Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Slides:



Advertisements
Similar presentations
Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
Advertisements

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.
Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.
1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Peter Deutsch Director, I&IT Systems July 12, 2005
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
SWITCHaai Team Federated Identity Management.
Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.
Sierra Systems itSMF Development Days Presentation March 4 th, 2014 Colin James Assyst Implementation Specialist.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
The InCommon Federation The U.S. Access and Identity Management Federation
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
Single Sign-On Offerings Dustin MacIver EBSCO Publishing 6/4/2011.
Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.
Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.
Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.
Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.
Policy and Technology in Enterprise Directory and Authentication Services No Room to Swing a Cat Michael Gettes, MACE, Duke University Keith Hazelton,
Identity Assurance: When it Matters David L. Wasley Internet2 / InCommon.
Shibboleth at Columbia Update David Millman R&D July ’05
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
State of e-Authentication in Higher Education August 20, 2004.
Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
E-Authentication & Authorization Presentation to the EA2 Task Force March 6, 2007.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Project Presentation to: The Electronic Access Partnership July 13, 2006 Presented by: Tim Cameron, Meteor Project Manager The.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Identity Federations: Here and Now David L. Wasley Thomas Lenggenhager Peter Alterman John Krienke.
Portal Services & Credentials at UT Austin CAMP Identity and Access Management Integration Workshop June 27, 2005.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
E-Authentication October Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.
Origins: The Requirements of Participating in Federations CAMP Shibboleth June 29, 2004 Barry Ribbeck & David Wasley.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
The Policy Side of Federations Kenneth J. Klingenstein and David L. Wasley Tuesday, June 29, CAMP Shibboleth Implementation Workshop.
Designing Identity Federation Policy, the right way Marina Vermezović, Academic Network of Serbia TNC2013 conference 4 May 2013.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Deployment Planning Services
Federated Identity Management at Virginia Tech
Deployment Planning Services
Your Key to Privacy, Security, and Access to Services
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
A Business Case for Identity Management in Higher Education
PASSHE InCommon & Federated Identity Workshop
Appropriate Access InCommon Identity Assurance Profiles
Presentation transcript:

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley

“Identity Management System”  Suite of campus-wide security, access, and information services Integrates data sources and manages information about people and their contact locations Establishes electronic identity of users Issues electronic identity credentials Uses administrative data and management tools to assign affiliation and other authoritative attributes – these may imply eligibility to use certain resources …and (eventually) may define explicit permissions to use services and/or applications

Know your environment: Guiding Questions  Is campus governance centralized or distributed?  How has central administration demonstrated commitment to policy leadership?  What partnerships are in place to support policy development among, e.g., IT, Legal, internal audit, police, Student Affairs?  Are there best practices already defined for your campus? Processes to create best practices?  Are there existing policies that just need to be interpreted to cover the e-World?  What resources are available to support policy development and implementation?  Who needs to talk with whom?

Participant Operational Practices  A goal of the InCommon Federation is to develop, over time, community standards for cooperating organizations to ensure that shared identity assertions are sufficiently robust to manage access to important protected resources.  In furtherance of this goal, InCommon requires that each participant make available to other participants certain basic information about their identity management system.

1.Participant Information Contact person - office or person who can answer questions URL(s) leading to ID management and/or privacy policies

Participant’s Community  Who might qualify for an identity in your system?  What subset of the above would you assert are eduPersonAffiliation “Member of Community”?

Authentication Policies & Practices  Process of creating an electronic identity  Types of electronic credentials issued  Are clear text passwords used?  Is a Single Sign-On system used?  Uniqueness or persistence of “netID”s Note: new eduPersonTargetedID are defined as persistent over time

Electronic Identity Database  How is the ID database (directory) managed? Initial creation and population of records Changes or updates  What information is considered “public”? Would be given to “default” targets

Your Uses of Your ID Credentials  For what classes of applications are your ID credentials used within your organization?

Attribute Assertions  Would you consider your identity assertions to be reliable enough for Control of access to on-line licensed information? Purchase of goods and services for your organization? Management of access to personal information such as student loan status?

Privacy & Use of Information Participants must respect any legal and other constraints that may apply and use information only for its intended purpose  What restrictions do you place on use of information you provide?  What policies or legal constraints apply?  What use do you make of information you receive

Technical Standards Identify the version of Internet2 Shibboleth code release that you are using or, if not using the standard Shibboleth code, what version(s) of the SAML and SOAP and any other relevant standards you have implemented for this purpose.

Other Considerations Are there any other considerations or information that you wish to make known to other InCommon Federation participants with whom you might interoperate, e.g., concern about the use of clear text passwords or responsibilities in case of a security breach involving identity information you may have provided?

Authenticate locally, Act federally  For general information  For participation information

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.