CIT’s Web Single Sign-on Service SRM Report CUWebAuth Investigation Identity Management Team OIT/CIT Security April 16, 2007.

Slides:



Advertisements
Similar presentations
THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.
Advertisements

Oracle IDM at First National Bank
Software Engineering CSE470: Process 15 Software Engineering Phases Definition: What? Development: How? Maintenance: Managing change Umbrella Activities:
SINGLE SIGN-ON. Definition - SSO Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order.
Risks  All projects have some degree of risk  Risks are issues that can cause problems  Delay in schedule  Increased project costs  Technical risk.
Emory University Case Study I2 Day Camp November 5, 2010 John Ellis & Elliot Kendall.
Optimizing the User Experience Throughout the Infrastructure Consolidation Process Dan Smith, Enterprise Solutions Manager, GTSI Chris Theon, Practice.
UT System ERP Planning Project Financial Area Representatives April 22, 2009.
UPortal.Cornell Using uPortal to integrate disparate campus systems Jon Atherton, Cornell Information Technologies
SYSchange for z/OS By Pristine Software April 2009 Thomas Phillips April 2009 SYSchange Pristine Software.
1 IS371 WEEK 8 Last and Final Assignment Application Development Alternatives to Application Development Instructor Online Evaluations.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
CUWebAuth Technical Presentation Pete Bosanko Identity Management Team.
Chapter Thirteen Maintaining and Upgrading a Network.
Design, Implementation and Maintenance
Greg Pierce| Concerto Cloud Services Which Cloud is Right for Microsoft CRM?
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
SOA – Development Organization Yogish Pai. 2 IT organization are structured to meet the business needs LOB-IT Aligned to a particular business unit for.
Accelerating Product and Service Innovation © 2013 IBM Corporation IBM Integrated Solution for System z Development (ISDz) Henk van der Wijk 23 Januari.
VAP What is a Virtual Application ? A virtual application is an application that has been optimized to run on virtual infrastructure. The application software.
Page  1 SaaS – BUSINESS MODEL Debmalya Khan DEBMALYA KHAN.
Oracle Application Server 10g (9.0.4) Recommended Topologies Pavana Jain.
Object-Oriented Analysis and Design Iterative Development and the Unified Process.
Exchange 2000 on Windows 2000 Data Center The Opportunity for Server Consolidation.
1DMG Confidential. Problem #1  Development and maintenance Huge demand for DMG services plus focus on short-term benefits led to shortcuts in code development.
Technology from Microsoft David Overton Head of Technology for Small Business
Futurestate IT Confidential APPLICATION COMPATIBILITY AND CURRENCY MANAGEMENT™ John Doe Partner Company.
ODRC Mainframe Systems Migration Project
Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.
M IGRATING O RACLE F ORMS TO THE W EB - M AKING THE B USINESS C ASE.
Administrative Technology Services: Enterprise Applications
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
Uniting Cultures, Technology & Applications A Case Study University of New Hampshire.
Outsourcing Software Development While Maintaining Core Competencies Jeff Moskow, President Ready-to-Run Software, Inc. The Industry's Leading Provider.
1DMG Confidential. Background: Key Problem Areas  Scalability Ingest and export processes not able to handle burst traffic loads Exponential growth in.
Web Services Igor Wasinski Olumide Asojo Scott Hannan.
Chapter 12: Systems Investigation and Analysis. Agenda  How to Develop a CBIS?  Systems Development Life Cycle (SDLC)  Prototyping  Join Application.
Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003 Relatore: MCSE - MCT.
DEV234 Project Management For.NET Developers Marc Gusmano Director of Emerging Technologies The Information Management Group.
A Closer Look at CAS SRM Update Identity Management Team OIT/CIT Security May 14, 2007.
CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.
Assessment of Portal Options Presented to: Technology Committee UMS Board of Trustees May 18, 2010.
Continuous Integration and Code Review: how IT can help Alex Lossent – IT/PES – Version Control Systems 29-Sep st Forum1.
Clinical Application. The Problem Clinical Systems are extremely complex IT configures and deploys best practices (best guesses) about what users want.
Shibboleth: An Introduction
Cloud Computing Project By:Jessica, Fadiah, and Bill.
Information Technology Current Work in System Architecture January 2004 Tom Board Director, NUIT Information Systems Architecture.
1DMG Confidential. Problem #1  Scalability Ingest and export processes not able to handle burst traffic loads Exponential growth in storage usage and.
CASE (Computer-Aided Software Engineering) Tools Software that is used to support software process activities. Provides software process support by:- –
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Financial Summary For WebLogic Migration Greenlight (Group 2 Apps) Apr 13, 2012.
2015 NetSymm Overview NETSYMM OVERVIEW December
RUNNER April 29, Executive Summary Business Problem: – cineSHARE, ACORN and EAGL are critical components of major digital media workflows supporting.
CERN - IT Department CH-1211 Genève 23 Switzerland t Operating systems and Information Services OIS Proposed Drupal Service Definition IT-OIS.
Shibboleth Identity Provider Version 3 Scott Cantor The Ohio State University Marvin Addison Virginia Tech.
David Saslav Principal Product Manager Database and Application Server Technologies Oracle Corporation.
Cisco Consulting Services for Application-Centric Cloud Your Company Needs Fast IT Cisco Application-Centric Cloud Can Help.
Cornell Information Technologies Information Systems/Data Delivery ACTUATE RETIREMENT PROJECT ASPC UPDATE 12/7/06 Objectives Primary - Retire Actuate Reduce.
Quarterly Customer Meeting Office 365 License Activation and Office 365 Cloud Services Assessment Status April 2014.
Organizing and leading the IT function Two set of tensions guide policies for developing, deploying and managing IT systems. 1.Innovation and control a.How.
LECTURE 5 Nangwonvuma M/ Byansi D. Components, interfaces and integration Infrastructure, Middleware and Platforms Techniques – Data warehouses, extending.
© 2016 IBM Corporation Virtual Appliance migration self-assessment May 2016 IBM Security Identity Manager.
Office of Information Technology GT Identity and Access Management JA-SIG CAS project (introducing login.gatech.edu) April 29th,
RSA Professional Services RSA SecurID Solution Design and Implementation (D&I) Services.
Digital Campus: Foundation Projects
Simplified Development Toolkit
Mid-size organizations cannot be under the impression they will not benefit from a cloud ERP solution. ERP solutions in the cloud make it possible for.
CUWebAuth and CUWebLogin 2.0
HCL Application Modernization Services
Presentation transcript:

CIT’s Web Single Sign-on Service SRM Report CUWebAuth Investigation Identity Management Team OIT/CIT Security April 16, 2007

Topics Products in question Review how we arrived at this juncture Present results of our research in terms of service goals Make recommendation Obtain your support

Components: Web Single Sign-on CUWebAuth Software installed on individual web servers Enables the application’s use of CIT’s authentication service via SideCar OR CUWebLogin CUWebLogin Infrastructure component (two servers) Handles authentication on behalf of the web-based service

FebMarAprMayJun Kerberos 5 Upgrade: Where Are We Now? DecJanFebMarAprMayJunJulAugSepOctNovDecJan Campus Rollout Complete K4 Shutdown PS Student Launch You Are Here Discretionary migration window 6/14 Identity Management Rollout

FebMarAprMayJun Where Are We Now? DecJanFebMarAprMayJunJulAugSepOctNovDecJan Campus Rollout Complete K4 Shutdown PS Student Launch You Are Here Code review (4 code bases) Discretionary migration window 6/14 Identity Management Rollout

FebMarAprMayJun Where Are We Now? DecJanFebMarAprMayJunJulAugSepOctNovDecJan 6/14 Identity Management Rollout Campus Rollout Complete K4 Shutdown PS Student Launch You Are Here Code review (4 code bases) Security audit (new vulnerabilities) Discretionary migration window

FebMarAprMayJun Where Are We Now? DecJanFebMarAprMayJunJulAugSepOctNovDecJan 6/14 Identity Management Rollout Campus Rollout Complete K4 Shutdown PS Student Launch You Are Here Code review (4 code bases) Security audit (new vulnerabilities) Rollout requirements (PS launch) Discretionary migration window

FebMarAprMayJun Where Are We Now? DecJanFebMarAprMayJunJulAugSepOctNovDecJan PS Student Launch Campus Rollout Complete You Are Here K4 Shutdown Discretionary migration window 6/14 Identity Management Rollout Code review (4 code bases) Security audit (new vulnerabilities) Rollout requirements (PS launch)

FebMarAprMayJun Where Are We Now? DecJanFebMarAprMayJunJulAugSepOctNovDecJan PS Student Launch K4 Shutdown You Are Here Discretionary migration window 6/14 Identity Management Rollout Code review (4 code bases) Security audit (new vulnerabilities) Rollout requirements (PS launch) Campus Rollout Complete

FebMarAprMayJun Where Are We Now? DecJanFebMarAprMayJunJulAugSepOctNovDecJan PS Student Launch K4 Shutdown You Are Here Discretionary migration window 6/14 Identity Management Rollout Code review (4 code bases) Security audit (new vulnerabilities) Rollout requirements (PS launch) Campus Rollout Complete

FebMarAprMayJun Where Are We Now? DecJanFebMarAprMayJunJulAugSepOctNovDecJan PS Student Launch K4 Shutdown You Are Here window of opportunity Discretionary migration window 6/14 Identity Management Rollout Code review (4 code bases) Security audit (new vulnerabilities) Rollout requirements (PS launch) Campus Rollout Complete

The Reasonable Options CUWA/CUWL 1.5 – Attempt to fix what we have CUWA/CUWL 2.0 – Re-build it the way it should be Move to an outside solution -Yale CAS -Stanford WebAuth -CoSign

Service goals considered Impact of change on campus developer community Minimal work required to migrate to new versions Support for required functionality Predictability of user experience Long-term viability of CIT’s authentication solution for web- based services Performance and scalability as use of CUWA and CUWL increase Support for new server operating systems and web servers (Apache, IIS) Support for future enhancements to authentication and authorization Security of central authentication services Efficient use of scarce CIT resources

FebMarAprMayJun Recommendation DecJanFebMarAprMayJunJulAugSepOctNovDecJan 9/1 Identity Management Rollout PS Student Launch Develop CUWebAuth 2.0 CUWebAuth 2.0 Implementation Fall 2007 deployment Increase migration window Discretionary migration window K4 Shutdown Campus Rollout Complete Early Adopters

1. Why not go with CUWA 1.5? Condition of 8-year-old code has become a support burden Significant work required for even minor changes Impact of change on other portions of code difficult to test prior to release, results in more problems for campus service providers More bugs and security vulnerabilities as a result Currently requires 2 FTE’s Increasing campus dependency on CUWebLogin = scalability and performance issues SideCar limitations and scheduled retirement Preference for web-based applications

2. What do we get by writing CUWA 2.0? Product that is easier to maintain Simpler protocol Legacy dependencies eliminated Less code duplication (one code base instead of four) More extensible code (and all within local control) More secure protocol More scalable web single sign-on solution No loss of required functions and features Relatively minimal impact on campus developers

3. Will we have to give up other work? Overall development effort not much different -CUWA 1.5 estimated 23.8 FTE weeks -CUWA 2.0 estimated 25.6 FTE weeks CUWA 1.5 work requires the skill-set of four members of current IdM team CUWA 2.0 work will require skill-set of only two members of current IdM team CUWA 2.0 choice frees up skill set required for key projects like Active Directory, PS/STARS, Automated Provisioning, Grouper/Signet

4. Would an outside solution be smarter? Assessment is “no” based on more than 100 hrs of research Alternatives may offer short-term wins for IdM development team But would have significantly higher impact on user community Using these solutions off-the-shelf, without mods: -we give up features we currently have (ex: POST data support) -or we accept the same vulnerabilities we have with CUWA 1.5 Making mods to these outside solutions -may take as much or more time as re-writing CUWA 2.0 -requires unknown level of cooperation with other institutions -may cause entanglements and dependencies beyond our control

5. What are the longer-term implications? Lower maintenance cost, from 2 FTE’s to 1 Better security More predictable user experience Positions us better for future enhancements to authentication and authorization services Opportunity for open-source release

Summary Pros and Cons Webauth 1.5 Lowest short-term risk Limited benefit Webauth 2.0 Best long term solution Slightly more short- term work CAS Great java integration. Most expensive for the rest of campus. Security not great. Stanford Lowest deployment cost for Identity Management Complex infrastructure and missing features

Questions?

Identity Management

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.