University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington 16-17 October 2007.

Slides:



Advertisements
Similar presentations
UTILIZING WITH ITA. offers an entire suite of benefits for you and your students. You can also set up s for the purpose.
Advertisements

How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.
1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager,
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Starting Your Roadmap: Concepts and Terms Paul Caskey, The University of Texas System Copyright Paul Caskey This work is the intellectual property.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.
Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Peter Deutsch Director, I&IT Systems July 12, 2005
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Identity and Access Management
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
Microsoft Identity and Access Solutions Market Trends and Futures
Oracle Confidential – Internal/Restricted/Highly RestrictedCopyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Identity Management.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Identity and Access Management Dustin Puryear Sr. Consultant, Puryear IT, LLC
Identity and Access Management (IAM) What’s in it for Me? NC State University - Computer Security Day October 26, 2009 Mark Scheible Manager, Identity.
SWITCHaai Team Federated Identity Management.
IDENTITY MANAGEMENT: PROTECTING FROM THE INSIDE OUT MICHAEL FORNAL, SECURITY ANALYST PROVIDENCE HEALTH & SERVICES SOURCE SEATTLE CONFERENCE
Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Identity and Access Management PM COP Forum May 20, 2014Tuesday10100 AMLamont Library.
Unify and Simplify: Security Management
A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s.
Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.
Cloud Use Cases, Required Standards, and Roadmaps Excerpts From Cloud Computing Use Cases White Paper
UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma
Capture the Movement: Banner 7.0 and Beyond Susan LaCour, Senior Vice President, Solutions Development California Community Colleges Banner Group.
Internet2 Middleware Initiative. Discussion Outline  What is Middleware why is it important why is it hard  What are the major components of middleware.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Integrated Institutional Identity Infrastructure: Implications and Impacts RL “Bob” Morgan University of Washington Internet2 Member Meeting, May 2005.
Outsourcing Student at USC Institute for Computer Policy and Law Cornell University, August 2008 Asbed Bedrossian Director of Enterprise Applications.
Information Technology Current Work in System Architecture January 2004 Tom Board Director, NUIT Information Systems Architecture.
Middleware CAMP Day 2. Current Research Research that develops th e…
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Implementing a Role Management System Mair é ad Martin Carrie Regenstein Internet2 Fall Meeting September 20, 2005.
University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.
Towards a Unified Authentication, Authorisation and Accounting Infrastructure Patrick Kirk Chief Technical Officer (YHGfL) Lifelong Learning Infrastructure.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
19 October 2004Enterprise Architecture in WSRP Portal 1 Foreword: Building Enterprise Architecture Through WSRP in Sample EPA Regional Portal FEA Goals:
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Origins: The Requirements of Participating in Federations CAMP Shibboleth June 29, 2004 Barry Ribbeck & David Wasley.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Illinois Health Network The 14th Global Grid Forum Chicago, Illinois June 27, 2005.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
NSF Middleware Initiative and Enterprise Middleware: What Can It Do for My Campus? Mark Luker, EDUCAUSE Copyright Mark Luker, This work is the intellectual.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Identity and Access Management
University of Texas System
Current Campus Issues – From My Horizon
Identity and Access Management
ESA Single Sign On (SSO) and Federated Identity Management
Strategic uses of Web Content Management Systems
PASSHE InCommon & Federated Identity Workshop
Technical Issues with Establishing Levels of Assurance
Presentation transcript:

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007

University of Washington

What is IAM? Critical IT infrastructure Intersection of what NW engineers don’t want to do *with* what app developers don’t want to do Combines technologies, business processes, governance, and policies to: –Manage digital identities –Specify how ids access resources

University of Washington Terminology Authentication: says who you are Authorization: says what you can do Credentials: what you provide as ID Federation: collection of orgs that agree to operate under a certain rule-set

University of Washington Terminology Identification: Process by which info about a person is used to provide some LOA Level of Assurance (LOA)- Degree of certainty that someone is who they say they are –Low is OK for some things –For patient information (PHI), need high

University of Washington What drives the need? Collaboration Research and education, governments, global health, … Administrative applications Growing complexity and the need to simplify Risk mitigation

University of Washington IAM-supported Collaboration Wiki, blog, , calendar, IM Document sharing/editing Phone/videoconference Data sharing More about outreach, ease of access, enablement

University of Washington Why is IAM necessary? To ensure the intended people access intended services Organizations have to manage users/ids efficiently and accurately –While enabling them to get their work done Digital IDs are taking on an increasingly important role for how we collaborate and share networked resources

University of Washington Identity Management Trends Pervasive in business processes Inserting NetIDs as early as possible –e.g. NetIDs for student applicants, contractors, etc. –Identities/NetIDs useful for life, e.g. alumni, retirees

University of Washington Sources of Information Human Resource db Research/grants db Student db Other dbs provide info about affiliations

University of Washington Person Registry Is knowing someone is a student enough? Is this person an employee and a student? Is this person affiliated with the institution?

University of Washington Federated Authentication Scholarship is global Less allegiance to institution, more to research Worldwide peers, now the norm Access to partners is now: –Simple and more flexible –More secure

University of Washington What is Shibboleth? Standards-based (SAML) Web SSO pkg Open Source Uses local IdM system to get to campus and other institution’s apps Protects user’s privacy and inst’s data Plays well with others, helps svc partners

University of Washington Federations Usually HE but doesn’t need to be limited Mostly Shib-based, not all though Use cases: –content access –collaboration support – wireless roaming

University of Washington

Identity Lifecycle Management Managing users One NetID per person Credentials Provisioning Enabling self-service

University of Washington Managing Identity Provision accounts Associate accounts with identities/people Groups are created and managed Accounts are given privileges Credentials are issued Authn, Authz, and Federation happen

University of Washington Group and Access Management Several sources determine where a person fits A person belongs to several groups One person often has several affiliations Access can be based on: –Affiliation –Group membership –Roles –Privileges

University of Washington Access Management Authentication: –Single sign-on, fewer sign-ons –LOA, # of credentials Federation and trust Authorization: –access control, role-based, federation Security auditing

University of Washington Enterprise IAM Infrastructure Enterprise user database –Person registry, directory driven from large business sources, e.g. staff, student, affiliates Enterprise group management –Driven from business sources, e.g. courses, departments, ad-hoc Enterprise privilege management –Delegated, role/function/affiliation-based

University of Washington Consolidation supports Collaboration Provides a centrally-coordinated service –Allows for distributed management of content –No need to manage multiple instances –Single place for auditing and reporting –Eases mgmt of security issues for apps –One set of tools and data for apps The stuff of academic life and often inter- institutional

University of Washington Challenges with Centralizing Governance, mgmt of data Defining rules, delegation Compliance and regulations Consensus and support for central svcs Responsibility and accountability

University of Washington Policy and Governance Questions Who is responsible for IDM? What collaboration scenarios are important to Research and Education? Who will approve policies? Who is part of the federation? Who decides and develops policies? Who owns the source data?

University of Washington Technical Challenges Delivering information to apps Mobility, portability –anywhere, anyhow, anytime computing Interface consistency cross-location Diversity of apps and platforms Advanced app requirements Interoperability

University of Washington IAM Benefits Supports collaboration Enables global federated authentication Simplifies and secures Reduces help desk load Enables –Shared management –Operating efficiencies

University of Washington Advancing IAM Efforts Fostering technical standards Aggregating and disseminating technical design and implementation strategies Fostering opportunities for others to deploy products Integrating efforts with specific scientific and research communities

University of Washington Resources middleware.internet2.org roadmap-03/

University of Washington Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com Inc. All rights reserved.