Presentation is loading. Please wait.

Presentation is loading. Please wait.

NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.

Published byJade Griffith Modified over 8 years ago

Similar presentations

Presentation on theme: "NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure."— Presentation transcript:

1 NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure Rice University Copyright Barry R Ribbeck 2005 This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

2 NMI-EDIT Key Points Institutions implementing identity management should consider how their local policies, processes, and technology deployments can be leveraged to participate in broader higher education federations. This session offers information about the UT federation, as well as participating campus policy structures, technology implementations, and caveats to automation. This session is sponsored by the NMI-EDIT Consortium of EDUCAUSE, Internet2, and SURA.

3 NMI-EDIT Events in Texas - UT Federation 16 Institutions under one governing board No legal issues (All under state OGC) Policy requirements  Identity Trusts  Attribute release and data exchange  Logging and appropriate use Current Use –  Inter Campus wireless access  Access to intercampus security information  Access to cross campus applications  Library resources

4 NMI-EDIT NMI-EDIT Extending the Reach Grant 2 goals  Outreach  Case Studies Small school identity management – UT Tyler HAM-TMC Library Shibboleth enable EZProxy UTHSC-Houston/Baylor CoM – resident evaluation Application Sharing

5 NMI-EDIT What we learned Polices need to be updated New procedures need to be outlined Common understanding needs to be in place for Identity Management Use Cases exists already – you need a champion to drive them to production using the federated model Good project management and cross institutional goal setting is required. Go for the easy wins - once the infrastructure is in place, others will quickly follow.

6 NMI-EDIT How to approach policies Leverage what is already in place  Most institutions that already have a use case don’t need to reinvent the wheel to create inter institutional policies and procedures. These already exist, they just need to extend the current policy or procedure to take into consideration elements added by electronic commerce.

7 NMI-EDIT Policies/Procedures – What should be there An understanding of each institutions methods for Identity Management Definitions of procedures for  How a valid user on campus is defined?  How user accounts are managed?  Agreement on how attributes will be populated (eduPerson)  How each institutions manage guest accounts?

8 NMI-EDIT Some Hints for Identity management Allow source systems to define user relationship with the institution  Rules are transitive across systems  Procedures already exists  Vetting processes may need some tweaking  Involve source system managers in the process

9 NMI-EDIT Security and Privacy What about privacy after the attribute exchange? Require an inter institutional acceptable use policy ? – maybe, it depends! How is the meta-data collected, protected by the Resource Provider? What about cross institutional members – people who are already have identity defined at both institutions?

10 NMI-EDIT Post encounter procedures – Application Provider How are systems de-provisioned? What happens to the data from previous encounters? What document retention requirements exist? How long is log data maintained? Are there opt out procedures?

11 NMI-EDIT Technology - Shibboleth does a great job at attribute exchange – what about authentication LOA? Error diagnostics – better Changing the way we work do support. Private attribute extensions? How are people identified when they really need to be identified, is eppn sufficient?

12 NMI-EDIT Identity Management – TRUST Foundations Summary We need to know who OUR people are before we can allow others to trust us. We need automation to enhance account management and make our process trustworthy We need accurate data from source systems in order to trust federated authorization decisions. We need to know that when a person leaves an institution that we trust, that they no longer have access to our systems.

13 NMI-EDIT Where do we start? - Sharing NMI-EDIT – Directory Roadmap NMI-EDIT – Authentication Roadmap Educause – Policies and Security Internet 2 – Shibboleth and Security task Force

14 NMI-EDIT and Rice University Contact Information Barry Ribbeck bribbeck@rice.edu

Download ppt "NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure."

Similar presentations

How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.

How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.
1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.

What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.
Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,

Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,
SIU School of Medicine Identity Protection Act and Associated SIU Policy.

SIU School of Medicine Identity Protection Act and Associated SIU Policy.
Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.

Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.
Copyright Jill M. Forrester 2008. This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,

Copyright Jill M. Forrester This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
February 2006 copyright Michael Welch, Blinn College This work is the intellectual property of the author. Permission is granted for this material to be.

February 2006 copyright Michael Welch, Blinn College This work is the intellectual property of the author. Permission is granted for this material to be.
Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.

Federations in Texas Barry Ribbeck University of Texas Health Science Center at Houston.
An Identity Management Vision for California Education A. Michael Berman, Cal Poly Pomona Mark Crase, CSU Office of the Chancellor Copyright A. Michael.

An Identity Management Vision for California Education A. Michael Berman, Cal Poly Pomona Mark Crase, CSU Office of the Chancellor Copyright A. Michael.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, 2004. This work is the intellectual property.

1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, This work is the intellectual property.
Copyright Shanna Smith & Tom Bohman (2003). This work is the intellectual property of the authors. Permission is granted for this material to be shared.

Copyright Shanna Smith & Tom Bohman (2003). This work is the intellectual property of the authors. Permission is granted for this material to be shared.
The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University

The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University
Shibboleth and InCommon Copyright Texas A&M University 2008. This work is the intellectual property of the author. Permission is granted for this material.

Shibboleth and InCommon Copyright Texas A&M University This work is the intellectual property of the author. Permission is granted for this material.
CAMP - June 4-6, 2003 1 Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin 2003. This work is the intellectual property of the authors.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.
Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, 2004. This work is the intellectual property of the.

Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, This work is the intellectual property of the.
LionShare Presented by Eric Ferrin, Sr Director, Digital Library Technologies Feb 3, 2004 Copyright Penn State University, 2004. This work is.

LionShare Presented by Eric Ferrin, Sr Director, Digital Library Technologies Feb 3, 2004 Copyright Penn State University, This work is.

Similar presentations

Ads by Google