential that can be securely used to authenticate his or her identity anytime authentication of identity is required to secure any transaction.

6 CAMP Integration 6 UTHSC-H: An Identity Provider (IdP) It is critical to recognize that the university functions as an identity provider (IdP) in that UTHSC-H provides individuals with digital credentials that consist of an identifier and an authenticator. As an IdP, the university assumes specific responsibilities and liabilities.

7 CAMP Integration 7 Two Categories of Identity Physical Identity – Assigned Identifier - Authentication –Facial picture, –Fingerprints –DNA sample Identity Attributes – Authorization Attributes –Common name, –Address, –Institutional affiliations - e.g. faculty, student, staff, contractor, –Specific group memberships, –Roles, –Etc.

8 CAMP Integration 8 Issuing a Digital Credential Individual appears before an Identity Provider (IdP) which accepts the responsibility to –positively determine and catalog a person's uniquely identifying physical characteristics (e.g. picture, two fingerprints, DNA sample), –assign a unique, everlasting digital identifier to each person identified, –issue each identified person a digital credential that can only be used by that person to authenticate his or her identity, –maintain a defined affiliation with each individual whereby the validity of the digital credential is renewed at specified intervals.

9 CAMP Integration 9 Identity Provider (IdP) uth.tmc.edu Person IdP Obtains Physical Characteristics Identity Vetting & Credentialing Identifier Permanently Bound Assigns Everlasting Identifier Digital Credential Issues Digital Credential Person Only Activation Permanent Identity Database

10 CAMP Integration 10 The University of Texas System STRATEGIC LEADERSHIP COUNCIL Statement of Direction Identity Management April 27, 2004 The University of Texas System Information Technology Strategic Leadership Council agrees that deployment of a robust, secure, interoperable infrastructure for identity management in support of inter-institutional collaboration is a strategic goal. This infrastructure will be based upon the available standards and best practices:

11 CAMP Integration 11 The University of Texas System STRATEGIC LEADERSHIP COUNCIL Statement of Direction Identity Management April 27, 2004 LDAP (Lightweight Directory Access Protocol) compliant directory services, eduperson schema as promulgated by EDUCAUSE and Internet2, utperson schema (to be developed) inter-institutional access control utilizing Internet2 Shibboleth, and consistent institutional definitions and identity management trust policies for students, faculty, and staff as well as sponsored affiliates.

12 CAMP Integration 12 UTHSC-H Identity Management System HRMSSISGMEISGuest MSUTP INDIS OAC7OAC47 Secondary Directories Sync Person Registry Authoritative Enterprise Directories Authorization Service Authentication Service User Administration Tools Change Password Attribute Management Identity Reconciliation & Provisioning Processes

13 CAMP Integration 13 Person Registry Identity Reconciliation –Unique Identifiers Generated by Source of Record SSN – If Available (HRMS, GMEIS, UTP, Guest, SIS) Student ID, Employee Number - HRMS –Full Name First, Middle, Last –Birth Information Date of Birth, City of Birth, Country of Birth –Gender UUID – An everlasting unique identifier

14 CAMP Integration 14 Person Is New ? Is Single Match ? Is Possible Or Multiple Match ? Add Update Manual Processing No matches or possible matches Identifiers match one and only one person No possible matches Identifiers match more than one person And / or Name or Birth information match one or more persons yes no yes no

15 CAMP Integration 15 Database Schema Person Table UUID Date of Birth Place of Birth Country of Birth Identifier Table ID Name ID Value Name Table First Middle Last Gender Male / Female

16 CAMP Integration 16 UTHSC-H Identity Management System HRMSSISGMEISGuest MSUTP INDIS OAC7OAC47 Secondary Directories Sync Person Registry Authoritative Enterprise Directories Authorization Service Authentication Service User Administration Tools Change Password Attribute Management Identity Reconciliation & Provisioning Processes

17 Sponsor Submits Guest Request Applicant Appears Before LRAA LRAA Verifies Applicant’s Data LRAA Certifies Applicant’s Data Identity Reconciliation Assign UUID, Add to Person Registry Not in Person Registry Guest Added to Guest Database Applicant in Person Registry Applicant Currently Affiliated LRAA Credentials Guest LRAA Credentials Guest No Guest Request Voided Yes LRAA Resolves ID Uncertainty Possible Identity Match Guest Added to Guest Database

18 No Sponsor’s Request Forms Guest Management System LRAA’s Review/Update Forms Unverified Applicant’s Data Verified Applicant’s Data Review/Update Submission Submit to Reconciliation New Person? LRAA’s Approval Form Yes No Check Present Affiliations Current Affiliations Enterprise LDAP Directory Approval Processes Guest DB Create LDAP Entry Void Sponsor’s Request Yes Person Registry Identity Management System

19 CAMP Integration 19

20 CAMP Integration 20 Identity Provider (IdP) uth.tmc.edu PersonIdentifierDigital Credential Permanently Bound Assigns Everlasting Identifier Issues Digital Credential IdP Obtains Physical Characteristics Person Only Activation Identity Vetting & Credentialing UTHSC-H Two Factor Authentication Permanent Identity Database ? ?

21 CAMP Integration 21 Identity Provider (IdP) uth.tmc.edu PersonIdentifierDigital Credential Permanently Bound Assigns Everlasting Identifier Issues Digital Credential IdP Obtains Physical Characteristics Person Only Activation Using Network Username Password Identity Vetting & Credentialing UTHSC-H Username/Password Authentication Permanent Identity Database ??????? ?

22 CAMP Integration 22 UTHSC-H Strategic Authentication Goals Two authentication mechanisms. –Single university ID (UID) and password –Public Key Digital ID on Token (two-factor authentication) Digital Signatures Highly Secure Access Control Potential for inherent global trust

Download ppt "CAMP Integration Reflect & Join A Case Study The University of Texas Health Science Center at Houston William A. Weems Assistant Vice President Academic."

Similar presentations

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
Implementing Federated Identity Management across a Multi-campus Statewide System: The Texas Experience William A. Weems Assistant Vice President Academic.

Implementing Federated Identity Management across a Multi-campus Statewide System: The Texas Experience William A. Weems Assistant Vice President Academic.
HRMS 8.9 Upgrade Person Model. Introduction One of the significant changes to HRMS with the upgrade to 8.9 is the new Person Model. This course provides.

HRMS 8.9 Upgrade Person Model. Introduction One of the significant changes to HRMS with the upgrade to 8.9 is the new Person Model. This course provides.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.

Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.

Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Provisioning of Services Authentication Requirements David Henry Office of Information Technology University of Maryland

Provisioning of Services Authentication Requirements David Henry Office of Information Technology University of Maryland
Technical Primer: Identifiers Internet2 Base CAMP Boulder, Colorado June, 2002.

Technical Primer: Identifiers Internet2 Base CAMP Boulder, Colorado June, 2002.
Starting Your Roadmap: Concepts and Terms Paul Caskey, The University of Texas System Copyright Paul Caskey 2007. This work is the intellectual property.

Starting Your Roadmap: Concepts and Terms Paul Caskey, The University of Texas System Copyright Paul Caskey This work is the intellectual property.
CAMP Med Identity and Access Management for HIPAA: Technology Model William A. Weems Assistant Vice President Academic Technology The University of Texas.

CAMP Med Identity and Access Management for HIPAA: Technology Model William A. Weems Assistant Vice President Academic Technology The University of Texas.
1 Authentication Trustworthiness The Next Stage in Identity-Based Access and Security Tom Board, NUIT.

1 Authentication Trustworthiness The Next Stage in Identity-Based Access and Security Tom Board, NUIT.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Why Users Like PKI & Directory Services William A. Weems University of Texas Health Science Center at Houston.

Why Users Like PKI & Directory Services William A. Weems University of Texas Health Science Center at Houston.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
1 Identity Management and Access Control Status UNITS Forum, June 2006 Tom Board, NUIT Info Systems Architecture.

1 Identity Management and Access Control Status UNITS Forum, June 2006 Tom Board, NUIT Info Systems Architecture.

Similar presentations

Ads by Google