Signet Privilege Management

Slides:



Advertisements
Similar presentations
Glenn Johnson John A. Dutton e-Education Institute Project Manager, Penn States e-Portfolio Initiative Glenn Johnson John A. Dutton e-Education Institute.
Advertisements

CHECK 2012 Bridging the Gap for Mobile Devices: Eager Adoption v. Practical Support Emporia State University The Faculty & Staff Support Perspective Cory.
Experiences in Middleware Deployment: Teach a man to fish… Mary Fran Yafchak NMI Integration Testbed Manager SURA IT Program Coordinator.
A Successful Help Desk Process for all IT Support
What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Managing Roles & Privileges with Grouper and Signet Middleware Nate Klingenstein (some words stolen from Tom Barton & Lynn Mcrae) Helsinki EuroCAMP, April.
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
Design & Development Scott Battaglia Application Developer Enterprise Systems and Services Rutgers, the State University of New Jersey
Flexible Information Literacy Alternatives for Independent Learners Suzanne Hayes March 17, 2003 Copyright Suzanne Hayes This work is the intellectual.
Delivering Windows OS Updates at Yale with SUS EDUCAUSE Security Professionals Workshop May 17, 2004 Washington DC Ken Hoover, Systems Programmer
Lynn McRae Stanford University Lynn McRae Stanford University Stanford Authority Manager Privilege management use.
Procurement From the 20 th to the 21 st Century Copyright Byron Honoré This work is the intellectual property of the author. Permission is granted.
David Sweeney, Director Brooke Woodruff, IT Manager
Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.
Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, This work is the intellectual property of the.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
Sharing MU's SharePoint Experience 2005 Midwest Regional Conference Innovative Use of Technology: Getting IT Done Wednesday, March 23, 2005.
Herding CATS: the Community of Academic Technology Staff Lou Zweier, Director CSU Center for Distributed Learning The California State University NLII,
Sharing Information and Controlling Content: Continuing Challenges for Higher Education Susanna Frederick Fischer Assistant Professor Columbus School of.
Copyright The Board of Regents of the University of Wisconsin System This work is the intellectual property of the author. Permission is granted.
Information Technology Services 1 Copyright Copyright Marc Wallman and Theresa Semmens, This work is the intellectual property of the authors. Permission.
Moving Your Paperwork Online University of California, Irvine presents PayQuest Copyright UC,Irvine This work is the.
A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.
Signet and Grouper for Distributed Attribute Administration
Issues Associated with ePortfolios in Small Colleges EDUCAUSE Mid-Atlantic Regional Conference 2006 Ed Barboni, Senior Advisor, Council of Independent.
I2/NMI Update: Signet, Grouper, & GridShib Tom Barton University of Chicago.
Center for Planning and Information Technology T HE C ATHOLIC U NIVERSITY of A MERICA ERP Systems: Ongoing Support Challenges and Opportunities Copyright.
Discussion Panelists: Justin C. Klein Keane Sr. Information Security Specialist University of Pennsylvania Jonathan Hanny Application Security Specialist.
Signet and Grouper A Use Case Study for Central Authorization at Cornell University March 2006.
Centralizing and Automating PeopleSoft Authority Management (Security) Session #20647 March 14, 2006 Alliance 2006 Conference Nashville, Tennessee.
Grids USC Case Study Copyright Shelley Henderson This work is the intellectual property of the author. Permission is granted for this material to.
Using Signet and Grouper for Access Management Using Signet and Grouper for Access Management Tom Barton, University of Chicago Lynn McRae, Stanford University.
Setting up Privilege Management with Signet Metadata.
Authority Process & Policy   Advanced CAMP July 9, 2003 Copyright Sandra Senti This work is the intellectual property of the author. Permission.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 NMI R3 Enterprise Directory Components.
Copyright David A. Cox This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
Portals and Web Standards Lessons Learned and Applied David Cook Copyright The University of Texas at Austin This work is the.
1 Effective Incident Response Presented by Greg Hedrick, Manager of Security Services Copyright Purdue University This work is the intellectual property.
Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.
Copyright © 2011 Rachel Fourny. This work is the intellectual property of Rachel Fourny. Permission is granted for this material to be shared for non-commercial,
Moving Forward in Stages Tom Barton, University of Chicago.
Authors: Victoria F. Sarkisian, Linguistic Coordinator at the Academic Learning Center Austin C. Schilling, Senior Consultant at IBM In collaboration with:
The Duluth Area CIO’s Consortium Collaborating with Regional IT Organizations Copyright Linda Deneen and Lynne Hamre, This work is the intellectual.
Chief Information Officer Effectiveness in Higher Education Wayne Brown, Ph.D. Copyright Wayne Brown This work is the intellectual property of the.
© Scottsdale Community College Leveraging the Power of E-Learning Taking your course to a higher level Presented by Sidne Tate Director, Instructional.
Systemic Progress in Teaching and Learning Common Elements that Support Campus-Wide Innovation Copyright Andrea Nixon, A. Michael Berman, Christine Haile,
Julian Hooker Assistant Managing Director Educause Southwest
I2/NMI Update: Signet, Grouper, & GridShib
Identity and Access Management:
Educause Learning Initiatives (ELI) January 20-22, 2009
Federating with NIH, NSF, and the National Student Clearinghouse
IT All Staff M. Mundrane 16 March 2018.
Copyright Notice Copyright Bob Bailey This work is the intellectual property of the author. Permission is granted for this material to be shared.
Ed Barboni, Senior Advisor, Council of Independent Colleges
Blaine A. Brownell, President,
Privilege Management: the Big Picture
Project for OnLine Instructional Support (POLIS)
Open Source Web Initial Sign-On Packages
October 20, 2004 CAMP: Delivering, Sourcing, and Securing Services Throughout the Student Identity Life Cycle Stage 1: Establishing a Relationship.
myIS.neu.edu – presentation screen shots accompany:
© Mike Reese This work is the intellectual property of the author
An App A Day Copyright Tina Oestreich and Brian Yuhnke This work is the intellectual property of the author. Permission is granted for this material.
Technical Topics in Privilege Management
October 20, 2004 CAMP: Delivering, Sourcing, and Securing Services Throughout the Student Identity Life Cycle Stage 1: Establishing a Relationship.
PDI: Intro to Grouper Jeff Ruch Jeff Ruch ACNS Middleware
Signet & Privilege Management
Signet Privilege Management
Presentation transcript:

Signet Privilege Management nmi-edit Signet Privilege Management 2004 Internet2 Fall Members Meeting Austin, September 29, 2004 Lynn McRae, Stanford University lmcrae@stanford.edu Copyright Lynn McRae, 2004. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author. 1/3/2019

What is Signet? A Privilege Management System & toolkit Tools to define privileges UI to assign privileges to people Components for integrating with other systems NSF funded Internet2 /MACE project Part of AuthZ core middleware initiative Based on Stanford Authority Management system 1/3/2019

Central Privilege Management System independent source of privilege data Simplifies policy management and tracking Consistent application of rules NOT an authorization service… Integrates with local system security Integrates with authorization mechanisms A source of data for an authorization service What is an authorization service? 1/3/2019

Signet home page 1/3/2019

Signet home page 1/3/2019

Signet home page 1/3/2019

Subsystems Define domains of ownership and responsibility Reflect real world boundaries Can be large or small One built-in subsystem to manage other subsystems 1/3/2019

Categories Group privileges into topics Organize data for UI and reports Some control features, e.g., choose one vs choose many 1/3/2019

Functions Basic unit of privilege assignment Can encapsulate one or more permissions functions 1/3/2019

Smaller subsystems Just a few functions Categories not required 1/3/2019

Signet home page 1/3/2019

Signet privilege details 1/3/2019

Signet - Person View 1/3/2019

Signet - Person View 1/3/2019

Signet - Granting 1/3/2019

Signet - Granting - Privileges 1/3/2019

Signet - Granting - Scope 1/3/2019

Scope Places privileges in a hierarchy Distributed delegation control “you can only give what you have” Independent of personnel hierarchy Each subsystem can have a different scope, or no scope 1/3/2019

Signet - Granting - Limits Qualifiers/constraints for a privilege Limit types: Numeric, ranges Single/multiple choice Input values, edited against domain of values Extensible Knows “less” or “fewer” for delegation 1/3/2019

Signet - Granting - Conditions Prerequisites (auto-activation) Conditions (auto-revocation), extensible Having vs delegating authority 1/3/2019

Demo - Signet - Granting 1/3/2019

Other features Assigning privileges to groups Designated drivers Groups may represent roles But Role management per se is a future concern Synergy with Grouper project Designated drivers Privilege granting proxy Acting proxy Notification 1/3/2019

Feature summary By authority of the Dean grantor principal investigators role (group) who have completed training prerequisite can approve purchases function in the School of Medicine scope for research projects up to $100,000 limits until January 1, 2006 condition 1/3/2019

Privileges building blocks System view Permissions Business view Subsystems Categories Functions Scope Limits Prerequisites Conditions 1/3/2019

Function/Permissions 1/3/2019

Permissions integration - provisioning 1/3/2019

Permissions integration - infrastructure 1/3/2019

Signet components 1/3/2019 Yellow = institution provided

Auditing Logging History Subsystem and Assignment snapshots Reconciling Signet privileges with consumer privileges 1/3/2019

Project Status/Overview Core objects: Subsystem metadata - schema/api Scope tree - schema/api Subject - schema/api Assignment schema/api 1st alpha release, basic UI -- November 1, 2004 1/3/2019

Project Status/Overview Second tier features Limits and Proxy Integration connectors Lifecycle Conditions and Prerequisites Group assignments Metadata management UI 1/3/2019

Early Adopters Queens College, Ontario University of California, Davis University of Southern California 1/3/2019

For more information… The project web site: http://middleware.internet2.edu/signet/ Email list: signet@internet2.edu 1/3/2019

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.