University of Southern California Identity and Access Management (IAM)

Slides:



Advertisements
Similar presentations
Culture Change: What IT Takes to Create a Quality Customer Service Environment Presented By: Anne Agee, Executive Director, Division of Instructional and.
Advertisements

Copyright Kathy J. Lang and Ed Mahon, This work is the intellectual property of the authors. Permission is granted for this material to be shared.
Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,
Applying Data Governance in Identity Management: To Serve and Protect Brendan Bellina Identity Services Architect Information Technology Services University.
© Copyright Computer Lab Solutions All rights reserved. Do you need usage information about your computer labs? Copyright Computer Lab Solutions.
Web Application Management Moving Beyond CMS Douglas Clark Director, Web Applications Copyright Douglas Clark 2003 This work is the intellectual property.
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
Copyright Princeton University This work is the intellectual property of Princeton University. Permission is granted for this material to be shared.
On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.
Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.
Identity Management at USC: Collaboration, Governance, Access Margaret Harrington Director, Organization Improvement Services Brendan Bellina Identity.
1 Collaborators at the Gates of Troy: Extending eServices at USC.
1 Extending Authenticated Online Services with "Friend Accounts" at Washington State University Brian Foley Technology Architect/Application Developer.
Copyright Jill M. Forrester This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
ECM Project Roles and Responsibilities
Identity Management: The Legacy and Real Solutions Project Overview.
UWM CIO Office A Collaborative Process for IT Training and Development Copyright UW-Milwaukee, This work is the intellectual property of the author.
Copyright Anthony K. Holden, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Copyright Shanna Smith & Tom Bohman (2003). This work is the intellectual property of the authors. Permission is granted for this material to be shared.
Using Shibboleth as Your WebSSO Authentication System CAMP Shibboleth: Enabling Campus and Federated Single Sign-On June 27, 2006 Brendan Bellina Identity.
GatorAid: Identity Management at the University of Florida Mike Conlon Director of Data Infrastructure
Putting the We in… We are Penn State! Copyright [Carol Findley, Lisa Dibert] [2003]. This work is the intellectual property of the authors. Permission.
Intellectual Property Protocol and Assessment for Distance Learning Liz Johnson Project Manager Advanced Learning Technologies Board of Regents of the.
Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
Information Technology Services 1 Copyright Copyright Marc Wallman and Theresa Semmens, This work is the intellectual property of the authors. Permission.
Moving Your Paperwork Online University of California, Irvine presents PayQuest Copyright UC,Irvine This work is the.
NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Georgia State University Case.
Managing Intellectual Property for Distance Learning Liz Johnson Project Manager Advanced Learning Technologies Board of Regents of the University System.
Middleware 101 Dave Tomcheck UC Irvine. Overview Drivers and Assumptions Objectives The Components of the Business Architecture Implications for Stakeholders.
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
Center for Planning and Information Technology T HE C ATHOLIC U NIVERSITY of A MERICA ERP Systems: Ongoing Support Challenges and Opportunities Copyright.
Welcome to CAMP: Charting Your Authentication Roadmap Mike Grady Senior Technology Architect and Strategist Campus Information Technologies and Educational.
Reflect and Join - Reach for the Sky: The Care and Feeding of an Enterprise Person Registry Brendan Bellina, University of Southern California
Authority Process & Policy   Advanced CAMP July 9, 2003 Copyright Sandra Senti This work is the intellectual property of the author. Permission.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 NMI R3 Enterprise Directory Components.
Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.
Copyright [Dr. Michael Hoadley, Chat Chatterji, and John Henderson ] [2004]. This work is the intellectual property of the authors. Permission is granted.
2007 Carnegie Mellon University 1 Copyright Kelley Anderson and Mary L. Pretz- Lawson, This work is the intellectual property of the authors. Permission.
WebISO, Single Sign-On & Authorization General Overview Shelley Henderson Project Manager, Grid Software USC Information Services Copyright.
Bringing it All Together: Charting Your Roadmap CAMP: Charting Your Authentication Roadmap February 8, 2007 Paul Caskey Copyright Paul Caskey This.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
Copyright Michael White and Sylvia Maxwell, This work is the intellectual property of the author. Permission is granted for this material to be shared.
1 Name of Meeting Location Date - Change in Slide Master Authentication & Authorization Technologies for LSST Data Access Jim Basney
University of Southern California Identity and Access Management (IAM)
Breaking Down Barriers & Building Bridges Improves Customer Satisfaction & Efficiency Wendy Woodward | March 15, 2011 Copyright Wendy Woodward 2011.
How to Use Social Media, Identity Management, and Your Campus Portal to Efficiently and Effectively Communicate with Students Sarah Alpert, Senior Project.
SupportU 24x7: Implementing and Maintaining a Co-Managed Help Desk
Collaborative Facilities for Partnerships
Jill Forrester and David Kelly| October 20, 2011
Federated Identity Management at Virginia Tech
Julian Hooker Assistant Managing Director Educause Southwest
Applying Data Governance in Identity Management: To Serve and Protect
John O’Keefe Director of Academic Technology & Network Services
Decentralization in a Centralized IT Environment
Identity and Access Management:
Federating with NIH, NSF, and the National Student Clearinghouse
Copyright Notice Copyright Bob Bailey This work is the intellectual property of the author. Permission is granted for this material to be shared.
Blaine A. Brownell, President,
Project for OnLine Instructional Support (POLIS)
Open Source Web Initial Sign-On Packages
October 20, 2004 CAMP: Delivering, Sourcing, and Securing Services Throughout the Student Identity Life Cycle Stage 1: Establishing a Relationship.
myIS.neu.edu – presentation screen shots accompany:
An App A Day Copyright Tina Oestreich and Brian Yuhnke This work is the intellectual property of the author. Permission is granted for this material.
Technical Topics in Privilege Management
October 20, 2004 CAMP: Delivering, Sourcing, and Securing Services Throughout the Student Identity Life Cycle Stage 1: Establishing a Relationship.
Managing Enterprise Directories: Operational Issues
Enabling Applications to Use Your IdMS
Presentation transcript:

University of Southern California Identity and Access Management (IAM) Brendan Bellina Identity Services Architect Mgr, Enterprise Middleware Development Information Technology Services University of Southern California Los Angeles, California, USA bbellina@usc.edu Copyright Brendan Bellina 2009. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

University of Southern California Private research university, founded 1880 33,500 students (16,500 undergraduate, 17,000 graduate and professional) 3,200 full-time faculty, 8,200 staff $1.9 billion annual budget, $432 million sponsored research Two major LA campuses; six additional US locations; four international offices

Definition of Identity and Access Management Identity and Access management (IAM) is a broad administrative function that identifies individuals in a system (in this case, USC), and controls and facilitates their access to resources within that system by associating user rights and restrictions with the established identity.

Evolution of IAM Program 2001 – Eliminate/Suppress US Government assigned Social Security Numbers from non-financial systems 2002 – Commit to unified identifier – USC ID number 2003 – Build data governance structure 2005 – Enable authentication and authorization 2007 – Support affiliates and visitors

Responsibilities of the Person Registry Prevent duplicate identities by matching Collect person attributes from SORs for matching and provisioning to GDS (Enterprise Directory Service) Generate University Identifier (USCID) Reject invalid data from SORs Merge functions Respond to queries for specific users from SORs to prevent duplicates Provide reports on partial identity matches for SORs

Responsibilities of the Metadirectory Update GDS content based on: Person information - Person Registry Account information - Account System (“MU”) Affiliate services - Guest/Affiliate System (“iVIP”) Generate Directory Identifiers “uscPvid” Maintain GDS groups based on attributes and discretionary group memberships Populate entitlements based on group memberships

Responsibilities of the GDS Global Directory Public LDAP interface for White Pages, Email clients, and other LDAP clients Master of groups Aggregates account information for use with Shibboleth SSO Attribute and Identity source for Shibboleth SSO Authentication services (via Kerberos plug-in) Authorization services (via service accounts and aci’s)

Policy and Governance

Data Governance Data Governance brings together cross- functional teams to make interdependent rules or to resolve issues or to provide services to data stakeholders. These cross-functional teams - Data Stewards and/or Data Governors - generally come from the Business side of operations. They set policy that IT and Data groups will follow as they establish their architectures, implement their own best practices, and address requirements. Data Governance can be considered the overall process of making this work. http://www.datagovernance.com/adg_data_governance_governance_and_stewardship.html

Data Governance Committees Directory Services Steering Committee – policy development committee meets every 3 weeks focuses on policy regarding data acquisition and release, integration, and communication attendees include senior management representatives from academic schools, administrative departments, major IT units, General Counsel GDS Executive Committee - management committee every other week focuses on technical and staffing issues affecting direction and prioritizations attendees include management representatives from SOR’s and GDS team Data Team - technical committee meets monthly focuses on operational issues affecting SOR’s and PR/GDS attendees include representatives from SOR’s and GDS team Working Groups

Data Team

GDS Executive Committee

Directory Services Steering Committee

Attribute Access Request Process Required for all data requests to GDS content Directory Steering Committee reviews all new AAR submissions Data Stewards must also approve requests Requests must be reauthorized every 2 years Changes in data requirements require submission of a new AAR

Links USC: http://www.usc.edu GDS Website: http://www.usc.edu/gds Brendan Bellina, bbellina@usc.edu

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.