Future Guest System (FGS) not FPS NOTE: the FGS does not represent a real name. I just made it up.

Slides:

Advertisements

Similar presentations

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.

Advertisements

People Database project John Byrne. Project aims Improve current Computing Service resource management processes Provide a reference 'People Database'

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

A UTOMATION OF FAIR PRICE SHOPS IN RANCHI D ISTRICT.

ECS and LDAP Karen Krivaa Product Marketing Manager.

Chapter 9: Privacy, Crime, and Security

CPR Overview 28-April Agenda Introduction Requirements Data Model Services Model Service Providers Implementation Contact Information.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco NAC Guest Server Guest Access - Simplified Tim Wellborn SE Sangeeta.

Accounting: The Universal Language of Business

Peter Deutsch Director, I&IT Systems July 12, 2005

Identity & Access Management / Oracle Unified Directory

SE571 Security in Computing

Enterprise Single Sign On Identity management for web applications.

GRID COMPUTING & GRID SCHEDULERS - Neeraj Shah. Definition A ‘Grid’ is a collection of different machines where in all of them contribute any combination.

Centralized and Client/Server Architecture and Classification of DBMS

Network Registration and User Tracking An Open Source Approach Mark Berman Ashley Frost Williams College.

Online Game JAVA for PDA WAP for Mobile Phone. Java for PDA  Hardware limit - Java API Power Memory  JDK 2M byte. Connectivity Display size.

Working with Workgroups and Domains

Lee Kinsman (soon to be) Consultant, Chamonix IT Consulting

Module 12: Designing an AD LDS Implementation. AD LDS Usage AD LDS is most commonly used as a solution to the following requirements: Providing an LDAP-based.

Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.

DBMS By Narinder Singh Computer Sc. Deptt. Topics What is DBMS What is DBMS File System Approach: its limitations File System Approach: its limitations.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

Central Person Registry ITS ITANA Architecture Review 10 November 2010.

Windows Azure Dave Glover Developer Evangelist Microsoft Australia Tel:

Philadelphia Area SharePoint User Group Building Customer/Partner Extranets Designing a Secure Extranet with Sharepoint 2007 Russ Basiura RJB Technical.

Windows Security. Security Windows 2000/XP Professional security oriented Authentication Authorization Internet Connection Firewall.

NMI-EDIT CAMP Synopsis, ISCSI Storage Solution, Linux Blade Cluster, And Current State Of NetID By Jonathan Higgins Presentation Template available from.

University of Michigan Enterprise Directory Services Appendix A Conceptual Architecture.

CHAPTER 7: PRIVACY, CRIME, AND SECURITY. Privacy in Cyberspace  Privacy: an individual’s ability to restrict or eliminate the collection, use and sale.

KUALI IDENTITY MANAGEMENT Provides services for Identity and Access Management in Kuali Integrated Reference Implementations User Interfaces An “integration.

June 10-15, 2012 Growing Community; Growing Possibilities Dedra Chamberlin, UCSF/UC Berkeley Eric Westfall, Indiana University.

UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma

Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.

Identity management, authentication and registration at the University of Helsinki Tietotekniikkaosasto Ismo Aulaskari

1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.

Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.

IP Network Clearinghouse Solutions ENUM IP-Enabling The Global Telephone Directory Frank Estes Vice President , ext 224

Identity Services Technical Briefing Tuesday, November 5, 2013 Nicholas Roy – Technical Manager 11/5/13Identity Services Technical Briefing1.

June 10-15, 2012 Growing Community; Growing Possibilities Dedra Chamberlin, UCSF/UC Berkeley Eric Westfall, Indiana University.

All Hands Meeting 2005 BIRN Portal Architecture: Security Jana Nguyen

1 Distributed Databases BUAD/American University Distributed Databases.

Single Sign-On in the Danish Educational Sector Per Thorboll Deputy director UNI-C.

Sakai Authentication and Directory Architecture for 1.0 and Beyond A response to an by Albert Wu and Thomas Bush 8/28/2004 Charles Severance.

State of e-Authentication in Higher Education August 20, 2004.

LegendCorp What is System Center Virtual Machine Manager (SCVMM)? SCVMM at a glance Features and Benefits Components / Topology /

ADVANTAGES OF DATA BASE MANAGEMENT SYSTEM. TO BE DICUSSED... Advantages of Database Management System  Controlling Data RedundancyControlling Data Redundancy.

Authentication at Penn State: The Present State of Affairs and Future Directions James A. Vuccolo, Manager, Software Technologies Group Phil Pishioneri,

February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.

Oracle HFM Implementation Boot Camp

FROM MIT KERBEROS TO MICROSOFT ACTIVE DIRECTORY The Pennsylvania State University’s move from a lower case MIT Kerberos realm to a Standard Microsoft Active.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No B2ACCESS LSDMA.

The Pennsylvania State University © 2007 Web-Based Access Control for ITS Web Services, Present and Future Jeffrey C. D’Angelo, Programmer/Analyst, Enabling.

Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.

Virtual Directory Services and Directory Synchronization May 13 th, 2008 Bill Claycomb Computer Systems Analyst Infrastructure Computing Systems Department.

PASS What is it and why should you care?. What is it? Part of the Infrastructure 3 main components to middleware Authentication Directory - Authorization.

New Developments in Central Directory Service and Account Provisioning Dan Menicucci Enterprise Architect - University of Pittsburgh.

Shibboleth Integration Fairfield University

New features and customization options

SaaS Application Deep Dive

Definition, DIS/Advantages & Services

TYPES OF SERVER. TYPES OF SERVER What is a server.

Active Directory Stored collection of information about objects

Cal Poly Pomona Identity Management

December 2007 Dave Anderson IT Services

Morgan County Schools And Extreme Networks

ACTIVE DIRECTORY An Overview.. By Karan Oberoi.

Computer Basics Picture Review.

Presentation transcript:

Future Guest System (FGS) not FPS NOTE: the FGS does not represent a real name. I just made it up.

What is FPS? An authentication system that allows users outside of Penn State to access Web-based applications inside of Penn State. – Currently FPS has 1.6+ million identities. – Features include: Web-based account management system ( Developer APIs.

Today’s Architecture CACTUS FPS Kerberos Access Kerberos Access LDAP Access LDAP Access Kerberos FPS Kerberos FPS LDAP FPS LDAP FPS

FPS Benefits Mitigates risk in that FPS users cannot use wireless and computer labs. Provides an identity instantly as opposed to the standard University process which can take up to 1-3 days.

FPS Problems Data Collection Matching Migration Disjoint Name Space

THE FUTURE

The Future Penn State is currently developing a new Central Person Registry (CPR) that will consolidate identity information that is currently stored in separate non-integrated sources throughout the University.

CPR Architecture Systems of Record Registration Authorities Database Web Services Service Providers Data Views Central Person Registry Systems of Record Registration Authorities Service Provisioners Data Views Database Web Services

Future Architecture CPR FPS Kerberos Access Kerberos Access LDAP Access LDAP Access Kerberos Guest Kerberos Guest LDAP FPS LDAP FPS

Benefits New system still mitigates risk as users cannot get on wireless or use lab machines. Matching is improved because it is done in the CPR as opposed to FPS, CIDR and CACTUS. A uniform name space will exist, the CPR will be responsible for provisioning identities, not the individual systems.

Benefits Migration will be a thing of the past. The user will always have the same identity.