PASSHE InCommon & Federated Identity Workshop

Slides:

Advertisements

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Advertisements

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

IAM Online Friday, February 12, 2010 “Introduction to Federated Identity Management” John O’Keefe, Lafayette College Questions either via Adobe Connect.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

1 The Evolving Definition of "Student": Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

InCommon and Federated Identity Management 1

Peter Deutsch Director, I&IT Systems July 12, 2005

IT Security Challenges In Higher Education Steve Schuster Cornell University.

Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Identity and Access Management (IAM) What’s in it for Me? NC State University - Computer Security Day October 26, 2009 Mark Scheible Manager, Identity.

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Copyright 2006 Archistry Limited. All Rights Reserved. SOA Federated Identity Management How much do you really need? Andrew S. Townley Founder and Managing.

InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb

The InCommon Federation The U.S. Access and Identity Management Federation

Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.

Identity Management Practical Issues Associated with Sharing Federated Services UT System Identity Management Federation William A. Weems The University.

Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.

Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.

COMPDIRS NATHAN DORS APRIL 16, AGENDA  IAM – who we are, what we do  HRP Modernization & Workday  What’s new in IAM?  Identity.UW soft.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.

Baltic IT&T, Riga 2007 Identity Management within the educational sector in Norway Senior Adviser Jan Peter Strømsheim, Norwegian ministry of Education.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Identity Management Practical Issues Associated with Sharing Federated Services William A. Weems The University of Texas Health Science Center at Houston.

Projecting Infrastructure to the CLOUD CSG discussion Fall Princeton University.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Attribute Delivery - Level of Assurance Jack Suess, VP of IT

Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.

NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

1 EDUCAUSE Mid-Atlantic Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit.

OpenRegistry MACE-Dir 5/18/09 1 OpenRegistry Initiative Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University May 2009.

L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.

Tom Barton, Senior Director for Integration, University of Chicago

Trust Profiling for Adaptive Trust Negotiation

OVERVIEW OF GIFMIS.

Data Security and Privacy Overview: NJDOE’s Approach to Cybersecurity

When to share and not to share information

Use case: Federated Identity for Education (Feide)

University of Texas System

John O’Keefe Director of Academic Technology & Network Services

InCommon Steward Program: Community Review

Current Campus Issues – From My Horizon

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

Rebecca B. Brigham, MSW Assistant Dean for Field Education

Identity & Access Management InCommon Research and Scholarship

UNLV Data Governance Executive Sponsors Meeting

A Business Case for Identity Management in Higher Education

Federal Requirements for Credential Assessments

Registrars are a Barrier to Collaboration: Truth or CIO Pretext?

Identity Management at the University of Florida

IAM Online Friday, February 12, 2010 “Introduction to Federated Identity Management” John O’Keefe, Lafayette College Questions either via Adobe Connect.

Office of Sponsored Programs

Appropriate Access InCommon Identity Assurance Profiles

Technical Issues with Establishing Levels of Assurance

The Attribute and the ecosystem

Data, Policy, Stakeholders, and Governance

iSecurity Password-Reset Training

Presentation transcript:

PASSHE InCommon & Federated Identity Workshop DAY 2 John O’Keefe – Associate VP and CIO, Lafayette College Renee Shuey – Principal Lead Identity and Access Management, Penn State University

Privacy and Security

Critical Elements of Identity Who are you? (identification) Collect personally identifying information to prove you are who you say you are (identity proofing), such as drivers license or passport Assign attributes [(name, address, college or university, department, role (faculty, staff, student), major, email address] How can you prove it? (authentication) Verifying that the person seeking access to a resource is the one previously identified and approved

Value of Institutional Identity We own the data We trust ourselves FIdM enables integration with cloud services Keeps us agile in a frequently changing IT landscape The identity is what our community wants Attribute Consent

Federation Protects Collaboration Privacy - Sends the minimum amount of attributes Security - Keeps person attributes secured in your local identity vault and limits number of UserIDs and passwords Outsourcing - Enables integrated institutional use of external applications Regulations - Access that must adhere to Federal regulations can easily be provisioned

Security is Multi-Dimensional Secure credentials Secure attributes Secure transmission

Privacy is Multi-Dimensional Keep attributes private Keep what you release to a minimum required

Other Privacy Concerns FERPA and other Federal, State, and Local Regulations Informed Consent Federated Incident Response Right to change mind, to be forgotten Data Protection vs. privacy protection Common definitions of privacy (particularly internationally)

Policy Considerations

Business Process/Policy Improvement Align business processes When new faculty/staff/students come or leave, how does that work? Account creation/deletion must be a rule-based activity! Partner with HR, Dean’s Office, whoever to change business processes Good business processes ensure currency and security

Campus Engagement Over time, we want to do higher stakes transactions on-line. That’s true within campus/for campus, and off campus, between campuses/labs/etc. Every step along the way, there were naysayers. They weren’t right. Others with whom we do business are heading in the same directions/driving the same direction, for incredibly similar reasons.

Federated IdM as Good IdM Hygiene Use InCommon’s guidelines as a cookbook for internal IdM practices Whether Federated or not, the best practices recommended are sound for your IdM infrastructure Attribute collection and maintenance required for internal systems Extending schemas Automation of provisioning and de-provisioning must be your goal

FIdM Practices Account creation and termination procedures Properly maintained and secured identity store Attribute Release Policy (ARP) Cooperation from key administrative units (HR, Admissions) Policies and procedures to match Level of Assurance (LoA) How do you determine who gets NetIDs? How do you validate new users? How do you remove accounts once users leave? How long do you keep NetIDs? How do you keep identities secure in the directory? How do you keep identities secure in transmission?

Participant Operating Practices What is the PoP? How do I complete it? Why is it necessary? Implications for internal processes

Accuracy of information What processes do you have to maintain audit trails? How reliable is the attribute information? How do you update the person registry? Who can update the person registry?

Service providing What attributes are required to access your service? What do you do with attributes you receive as part of a federated identity exchange? How do you secure attributes you receive as part of a federated identity exchange? How do you notify a federated user if his/her attributes have been compromised?

Bundles and Application Categories Attributes tend to travel in bundles The R&S (research and scholarship) bundle {name, email, authenticated identity, affiliation} Applications are being vetted for minimal use and qualification for R&S Attribute release “automatic” by IdP Several bundles are likely, e.g. {opaque-id, affiliation}, {authentication only}, privacy-preserving-personalization