Integrated Institutional Identity Infrastructure: Implications and Impacts RL “Bob” Morgan University of Washington Internet2 Member Meeting, May 2005.

Slides:

Advertisements

Similar presentations

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

Advertisements

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Multi-Organizational Authorization Services RL “Bob” Morgan, University of Washington Internet2/Educause Advanced CAMP Boulder, Colorado July 2003.

Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

US E-authentication and the Culture of Compliance RL “Bob” Morgan University of Washington CAMP, June 2005.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.

Copyright Copyright Ian Taylor This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Joining the Federal Federation: a Campus Perspective Institute for Computer Policy and Law June 29, 2005 Andrea Beesing IT Security Office.

1 EDUCAUSE Midwest Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit Mark.

Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.

To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.

GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005 Von Welch

A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s.

The InCommon Federation The U.S. Access and Identity Management Federation

Interfederation RL “Bob” Morgan University of Washington and Internet2 Digital ID World 2005 San Francisco.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

Virtual Organizations, Real Support RL “Bob” Morgan University of Washington Advance CAMP, June 2005.

U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.

(Inter)Federation as Identity Management Policy Driver? RL "Bob" Morgan University of Washington.

Federations 101: The U.T. System Identity Management Federation Internet2 Member Meeting Fall 2006 Paul Caskey.

1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

ITU-T X.1254 | ISO/IEC An Overview of the Entity Authentication Assurance Framework.

What is Cyberinfrastructure? Russ Hobby, Internet2 Clemson University CI Days 20 May 2008.

U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.

Integrating Federated Identity and Web services in the RHIO Environment John Richardson Vice-Chair, Liberty Alliance eHealth SIG Intel Corporation Digital.

FEDERATIONS Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO September 27,

1 The World Bank Internet Services Program Rajan Bhardvaj

COmanage and InCommon: Present and Future Activities and Interactions Heather Flanagan, COmanage Project Coordinator, Internet2.

Credentialing in Higher Education Michael R Gettes Duke University CAMP, June 2005, Denver Michael R Gettes Duke University

Scared Straight… if you want to go outside… Authenticate Locally, Act Globally.

State of e-Authentication in Higher Education August 20, 2004.

E-Authentication in Higher Education April 23, 2007.

Cyberinfrastructure What is it? Russ Hobby Internet2 Joint Techs, 18 July 2007.

Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.

Middleware Futures Internet2 Member Meeting Arlington VA, April 2006 RL “Bob” Morgan, University of Washington and Internet2.

1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.

University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.

Projecting Infrastructure to the CLOUD CSG discussion Fall Princeton University.

The UK Access Management Federation John Chapman Project Adviser – Becta.

Federated Identity in Texas Paul Caskey The University of Texas System HEAnet National Conference Kilkenny, Ireland 13 November 2008.

E-Authentication & Authorization Presentation to the EA2 Task Force March 6, 2007.

Cyberinfrastructure Overview Russ Hobby, Internet2 ECSU CI Days 4 January 2008.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Interfederation RL “Bob” Morgan University of Washington and Internet2 Internet2 Member Meeting Chicago, Illinois December 2006.

Attribute Delivery - Level of Assurance Jack Suess, VP of IT

© Copyright AARNet Pty Ltd PRAGMA Update & some personal observations James Sankar Network Engineer - Middleware.

October 2, 2001 Middleware: Pieces and Processes RL "Bob" Morgan, University of Washington.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.

Swiss TPH Education & Training

University of Texas System

Power BI Security Best Practices

Copyright Copyright Ian Taylor This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

HIMSS National Conference New Orleans Convention Center

Guests and Collaborators

Technical Issues with Establishing Levels of Assurance

Presentation transcript:

Integrated Institutional Identity Infrastructure: Implications and Impacts RL “Bob” Morgan University of Washington Internet2 Member Meeting, May 2005

3 IAM Drivers Compliance Collaboration Outreach Network security Gorilla applications Your driver here...

4Compliance External regulations FERPA, HIPAA Funding agency reqs: DoE, DoD, etc State-agency regulations Federal e-authentication contractual Internal policies Privacy Financial controls

5 Privacy compliance support HIPAA, FERPA, local privacy regs, etc It's simple: control who can see what Process: classify data (eg protected health info) identify business processes, “need to know” control access methods and data locations identify and authenticate users log and audit access (as needed) manage policy expression, evolution

6 Infra Requirements Identity management anti-sharing controls, support process/system/service identities Authorization management translate need-to-know, data classes into containers, ACLs, roles integrate with biz processes (medical, teaching,...) Log/audit/reporting support Privacy implementation guidance

7 US E-Authentication program Broad initiative supporting e-government both citizen-facing and internal based on NIST technical authentication guidelines, including 4 “levels of assurance” using SAML protocol base (Shibboleth compatible) most agencies must run compliant app in 2005 operating “Federal federation” of participating applications and credential providers standards, practices will be widely used outside of government as well

8 E-Authentication and us Universities and CAF compliance indicate “institutional authority” LoA requirements for: identity proofing, activation, revocation, password strength, good user practice facility control, config/software management helpdesk, password reset practice record-keeping, audit, etc initial assessments done by GSA future compliance via inter-federation peering will support peering to other areas (eg financial)

9 Inter-institutional Collaboration Much large-scale funded research is inter- institutional funding vehicles are multi-institution projects, aka virtual organizations (VOs) institutional VO support is key to being in the game not just facilities and networking any more often international in scope many other collaborations at all scales licensed content via consortia institutes, centers, special programs, and our own departments and colleges

10 Collaboration requirements Tools mailing list, storage, web pub, calendar,... identity mgt, roles, groups, authz mgt, privacy and all must work inter-institutionally network access federated identity, or many sponsored accts policy flexibility e.g., “must be employee” support VO policies, IAM technologies

11 Institutional Outreach New initiatives lead to new populations alumni, retirees applicants, prospects K-12 regional medicine, patients distance learning, int'l campuses regional colleges

12 Supporting Outreach Identity management low-cost or no-cost identity proofing new lows in level of assurance, eg passwords new process state changes, eg applicant->student, employee->retiree patient process is likely high LoA Authorization campus netid does not mean “campus user” users not entitled to “regular service bundle”

13 Network access security High security, high access keep viruses, worms, sniffers, spammers out accomodate visitors, conferences with wireless Support identity management for machines network-layer authentication device support, constrained net environment easy access to (shared?) ids or registration new policy considerations

14 Big application integration ERP, Portal, LMS, Grid you're not just buying an app, you're buying infrastructure and your deployers may treat them as infrastructure, ie creating their own processes for IAM etc may be OK, but not likely to be general-purpose open-source packages are new opportunities uPortal, Sakai, Kuali, Globus many challenges same as with vendor packages good integration examples can be infectious

15Conclusion the perils of success apps and orgs now come to infra providers seeking support, expecting advanced services we still have to evangelize budgets not going up exponentially... architecture and integration know what the pieces do and don't do justify up-front costs, but focus on design wins