1. Bringing it All Together: Charting Your Roadmap CAMP: Charting Your Authentication Roadmap February 8, 2007 Paul Caskey Copyright Paul Caskey 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

2. History 16 institutions, 9 academic, 6 health 16 stovepipes, very independent and decentralized Leadership sees increased collaboration capabilities as a strategic goal Received NMI-EDIT “Extending the Reach” grant in 2004 Built pilot federation, began work on consistent identity management policies

3. U.T. System Identity Management Federation in production operation as of 9/1/2006 Federation policies approved and signed (well, most of them anyway) 10 federated applications, most small in scope, ranging from financial accounting to research reporting to online learning Large applications under development: Benefits, Grid computing portal Status

4. Publish Statement of Direction Articulate a vision statement Relate vision to business environment Identify Stakeholders –Campus Presidents –Campus IT/SLC (16 campuses) –Board of Regents (collaboration) –Data/Application Owners Create a governing body –IdM Governing Board –SLC Create Technical and Policy Groups Specify Goals Identify Roadblocks Publish the plan Track progress Revise plan Developing the Roadmap

5. In April of 2004, the SLC published a Statement of Direction for Identity Management: The University of Texas System Information Technology Strategic Leadership Council agrees that deployment of a robust, secure, interoperable infrastructure for identity management in support of inter-institutional collaboration is a strategic goal. This infrastructure will be based upon the available standards and best practices: –LDAP (Lightweight Directory Access Protocol) compliant directory services, –eduperson schema as promulgated by EDUCAUSE and Internet2, –utperson schema (to be developed), –inter-institutional access control utilizing Internet2 Shibboleth, and –consistent institutional definitions and identity management trust policies for students, faculty, and staff as well as sponsored affiliates. Statement of Direction

6. Prior to starting the roadmap development, the IdM Governing Board published a Vision statement: “All University of Texas students, faculty, and staff are able to access both local and remote resources using their local credentials and attributes, through a seamless technology infrastructure.” Vision

8. The following goals and roadblocks were identified: Goals: –Federated Identity (consistent Vetting/Credentialing policies) –Federated Authentication (established LoAs, SAML-based authN) –Federated Authorization (consistent attributes, RBAC, utPerson, Provisioning) Roadblocks: –Budget –Competition for skilled resources –Project management –Inter-institutional trust –Power and autonomy conflicts Differing Priorities Conventions may be seen as dictates –Selling it to all the stakeholders –The needed work in policy and governance can take considerable time –Individuals with multiple affiliations Goal & Roadblocks

10. And, finally, a plan was produced! Updated periodically Legend: –Blue: Major Milestones –Green: Completed Tasks –Yellow: Tasks In Progress –Red: Pressing Tasks –Grey: Tasks Not Started Publish a Plan!