PASSHE InCommon & Federated Identity Workshop DAY 2 John O’Keefe – Associate VP and CIO, Lafayette College Renee Shuey – Principal Lead Identity and Access Management, Penn State University
Privacy and Security
Critical Elements of Identity Who are you? (identification) Collect personally identifying information to prove you are who you say you are (identity proofing), such as drivers license or passport Assign attributes [(name, address, college or university, department, role (faculty, staff, student), major, email address] How can you prove it? (authentication) Verifying that the person seeking access to a resource is the one previously identified and approved
Value of Institutional Identity We own the data We trust ourselves FIdM enables integration with cloud services Keeps us agile in a frequently changing IT landscape The identity is what our community wants Attribute Consent
Federation Protects Collaboration Privacy - Sends the minimum amount of attributes Security - Keeps person attributes secured in your local identity vault and limits number of UserIDs and passwords Outsourcing - Enables integrated institutional use of external applications Regulations - Access that must adhere to Federal regulations can easily be provisioned
Security is Multi-Dimensional Secure credentials Secure attributes Secure transmission
Privacy is Multi-Dimensional Keep attributes private Keep what you release to a minimum required
Other Privacy Concerns FERPA and other Federal, State, and Local Regulations Informed Consent Federated Incident Response Right to change mind, to be forgotten Data Protection vs. privacy protection Common definitions of privacy (particularly internationally)
Policy Considerations
Business Process/Policy Improvement Align business processes When new faculty/staff/students come or leave, how does that work? Account creation/deletion must be a rule-based activity! Partner with HR, Dean’s Office, whoever to change business processes Good business processes ensure currency and security
Campus Engagement Over time, we want to do higher stakes transactions on-line. That’s true within campus/for campus, and off campus, between campuses/labs/etc. Every step along the way, there were naysayers. They weren’t right. Others with whom we do business are heading in the same directions/driving the same direction, for incredibly similar reasons.
Federated IdM as Good IdM Hygiene Use InCommon’s guidelines as a cookbook for internal IdM practices Whether Federated or not, the best practices recommended are sound for your IdM infrastructure Attribute collection and maintenance required for internal systems Extending schemas Automation of provisioning and de-provisioning must be your goal
FIdM Practices Account creation and termination procedures Properly maintained and secured identity store Attribute Release Policy (ARP) Cooperation from key administrative units (HR, Admissions) Policies and procedures to match Level of Assurance (LoA) How do you determine who gets NetIDs? How do you validate new users? How do you remove accounts once users leave? How long do you keep NetIDs? How do you keep identities secure in the directory? How do you keep identities secure in transmission?
Participant Operating Practices What is the PoP? How do I complete it? Why is it necessary? Implications for internal processes
Accuracy of information What processes do you have to maintain audit trails? How reliable is the attribute information? How do you update the person registry? Who can update the person registry?
Service providing What attributes are required to access your service? What do you do with attributes you receive as part of a federated identity exchange? How do you secure attributes you receive as part of a federated identity exchange? How do you notify a federated user if his/her attributes have been compromised?
Bundles and Application Categories Attributes tend to travel in bundles The R&S (research and scholarship) bundle {name, email, authenticated identity, affiliation} Applications are being vetted for minimal use and qualification for R&S Attribute release “automatic” by IdP Several bundles are likely, e.g. {opaque-id, affiliation}, {authentication only}, privacy-preserving-personalization