Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing Information UT November 13-14, 2008 Campus Identity and Access Management Services.

Published byFelicity Lamb Modified over 8 years ago

Similar presentations

Presentation on theme: "Managing Information UT November 13-14, 2008 Campus Identity and Access Management Services."— Presentation transcript:

1 Managing Information Technology @ UT November 13-14, 2008 Campus Identity and Access Management Services

2 Managing Information Technology @ UT Objectives Learn how the university assigns and manages electronic identities Learn how this information is used for authentication and authorization

3 Managing Information Technology @ UT IAM Overview Terms & Concepts IAM Goals & Principles IAM Services Overview Identity Management Directory Services Authentication Services Authorization Services

4 Managing Information Technology @ UT IAM Terms Set of attributes and credentials associated with an entity Identity Stores, organizes, and provides information about identities to consuming systems Directory Services Verifying the identity of a user (most commonly with a username and password) and providing assurances of their identity to a service. Authentication Verifying whether an identity is permitted to take an action Authorization

5 Managing Information Technology @ UT Attributes & Credentials Attributes Identity and affiliation characteristics of an entity which are of interest to the university Credentials Used to establish a person’s identity and help the university maintain a high degree of confidence in it Helps to define the levels of service, access, or privileges available to a particular identity Physical Credentials – UT ID Cards Electronic Credentials - UT EIDs

6 Managing Information Technology @ UT IAM Goals & Principles Entities have a single identity Identity is a ubiquitous public user name Identities have lifelong community membership Consistent sign-on (authentication) Self-service Distributed management

7 Managing Information Technology @ UT Identity Management Services Enterprise Directory Identity Management System Other Directory Services Authentication Services Authorization Services Source Systems

8 Managing Information Technology @ UT UT EID An electronic identifier that contains two key attributes – UT EID and UIN Several EID types: Person, Business, Department, Service, Group, Resource, ID-Only Person UT EID is an individual’s public username and their electronic credential that allows them to use online secure services

9 Managing Information Technology @ UT Person EID Affiliations & Classes Guest Class EID w/out Affiliation Prospective Student Prospective Faculty Job Applicant Affiliate Class Library Patron Donor/Friend of the University/VIP University Extension Participant Retiree Graduate Future Student Future Staff Former Staff Future Faculty Former Faculty Future Employee Former Employee Member Class Current Student Current Faculty Current Staff Official Visitor Current Employee

10 Managing Information Technology @ UT Additional Person EID Concepts Specific endorsements, credentials, or permissions E.g. IDP, SIG, LLV, DPU, etc. Entitlements IDP – UT has seen photo ID SIG – Use your EID as legal signature EID Upgrade Limits who may view information (FERPA) Attributes or entire identity may be restricted Restrictions

11 Managing Information Technology @ UT Did You Know? Approximately how many EIDs have been issued by UT Austin? 4.5 Million EIDs (3.8M Person) On an average day during the regular semester how many EID logons occur? ~130,000 EID logons

12 Managing Information Technology @ UT Enterprise Directory Services Enterprise Directory Identity Management System Other Directory Services Authentication Services Authorization Services Source Systems

13 Managing Information Technology @ UT Enterprise Directories uTexas Enterprise Directory (TED) TED on the Mainframe (TOM) White Pages Directory Austin Active Directory Attribute Name ContentsMulti- or Single- Valued/ Required Indicator May Be Populated For Access Group Permitted Searches Source & Format Identifiers, utexasEdu PersonEid Current UT EID (uid is the naming attribute for people) Single Required All peopleBasic, AffOnly (see notes)see notes equalitySource: EID System Format: Max 8 characters utexasEdu PersonPri orEid Prior UT EIDs MultiAll peopleBasicequalitySource: EID System Format: Max 15 characters utexasEdu PersonUin Current UIN Single Required All peopleBasic, AffOnly equalitySource: EID System Format: 16-digit hex Sample Person Attributes in TED

14 Managing Information Technology @ UT Authentication Services Enterprise Directory Identity Management System Other Directory Services Authentication Services Authorization Services Source Systems

15 Managing Information Technology @ UT Web Authentication Data Store Authentication Service Web Server Web Browser AuthN. Agent

16 Managing Information Technology @ UT Authentication Methods Web Authentication UT Direct/Fat Cookie Shibboleth TAM (next generation) Mainframe Authentication RACF EID

17 Managing Information Technology @ UT Authorization Services Enterprise Directory Identity Management System Other Directory Services Authentication Services Authorization Services Source Systems

18 Managing Information Technology @ UT Authorizations BACS NRRECS Task Manager BACS Group – App-empl. Apollo Group - EID Stewards System Internal - Group Group Mediated System Internal - Individual Auth: View unrestricted student records Auth: Access Main 25 th Floor Auth: Update DP Auth: Submit DP

19 Managing Information Technology @ UT Authorization Products Apollo a mainframe authorization repository with customizable application profiles and group management functionality *DPUSER authorization system for mainframe services including the management of Natural and Adabas resources

20 Managing Information Technology @ UT In Closing An entity has only one identity and this is represented by the UT EID UT EID is the ubiquitous public user name Identities have lifelong membership in our community Identity & Access Management services include: Identity Management, Directory Services, Authentication Services, & Authorization Services

Download ppt "Managing Information UT November 13-14, 2008 Campus Identity and Access Management Services."

Similar presentations

Implementing Federated Identity Management across a Multi-campus Statewide System: The Texas Experience William A. Weems Assistant Vice President Academic.

Implementing Federated Identity Management across a Multi-campus Statewide System: The Texas Experience William A. Weems Assistant Vice President Academic.
Managing User, Computer and Group Accounts

Managing User, Computer and Group Accounts
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.

Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.

Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau 2004. This work is the intellectual property of the authors. Permission is granted for.

Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
1 Collaborators at the Gates of Troy: Extending eServices at USC.

1 Collaborators at the Gates of Troy: Extending eServices at USC.
1 Extending Authenticated Online Services with Friend Accounts at Washington State University Brian Foley Technology Architect/Application Developer.

1 Extending Authenticated Online Services with "Friend Accounts" at Washington State University Brian Foley Technology Architect/Application Developer.
Web Applications: Get a Grip on Privacy Michael Corn CAMP 2008.

Web Applications: Get a Grip on Privacy Michael Corn CAMP 2008.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
UPortal.Cornell Using uPortal to integrate disparate campus systems Jon Atherton, Cornell Information Technologies

UPortal.Cornell Using uPortal to integrate disparate campus systems Jon Atherton, Cornell Information Technologies
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park

June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Chapter 5: Configuring Users and Groups. Types of User Accounts Administrator –Unrestricted access to performing administrative tasks –Use sparingly Standard.

Chapter 5: Configuring Users and Groups. Types of User Accounts Administrator –Unrestricted access to performing administrative tasks –Use sparingly Standard.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

Similar presentations

Ads by Google