Introducing Access Management

Slides:



Advertisements
Similar presentations
How to Set Up a System for Teaching Files, Conferences, and Clinical Trials Medical Imaging Resource Center.
Advertisements

SAML CCOW Work Item: Task 2
Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.
RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.
Developers End Users Productivit y  Build once, run everywhere  Streamlined Lifecycle  Web Standards, Open Platform  O365 Integration Developers.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
UCLA’s Shibboleth Plan Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Peter Deutsch Director, I&IT Systems July 12, 2005
New Faculty Orientation Blackboard Academic Suite 7.1 University of the Pacific June 28, 2015.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Chapter 5 Database Application Security Models
Widely Distributed Access Management Tom Barton University of Chicago.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Microsoft Identity and Access Solutions Market Trends and Futures
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Copyright Albert Wu This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Overview of Access and Information Protection
Trimble Connected Community
Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
Integrating Applications with the Directory Andrea Beesing CIT/Integration and Delivery June 25, 2002.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.
University of Michigan Enterprise Directory Services Appendix A Conceptual Architecture.
Project Cumulus John King. This is not unfamiliar territory.
SURENDER SARA 10GAS Building Corporate KPI’s
AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.
Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?
The DSpace Course Module – User management and authentication options.
SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.
UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma
Using Grouper and Signet for Access Management Kathryn Huxtable GPN Annual Meeting 30 May 2008
Collaborative Platforms. Collaborations and Virtual Organizations IdM is a critical dimension of collaboration, crossing many applications.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
Shibboleth: An Introduction
Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, am.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Inventory & Monitoring Program SharePoint Permissions Who has access? What can they do with the access? What is the easiest way to manage the permissions?
Microsoft Azure Active Directory. AD Microsoft Azure Active Directory.
Windows 2000 Ronnie Park Jarod Nozawa Joe Stones Yassir Mhdhroui.
ISC-ASTT PennGroups Central Authorization System (Grouper) June 2009.
~60 staff 1.Collaborators around the world 2.Supports communities of collaborators external to Internet2 3.Community uses wiki, mailing lists, instant.
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago.
Administrative Information Systems Shibboleth Install Session Technical Information Session for Developers Datta Mahabalagiri.
Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.
Information Initiative Center, Hokkaido University North 11, West 5, Sapporo , Japan Tel, Fax: Management.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
The FederID project The First Identity Management and Federation Free Software.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
Collaboration and Federated Identity Two powerful forces being leveraged – the rise of federated identity – the bloom in collaboration tools, most particularly.
Using Your Own Authentication System with ArcGIS Online
LIGO Identity and Access Management
Data and Applications Security Developments and Directions
Jim Fawcett CSE686 – Internet Programming Summer 2005
Current Campus Issues – From My Horizon
Your Key to Privacy, Security, and Access to Services
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
SPS FPDS-NG Integration: System Administration
Administration GUI for the Authorization Manager
ESA Single Sign On (SSO) and Federated Identity Management
Central Authorization System (Grouper) June 2009
Identity & Access Management
Today Introducing IAMUCLA ISIS to Shibboleth Migration
Role Management in .net Vinay Dhareshwar.
Presentation transcript:

Introducing Access Management IAMUCLA Mini-Conference November 18, 2008

IAMUCLA “Simplified and Streamlined User Identity & Access Management”

IAMUCLA Access Management (Authorization) Authentication Enterprise User Identity Store

IAMUCLA Authentication Access Management (Authorization) UCLA Logon ID Standard Web SSO (Shibboleth) Groups and Roles Access Management (Authorization) Privilege Management Enterprise User Identity Store Enterprise User Identity Store

Authorization Re-cap <subject> can <perform action> on <resource> given <constraint>. Joe Bruin can edit pages on the IAMUCLA site. Students enrolled in Math 33A can view contents of the Math 33A Course Web Site.

“I manage access using roles “I manage access using roles. Just tell me what groups the logged in person is in.” Most applications want group membership data. Applications use group member data to make authorization decisions

“Groups based on PPS/SRS/other university data are great, except that I need to add this one exception…”

Grouper Internet2 developed group management software Open source Flexible group management capabilities Ongoing work to integrate with other I2 initiatives

Grouper in IAMUCLA PPS SRS Enterprise Directory Shibboleth Grouper 4 1 3 SRS Group Membership/Role Attribute Storage and Delivery 2 Grouper generates university groups/roles automatically using known data sources Administrators create custom groups Group data provisioned into Enterprise Directory Group data delivered to applications via Shibboleth Others Administrators University Data Sources Group Management

Demonstration

Grouper for Naga Gamers PPS Enterprise Directory Shibboleth Grouper 4 1 3 SRS Group Membership/Role Attribute Storage and Delivery 2 Grouper generates university groups/roles automatically using known data sources Administrators create custom groups Group data provisioned into Enterprise Directory Group data delivered to applications via Shibboleth Others Administrators University Data Sources Group Management

Using Grouper Data to Manage Access Group data delivered through Shibboleth attribute response Protect static content using Shibboleth SP Map attributes to groups in applications

https://spaces.ais.ucla.edu/iamucla

EVERYBODY PANIC!!! OMG! O NOES!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.