Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Integrated Framework for Identity and Access Management (IAM) RL”Bob” Morgan, U Wash., MACE Keith Hazelton, U Wisc., MACE Internet2 Spring Member Meeting.

Published byMillicent Small Modified over 8 years ago

Similar presentations

Presentation on theme: "An Integrated Framework for Identity and Access Management (IAM) RL”Bob” Morgan, U Wash., MACE Keith Hazelton, U Wisc., MACE Internet2 Spring Member Meeting."— Presentation transcript:

1 An Integrated Framework for Identity and Access Management (IAM) RL”Bob” Morgan, U Wash., MACE Keith Hazelton, U Wisc., MACE Internet2 Spring Member Meeting May 3, 2005, Arlington, VA RL”Bob” Morgan, U Wash., MACE Keith Hazelton, U Wisc., MACE Internet2 Spring Member Meeting May 3, 2005, Arlington, VA

2 2 Session overview I.Integration: IAM and applications (Keith) II.Drivers & requirements (RL “Bob”) III.From talking to doing (Keith again)

3 3 I: From Construction to Integration Construction Raw materials into systems Integration Subsystems into whole systems Multiple systems into ecosystems We’re all moving from construction to integration Let’s review state of middleware systems’ readiness for integration

4 4 IAM: Generic Functions VerbObjects ReflectData of interest from systems of record into registry, directory JoinIdentity information across systems ManageCredentials, group memberships, affiliations, privileges, services, policies ProvideIAM info via - run-time request/response - provisioning into App/Service stores Authenticate (AuthN)Claimed identities Authorize (AuthZ)Access or denial of access LogUsage for audit

5 5 Reflect, Join, and Manage Credentials Systems of Record Stdnt HR Other Enterprise Directory Registry LDAP

6 6 Collect bits of identity information in all the relevant IT systems Use business logic to Establish which records correspond to the same person Maintain that identity join in the face of changes to data in collected systems Assign a unique identifier for cross- system link Reflect, Join, and Manage Credentials

7 7 Manage Credentials When to assign, activate credentials (as early as possible) Who gets them? Applicants? Prospects? “Guest” NetIDs (temporary, identity-less) Reassignment (never; except…) Please send me a feed… Argument for WebISO

8 8 Manage IAM Info and Provide it via run-time calls or provisioning Systems of Record Central AuthN/ WebISO Apps / Resources Enterprise Directory

9 9 IAM functions & big pictures

10 10 IAM functions & big pictures Reflect Join Credential Provide/run-time (AuthN) Provide/provision AuthZ Manage Grps Manage Privs Log

11 11 The User to Service Provider slice across the systems Another aspect or perspective Courtesy of Mark Poepping, CMU

12 12 Another aspect or perspective Courtesy of Mark Poepping, CMU

13 13 The User to Service Provider perspective

14 14 The User to Service Provider perspective

15 15 Next-up integration services Message queuing (pub-sub, point-to-point) Workflow (business process orchestration) Policy info mgmt Policy decision point Service Oriented Architecture (SOA) as current buzz-word for the overall vision The vision will outlast the name

16 16 Middleware -- Application Integration ERPs SAKAI uPortal …

17 17 IAM and Application Integration

18 18 Inter-institutional integration Virtual Organization (VOs) Federations League of Federations

19 19 Part II: Drivers & Requirements

20 20 Part III: Doing Integration: Service Oriented Architecture (SOA) Goals What software is deployed during an integration, where and how is it deployed? W hat development is needed to accomplish an integration? What is the development / deployment process? How is the installation managed, maintained and expanded? How do individual integrations work together to form an infrastructure?

21 21 Service Oriented Architecture (SOA) Migration Strategy Courtesy of Jim Phelps, Architect U Wisconsin System Initiative Common Systems Interoperability Architecture Working Group (CSIAWG)

22 22 Migration Strategy - SOA Organization - Change Management Process - Business Process Analysis Information - Enterprise Data Definitions Infrastructure - Architecture and Technology Vendors – Fill the Gaps

23 23 Migration Strategy - SOA Organization - Change Management Culture shift from data to services Staff Training and Support New Expertise Service Interface Designer (2) Service Library Manager (2) Integration Competency Centers (3)

24 24 Integration Competency Center

25 25 Migration Strategy - SOA Organization - Change Management Culture shift from data to services Staff Training and Support New Expertise Service Interface Designer (2) Service Library Manager (2) Integration Competency Centers (3)

26 26 Migration Strategy - SOA Process - Business Process Analysis Prioritization -Most Pain, Most Gain Define/Document Business Processes Look for optimization opportunities Data needs (timeliness, availability, etc) Use disruption to your advantage

27 27 Migration Strategy - SOA Information - Enterprise Data Identification Let the Business Process Analysis drive the data definitions. Don’t build a complete dictionary Start with the most needed definitions Build on standards

28 28 Migration Strategy - SOA Infrastructure - Architecture and Technology Gap analysis - what pieces are missing Architecture Analysis Business Process Analysis and Enterprise Data Identification lead the efforts.

29 29 Migration Strategy - SOA We want to fix this business process. It needs data and services to/from these systems. We need these adaptors and data stores. We need these technologies to deploy these services.

30 30 Migration Strategy - SOA Vendor - Evaluation to fill gaps Business Process Analysis Enterprise Data Identification Data Definitions / schema development Service Design Technology Gaps

31 31 Migration Strategy - SOA Always ask “is the request for data really a request for service”

32 32 Roadmap to SOA Business Application Level UW System Level Campus Level

33 33 Roadmap to SOA Integration Competency Center ( ICC ) Registry Establish Governance Development Standards Common Tools UW System Level

34 34 Roadmap to SOA Analysis of Interfaces Analysis of Business Processes Reduction of Interfaces Schema Definitions Migration to Services Business Application Level

35 35 Roadmap to SOA ICC Take advantage of disruption Analysis of Business Processes Reduction of Interfaces Migration to Services Campus Level

36 36 References 1. Enterprise Application Integration, Revere Group Presentation June 26, 2003 2. Service-Oriented Architecture, A Field Guide to Integrating XML and Web Services, Thomas Erl 3. Introduction to Integration Competency Centers, Darwinmag.com http://www.darwinmag.com/read/070104/integration. html http://www.darwinmag.com/read/070104/integration. html 4. Enterprise Service Bus, David A. Chappell 5. ICC - The Fab Five - Competency Center Models and core skill sets, CIO Magazine http://www.cio.com/archive/110104/office.html

37 37 References OASIS on Tuesday is announcing the formation of a technical committee that will develop a reference model to provide clarity on the definition of an SOA, said Duane Nickull, chairman of the new OASIS SOA-RM (Reference Model) Technical Committee and senior standards strategist at Adobe. -- Infoworld, May 03, 2005

38 38

Download ppt "An Integrated Framework for Identity and Access Management (IAM) RL”Bob” Morgan, U Wash., MACE Keith Hazelton, U Wisc., MACE Internet2 Spring Member Meeting."

Similar presentations

© 2008 The MITRE Corporation. All rights reserved A Service Oriented Architecture (SOA) Approach to Department of Defense Architecture Framework (DoDAF)

© 2008 The MITRE Corporation. All rights reserved A Service Oriented Architecture (SOA) Approach to Department of Defense Architecture Framework (DoDAF)
Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.

How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.
Overview What is the National ITS Architecture? User Services

Overview What is the National ITS Architecture? User Services
June 10-15, 2012 Growing Community; Growing Possibilities Benn Oshrin, The Oshrinium, LLC Keith Hazelton, UW-Madison, Internet2 CIFER Community Identity.

June 10-15, 2012 Growing Community; Growing Possibilities Benn Oshrin, The Oshrinium, LLC Keith Hazelton, UW-Madison, Internet2 CIFER Community Identity.
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.

EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
1 Service Oriented Architecture: UW’s Migration Strategy a.k.a. What is it and how do we get one? Jim Phelps Sr. I.T. Architect, DoIT, UW-Madison

1 Service Oriented Architecture: UW’s Migration Strategy a.k.a. What is it and how do we get one? Jim Phelps Sr. I.T. Architect, DoIT, UW-Madison
EuroCAMP: Porto An Introduction to Identity and Access Management Borrowed from Keith Hazelton Sr. IT Architect, University of.

EuroCAMP: Porto An Introduction to Identity and Access Management Borrowed from Keith Hazelton Sr. IT Architect, University of.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Practices from the Field NSF Middleware Initiative: Identity and Privilege Management Model Michael Gettes, Duke University Jim Phelps, UW-Madison EDUCAUSE.

Practices from the Field NSF Middleware Initiative: Identity and Privilege Management Model Michael Gettes, Duke University Jim Phelps, UW-Madison EDUCAUSE.
Application Integration, Data Access, and Process Change.

Application Integration, Data Access, and Process Change.
Oracle Fusion Middleware

Oracle Fusion Middleware
Internet2 MACE Identity and Access Management (IAM) Projects integ-tb-kh-02.ppt Keith Hazelton, U Wisconsin With help.

Internet2 MACE Identity and Access Management (IAM) Projects integ-tb-kh-02.ppt Keith Hazelton, U Wisconsin With help.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Realising the Potential of Service Oriented Architecture Kris Horrocks Connected Systems Division Microsoft.

Realising the Potential of Service Oriented Architecture Kris Horrocks Connected Systems Division Microsoft.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
© 2006 IBM Corporation SOA on your terms and our expertise Discovering the Value of SOA SOA In Action SOA & End-2-End Business Driven Development using.

© 2006 IBM Corporation SOA on your terms and our expertise Discovering the Value of SOA SOA In Action SOA & End-2-End Business Driven Development using.
The Access Management Puzzle: Putting the Pieces Together Identity and Access Management at the UW Ian Taylor Manager of Security Middleware University.

The Access Management Puzzle: Putting the Pieces Together Identity and Access Management at the UW Ian Taylor Manager of Security Middleware University.
Welcome to CAMP Leveraging Campus Authentication Across Boundaries Workshop Ann West NMI-EDIT Outreach Michigan Tech/EDUCAUSE/Internet2.

Welcome to CAMP Leveraging Campus Authentication Across Boundaries Workshop Ann West NMI-EDIT Outreach Michigan Tech/EDUCAUSE/Internet2.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

Similar presentations

Ads by Google