Identity Management at USC: Collaboration, Governance, Access Margaret Harrington Director, Organization Improvement Services Brendan Bellina Identity.

Slides:

Advertisements

Similar presentations

How Will it Help Me Do My Job?

Advertisements

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

When will the helicopters end? Giving Parents Access Case Study The University of Arkansas and Southern Methodist University M3.3 February 4, 2013.

UCSC History. UCSC: A brief history 60s University Placement Committee A lot of field trips/interaction with employers.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Applying Data Governance in Identity Management: To Serve and Protect Brendan Bellina Identity Services Architect Information Technology Services University.

Health Ingenuity Exchange (HingX) Best Practices for User Groups and Resource Registration.

STUDENT SUCCESS CENTERS : WORKING BETTER TOGETHER TO ENSURE STUDENT SUCCESS.

Results of the Faculty Survey on Internationalization at Villanova: A Preliminary Report Prepared for the International Leadership Committee Prepared by.

Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.

1 Collaborators at the Gates of Troy: Extending eServices at USC.

1 The Evolving Definition of "Student": Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.

Orientation for Academic Program Reviews

Project Management: A Critical Skill for Organizations Presented by Hetty Baiz Project Office Princeton University.

1 LBNL Enterprise Computing (EC) January 2003 LBNL Enterprise Computing.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

UST Exempt Staff Council A series of forums for exempt staff to discuss a proposed new university committee Richelle Wesley, Associate University Registrar.

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

ECM Project Roles and Responsibilities

Copyright Statement © Jason Rhode and Carol Scheidenhelm This work is the intellectual property of the authors. Permission is granted for this material.

Orientation for Academic Program Reviews

Using Shibboleth as Your WebSSO Authentication System CAMP Shibboleth: Enabling Campus and Federated Single Sign-On June 27, 2006 Brendan Bellina Identity.

Peer Information Security Policies: A Sampling Summer 2015.

1 EDUCAUSE Midwest Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit Mark.

NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.

Identity and Access Management (IAM) What’s in it for Me? NC State University - Computer Security Day October 26, 2009 Mark Scheible Manager, Identity.

Agenda 1. Definition and Purpose of Data Governance

The InCommon Federation The U.S. Access and Identity Management Federation

Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.

PROJECT OBJECTIVES Identify, procure, and implement software that provided a common system for students, faculty, and staff to enter and measure.

Institutional Implementation: The Penn State Journey Nicola Kiver Executive Assistant to the Dean College of the Liberal Arts Cheryl Seybold Director of.

Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.

University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy

Department of Grants and District Initiatives 1 San Antonio Independent School District Department of Grants and District Initiatives The purpose of the.

SUNY System Administration Federation Overview Gavin Hogan July 15th, 2009 A work in progress….

Top Issues Facing Information Technology at UAB Sheila M. Sanders UAB Vice President Information Technology February 8, 2007.

University of Idaho Successful External Program Review Archie George, Director Institutional Research and Assessment Jane Baillargeon, Assistant Director.

Project 2003 Presentation Ben Howard 15 th July 2003.

Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.

Reflect and Join - Reach for the Sky: The Care and Feeding of an Enterprise Person Registry Brendan Bellina, University of Southern California

SACS-CASI Southern Association of Colleges and Schools Council on Accreditation and School Improvement FAMU DRS – QAR Quality Assurance Review April 27-28,

Outsourcing Student at USC Institute for Computer Policy and Law Cornell University, August 2008 Asbed Bedrossian Director of Enterprise Applications.

 Founded in 1842 by the Order of Saint Augustine  Located in a suburban community 12 miles west of Philadelphia  10,000+ undergraduate, graduate and.

UWF SACS REAFFIRMATION OF ACCREDITATION PROJECT Presentation to UWF Board of Trustees November 7, 2003.

This presentation describes the development and implementation of WSU Research Exchange, a permanent digital repository system that is being, adding WSU.

Jane Hill Directory Services Product Manager, Harvard University.

Implementing a Role Management System Mair é ad Martin Carrie Regenstein Internet2 Fall Meeting September 20, 2005.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner.

Correlating Engagement and Student Success (Online version) Student Success Specialist Western Oregon University Jesse Poole.

PERKINS IV AND THE WORKFORCE INNOVATION AND OPPORTUNITY ACT (WIOA): INTERSECTIONS AND OPPORTUNITIES.

TASFAA 2016 Legacy of Leadership. TASFAA 2016 Legacy of Leadership Family Educational Rights and Privacy Act (FERPA) An Overview Molly Thompson Associate.

Managing Multiple Projects Steve Westerman California Department of Motor Vehicles Steve Young Mathtech, Inc.

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

Ad-hoc Lists / Opt-In Problem Definition Access rules for many applications and services cannot be derived from an authoritative source and must therefore.

University of Southern California Identity and Access Management (IAM)

Making Cross-campus, Inter-institutional Collaborations Work

IT Audit Processes and Audit

University Career Services Committee

Applying Data Governance in Identity Management: To Serve and Protect

Tennessee Longitudinal Data system (TLDS)

University of Southern California Identity and Access Management (IAM)

Data, Policy, Stakeholders, and Governance

Project Name - Project Kickoff

Information Technology Organization Overview RFP #220-05

Presentation transcript:

Identity Management at USC: Collaboration, Governance, Access Margaret Harrington Director, Organization Improvement Services Brendan Bellina Identity Services Architect and Manager of Enterprise Middleware Development

8/8/2008EDUCAUSE LIVE!2 University of Southern California Private research university, founded ,500 students (16,500 undergraduate, 17,000 graduate and professional) 3,200 full-time faculty, 8,200 staff $1.9 billion annual budget, $432 million sponsored research Two major LA campuses; six additional US locations; four international offices

8/8/2008EDUCAUSE LIVE!3 Today’s Presentation Overview of USC identity management program: evolution, scope and structure Highlight three distinctive characteristics –Broad participation and collaboration among business and technical communities –Data and policy governance as core activity –Attribute access process Future objectives

8/8/2008EDUCAUSE LIVE!4 Definition Identity and Access management (IAM) is a broad administrative function that identifies individuals in a system (in this case, USC), and controls and facilitates their access to resources within that system by associating user rights and restrictions with the established identity.

8/8/2008EDUCAUSE LIVE!5 Evolution 2001 – Eliminate/Suppress Social Security Numbers 2002 – Commit to unified identifier – USC ID number 2003 – Build data governance structure 2005 – Enable authentication and authorization 2007 – Support affiliates and visitors

8/8/2008EDUCAUSE LIVE!6 “We hold the need for Identity Management to be self-evident…” IAM at USC has been grass-roots – not driven by institutional directive Wide-spread volunteer engagement by “business” community Organization Improvement Services provides logistic support and operational leadership Information Technology Services leads technical development

8/8/2008EDUCAUSE LIVE!7 What is Data Governance? Data Governance brings together cross- functional teams to make interdependent rules or to resolve issues or to provide services to data stakeholders. These cross-functional teams - Data Stewards and/or Data Governors - generally come from the Business side of operations. They set policy that IT and Data groups will follow as they establish their architectures, implement their own best practices, and address requirements. Data Governance can be considered the overall process of making this work.

8/8/2008EDUCAUSE LIVE!8 IAM Data Governance Committees Directory Services Steering Committee – policy development committee meets every 3 weeks focuses on policy regarding data acquisition and release, integration, and communication attendees include senior management representatives from academic schools, administrative departments, major IT units, General Counsel GDS Executive Committee - management committee every other week focuses on technical and staffing issues affecting direction and prioritizations attendees include management representatives from SOR’s and GDS team Data Team - technical committee meets monthly focuses on operational issues affecting SOR’s and PR/GDS attendees include representatives from SOR’s and GDS team Working Groups

8/8/2008EDUCAUSE LIVE!9

8/8/2008EDUCAUSE LIVE!10 Data Team

8/8/2008EDUCAUSE LIVE!11 GDS Executive Committee

8/8/2008EDUCAUSE LIVE!12 Directory Services Steering Committee

8/8/2008EDUCAUSE LIVE!13 Identity Operational Data Store ???

8/8/2008EDUCAUSE LIVE!14 Person Registry Policies Data Definitions (format of dates, names, identifiers, phone numbers, etc) Data Transport policies De-duping: Handling matches, partial matches Resource requirements for Systems of Record (SOR) Data Access policies - No access except for IAM purposes by approved SOR’s

8/8/2008EDUCAUSE LIVE!15 Attribute Access Request Process Required for all data requests to GDS content Directory Steering Committee reviews all new AAR submissions Data Stewards must also approve requests Requests must be reauthorized every 2 years Changes in data requirements require submission of a new AAR

8/8/2008EDUCAUSE LIVE!16 AAR Workflow Application sponsor or manager contacts Director of Organization Improvement to request AAR meeting Director of Organization Improvement schedules meeting with: Application sponsor, ITS IdM Team Meeting produces AAR document

8/8/2008EDUCAUSE LIVE!17 AAR Workflow (cont.) AAR routed to Data Stewards and DSC for approval Approved AAR posted to GDS Wiki page ITS IdM Team works with requestor to implement request

8/8/2008EDUCAUSE LIVE!18 Typical AAR Questions What information is needed? For what purpose? For what population? For what service? Is data for confidential students or employees required? Are there user exceptions?

8/8/2008EDUCAUSE LIVE!19 Common Attributes Released A persistent identifier A name An entitlement An address

8/8/2008EDUCAUSE LIVE!20 Additional Attributes Group membership Course enrollment and/or association Affiliation Employment information (Department, Title, Work Status, etc.) Academic information (major, minor, school, level, year, etc.) Contact information (addresses, phone numbers, addresses, etc.)

8/8/2008EDUCAUSE LIVE!21 Typical DSC Policies All data must be transmitted securely Servers must be properly secured No unnecessary release of attributes No chaining of data release

8/8/2008EDUCAUSE LIVE!22 Number of AAR’s Processed by the DSC

8/8/2008EDUCAUSE LIVE!23 Departments Submitting AAR’s Information Technology Services Office of the Provost Office of the Registrar Student Affairs Cancer Center Viterbi School of Engineering Marshall School of Business USC College USCard Services Cinematic Arts School of Theatre Trojan Transportation Services Family Medicine Career and Protective Services Career Planning and Placement Center University Libraries

8/8/2008EDUCAUSE LIVE!24 Notable Successes University Portal Blackboard Online Class Roster iTunes U Confluence Wiki MovableType Blog Google Apps Student Scheduling Portal Online Schedule of Classes iVIP Guest/Affiliate System Orientation Reservations Dspace Digital Repository Online Whitepages

8/8/2008EDUCAUSE LIVE!25 Next Steps for IAM at USC Build on foundation of trust Formalize executive endorsement and institutional expectations –Participation of all systems and databases with people information (except patients and clinical trials participants) –General use of central resource for authentication, authorization and personalization

8/8/2008EDUCAUSE LIVE!26 Next Steps for IAM at USC Expand Identity Data –Enhance iVIP, add Alumni/Donor/Parent system –Add smaller SOR’s – Emeriti, USCard Establish and fund administrative home “Office of Identity Management” Establish Identity Management (Directory Services) Steering Committee as presidential committee Reduce use of data feeds Pursue external federated relationships

8/8/2008EDUCAUSE LIVE!27 Additional Resources -USC GDS website: -Additional Presentations: