Managing Information UT November 13-14, 2008 Campus Identity and Access Management Services.

Slides:



Advertisements
Similar presentations
Implementing Federated Identity Management across a Multi-campus Statewide System: The Texas Experience William A. Weems Assistant Vice President Academic.
Advertisements

Managing User, Computer and Group Accounts
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
MyProxy: A Multi-Purpose Grid Authentication Service
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
1 Collaborators at the Gates of Troy: Extending eServices at USC.
1 Extending Authenticated Online Services with "Friend Accounts" at Washington State University Brian Foley Technology Architect/Application Developer.
Web Applications: Get a Grip on Privacy Michael Corn CAMP 2008.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Grid Security. Typical Grid Scenario Users Resources.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
UPortal.Cornell Using uPortal to integrate disparate campus systems Jon Atherton, Cornell Information Technologies
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Chapter 5: Configuring Users and Groups. Types of User Accounts Administrator –Unrestricted access to performing administrative tasks –Use sparingly Standard.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Peter Deutsch Director, I&IT Systems July 12, 2005
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Enterprise Portal Authentication: who are you? Authorization: what are you permitted to do? Personalization: the web pages you see are dynamically created.
Planning the Implementation of Campus Community. Rules for Campus Community  Keep an open mind  Understand other’s processes  Realize the impact on.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.
CAMP Integration Reflect & Join A Case Study The University of Texas Health Science Center at Houston William A. Weems Assistant Vice President Academic.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Working with Workgroups and Domains
Identity and Access Management (IAM) What’s in it for Me? NC State University - Computer Security Day October 26, 2009 Mark Scheible Manager, Identity.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.
Feide is a identity management system on a national level for the educational sector in Norway. Federated Electronic Identity for Norwegian Education Tromsø,
The UF Directory Project Project Leader: Warren Curry, Information Systems Project Project Web Site:
Quarterly Customer Meeting Active Directory Federation Services (ADFS) April 2015.
ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012.
1 Simon: What, How and Why Jon Finke Communication and Middleware Technology.
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.
Identity Management Practical Issues Associated with Sharing Federated Services UT System Identity Management Federation William A. Weems The University.
U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.
GatorLink Password Management Policy March 31, 2004.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma
Stanford Authorization Existing mainframe based authority –homegrown, in operation since the 80’s –primarily for financial and personnel authority for.
Enabling Collaborations via a Transformative Virtual Organization Platform Dr. Gordon K. Springer University of Missouri-Columbia CS Department Seminar.
Module 11: Securing a Microsoft ASP.NET Web Application.
Identity Management Practical Issues Associated with Sharing Federated Services William A. Weems The University of Texas Health Science Center at Houston.
Security, Accounting, and Assurance Mahdi N. Bojnordi 2004
Implementing a Role Management System Mair é ad Martin Carrie Regenstein Internet2 Fall Meeting September 20, 2005.
University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.
Some thoughts on Authentication in general….and Shibboleth in particular James Mouw Asst. Director for Technical and Electronic Services The University.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Portal Services & Credentials at UT Austin CAMP Identity and Access Management Integration Workshop June 27, 2005.
Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.
SEC835 Identity and Access Management Overview. Tasks of IAM Specify the rules of electronic identity Maintain identity Validate identity Define access.
U.S. Department of Agriculture eGovernment Program eAuthentication Initiative eAuthentication Solution Screens Review Meeting October 7, 2003.
University of Southern California Identity and Access Management (IAM)
Identity and Access Management
Identity Management (IdM)
Current Campus Issues – From My Horizon
University of Southern California Identity and Access Management (IAM)
Identity Management at the University of Florida
Technical Issues with Establishing Levels of Assurance
Presentation transcript:

Managing Information UT November 13-14, 2008 Campus Identity and Access Management Services

Managing Information UT Objectives Learn how the university assigns and manages electronic identities Learn how this information is used for authentication and authorization

Managing Information UT IAM Overview Terms & Concepts IAM Goals & Principles IAM Services Overview Identity Management Directory Services Authentication Services Authorization Services

Managing Information UT IAM Terms Set of attributes and credentials associated with an entity Identity Stores, organizes, and provides information about identities to consuming systems Directory Services Verifying the identity of a user (most commonly with a username and password) and providing assurances of their identity to a service. Authentication Verifying whether an identity is permitted to take an action Authorization

Managing Information UT Attributes & Credentials Attributes Identity and affiliation characteristics of an entity which are of interest to the university Credentials Used to establish a person’s identity and help the university maintain a high degree of confidence in it Helps to define the levels of service, access, or privileges available to a particular identity Physical Credentials – UT ID Cards Electronic Credentials - UT EIDs

Managing Information UT IAM Goals & Principles Entities have a single identity Identity is a ubiquitous public user name Identities have lifelong community membership Consistent sign-on (authentication) Self-service Distributed management

Managing Information UT Identity Management Services Enterprise Directory Identity Management System Other Directory Services Authentication Services Authorization Services Source Systems

Managing Information UT UT EID An electronic identifier that contains two key attributes – UT EID and UIN Several EID types: Person, Business, Department, Service, Group, Resource, ID-Only Person UT EID is an individual’s public username and their electronic credential that allows them to use online secure services

Managing Information UT Person EID Affiliations & Classes Guest Class EID w/out Affiliation Prospective Student Prospective Faculty Job Applicant Affiliate Class Library Patron Donor/Friend of the University/VIP University Extension Participant Retiree Graduate Future Student Future Staff Former Staff Future Faculty Former Faculty Future Employee Former Employee Member Class Current Student Current Faculty Current Staff Official Visitor Current Employee

Managing Information UT Additional Person EID Concepts Specific endorsements, credentials, or permissions E.g. IDP, SIG, LLV, DPU, etc. Entitlements IDP – UT has seen photo ID SIG – Use your EID as legal signature EID Upgrade Limits who may view information (FERPA) Attributes or entire identity may be restricted Restrictions

Managing Information UT Did You Know? Approximately how many EIDs have been issued by UT Austin? 4.5 Million EIDs (3.8M Person) On an average day during the regular semester how many EID logons occur? ~130,000 EID logons

Managing Information UT Enterprise Directory Services Enterprise Directory Identity Management System Other Directory Services Authentication Services Authorization Services Source Systems

Managing Information UT Enterprise Directories uTexas Enterprise Directory (TED) TED on the Mainframe (TOM) White Pages Directory Austin Active Directory Attribute Name ContentsMulti- or Single- Valued/ Required Indicator May Be Populated For Access Group Permitted Searches Source & Format Identifiers, utexasEdu PersonEid Current UT EID (uid is the naming attribute for people) Single Required All peopleBasic, AffOnly (see notes)see notes equalitySource: EID System Format: Max 8 characters utexasEdu PersonPri orEid Prior UT EIDs MultiAll peopleBasicequalitySource: EID System Format: Max 15 characters utexasEdu PersonUin Current UIN Single Required All peopleBasic, AffOnly equalitySource: EID System Format: 16-digit hex Sample Person Attributes in TED

Managing Information UT Authentication Services Enterprise Directory Identity Management System Other Directory Services Authentication Services Authorization Services Source Systems

Managing Information UT Web Authentication Data Store Authentication Service Web Server Web Browser AuthN. Agent

Managing Information UT Authentication Methods Web Authentication UT Direct/Fat Cookie Shibboleth TAM (next generation) Mainframe Authentication RACF EID

Managing Information UT Authorization Services Enterprise Directory Identity Management System Other Directory Services Authentication Services Authorization Services Source Systems

Managing Information UT Authorizations BACS NRRECS Task Manager BACS Group – App-empl. Apollo Group - EID Stewards System Internal - Group Group Mediated System Internal - Individual Auth: View unrestricted student records Auth: Access Main 25 th Floor Auth: Update DP Auth: Submit DP

Managing Information UT Authorization Products Apollo a mainframe authorization repository with customizable application profiles and group management functionality *DPUSER authorization system for mainframe services including the management of Natural and Adabas resources

Managing Information UT In Closing An entity has only one identity and this is represented by the UT EID UT EID is the ubiquitous public user name Identities have lifelong membership in our community Identity & Access Management services include: Identity Management, Directory Services, Authentication Services, & Authorization Services

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.