NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.

Slides:



Advertisements
Similar presentations
PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.
Advertisements

PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.
Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager,
Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
© 2011 EDUCAUSE Identity Management in Higher Education, 2011 Mark Sheehan May 2011.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
1 Penn State’s Identity & Access Management Initiative “It’s all about who you know … and what you know about them”
US E-authentication and the Culture of Compliance RL “Bob” Morgan University of Washington CAMP, June 2005.
Practices from the Field NSF Middleware Initiative: Identity and Privilege Management Model Michael Gettes, Duke University Jim Phelps, UW-Madison EDUCAUSE.
1 Authentication Trustworthiness The Next Stage in Identity-Based Access and Security Tom Board, NUIT.
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
US Higher Ed PKI Activities Internet2/EDUCAUSE ++ TF-EMC2 November, 2004 Amsterdam Michael R Gettes, Duke University TF-EMC2 November, 2004 Amsterdam Michael.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
1 Identity Management and Access Control Status UNITS Forum, June 2006 Tom Board, NUIT Info Systems Architecture.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Peter Deutsch Director, I&IT Systems July 12, 2005
Shibboleth Update a.k.a. “shibble-ware”
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
1 USHER Update Fed/ED December 2007 Jim Jokl University of Virginia.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
January 5, 2006Common Solutions Group Winter Duke CSG - Policy Discussion Identity Management Practice Bruce Vincent, Stanford Gary Chapman,
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
Copyright Copyright Ian Taylor This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
1 EDUCAUSE Midwest Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit Mark.
Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.
Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,
1 A Case for Collaborative Identity Management in a Complex Decentralized Environment Andrea Beesing Assistant Director, IT Security and David Yeh Assistant.
Identity Management 2.0 George O. Strawn NSF CIO.
Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.
EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Maturation & Convergence in Authentication & Authorization Services in US Higher Education: Keith Hazelton, Sr. IT Architect, University.
UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma
Integrated Institutional Identity Infrastructure: Implications and Impacts RL “Bob” Morgan University of Washington Internet2 Member Meeting, May 2005.
Credentialing in Higher Education Michael R Gettes Duke University CAMP, June 2005, Denver Michael R Gettes Duke University
Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.
Shibboleth Trust Model Shibboleth/SAML Communities (aka Federated Administrations) Club Shib Club Shib Application process Policy decision points at the.
More Allergic Reactions Some Potential Next Steps Tom Barton University of Chicago.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
Winter 2011 CSG Workshop: InCommon Silver Campus Panel: University of Iowa January 12, 2011.
Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority Meet FedFed.
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.
Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
OpenRegistry MACE-Dir 5/18/09 1 OpenRegistry Initiative Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University May 2009.
OpenRegistry Jasig Dallas OpenRegistry Initiative Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University March 2009.
EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.
OpenRegistry Initiative
Use case: Federated Identity for Education (Feide)
Current Campus Issues – From My Horizon
Today’s slides available at:
CSG - Policy Discussion Identity Management Practice
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
PASSHE InCommon & Federated Identity Workshop
Copyright Copyright Ian Taylor This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Identity Management at the University of Florida
Appropriate Access InCommon Identity Assurance Profiles
Technical Issues with Establishing Levels of Assurance
Presentation transcript:

NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago

Observations on: Identity & Access Management, Middleware & Security in U.S. Higher Education Michael R Gettes Duke University

We recognize there exists a larger world...

Identity & Access Management? #1 Issue in Higher Education /2006 EDUCAUSE IT Survey. Less than 10 years old - some HE schools doing it much longer. IAM is defined by many components as follows...

IAM Components a.k.a. “middleware” (1) Systems of Record (HR, SIS, Alumni, Telecom, Affiliates) Information Switch (Vendor/build) Entity registry (Vendor/build) Identity business rule handling (Vendor/build)

IAM Components a.k.a. “middleware” (2) Authentication (Password, PKI, Kerberos (ECAR Survey - K5 everywhere),...) Privilege Mgmt (Authority/Authorization) (Signet, HR system,...) Group Mgmt (Vendor, Grouper, Build) Directories - fast repositories (Vendor, Open Source)

IAM Components a.k.a. “middleware” (3) Service Provisioning Vendor, Built, Nexus Message Mgmt - real-time and queuing Vendor, Built or Jabber/XMPP

IAM Components a.k.a. “middleware” (4) Attribute Delivery PKI, SAML/Shibboleth, Directory, Vendor, (Various) Authorization, Act of (by Application) Policy Decision Point (PDP) Policy Enforcement Point (PEP)

Age of this Technology Technology is young. Lots of options - much more than just 5 years ago. If you buy - you will still need to build your own Identity Business Rules. Buy *and* Build decision. NSF/Internet2 Middleware - these “solutions” are simply options. If you believe in Open Source - they are good. If not, then use these solutions to drive vendors for what you want. Remain aware of trends.

Institutional Issues STAY OFF THE FRONT PAGE OF NATIONAL NEWS!!! IAM is part of any “good” security program. Each institution having IAM leads to better National Security - or at least the perception of it. IAM leads to Access Control via Authority Management, Authorization and timeliness

Institutional Issues (2) Nobody cares about implementing IAM. Need to define it in terms of Infrastructure to deliver a set of Services/Goals. Duke - Goal is 1 hour to get ID Card and NetID services for new employee and 1 hour for status changes to take effect (job changes). Buy-in from VPs, EVP, Provost, etc...

Institutional Issues (3) Consider rolling affiliates (non- student/fac-staff/alumni) into HR system - many contracts based on FTE (=paid person). You might get affiliate management for free. How do ID Proofing processes (identity registration) need to change for students and staff to enhance Business services?

Institutional Issues (4) How do we validate our processes? Is my institution doing a good job on IdM? CAF - Credential Assessment Framework How do we know if other institutions are doing a good job? Federations! Like-minded organizations seeking like-minded services.

Institutional Identity BRANDING of the institution via E-Identity my.harvard, stanford.you, CNetID (Chicago) How easy is institutional initiation? How easy to change function at institution? Uniting the institution electronically - overcoming typical political boundaries

Levels of Assurance (LoA)? Classify the requirements of an application Assign confidence levels for the ID Proofing and Electronic Authentication Processes Define mapping between Reqs and Confidence As simple as a number (Levels 1,2,3,4). Define confidence in terms of application requirements and you can use the same value for both.

Federation? A collection of organizations, having implemented some form of Identity Management, where Credential Service Providers (CSP, Universities) and Service Providers (SP, Content Providers) agree to “rules of engagement” (policy and attributes) using federating software (SAML/Shibboleth, PKI, CardSpace...)

Higher Ed Activity... InCommon - SAML based Federation Inter-Federations - Can they work? USHER - US Higher Education Root - PKI HEBCA - Bridged PKI similar to USGov Federal eAuth involvement ( Research community seeking Id Mgmt NSF CyberInfrastructure Shy away from Biometrics - What if you lose your E-thumb? National ID vs. Federated ID - NOT RFID!

Your mileage... will vary

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com Inc. All rights reserved.