Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introducing Access Management

Published byThomasina Patterson Modified over 6 years ago

Similar presentations

Presentation on theme: "Introducing Access Management"— Presentation transcript:

1 Introducing Access Management
IAMUCLA Mini-Conference November 18, 2008

2 IAMUCLA “Simplified and Streamlined User Identity & Access Management”

3 IAMUCLA Access Management (Authorization) Authentication
Enterprise User Identity Store

4 IAMUCLA Authentication Access Management (Authorization)
UCLA Logon ID Standard Web SSO (Shibboleth) Groups and Roles Access Management (Authorization) Privilege Management Enterprise User Identity Store Enterprise User Identity Store

5 Authorization Re-cap <subject> can <perform action> on <resource> given <constraint>. Joe Bruin can edit pages on the IAMUCLA site. Students enrolled in Math 33A can view contents of the Math 33A Course Web Site.

6 “I manage access using roles
“I manage access using roles. Just tell me what groups the logged in person is in.” Most applications want group membership data. Applications use group member data to make authorization decisions

7 “Groups based on PPS/SRS/other university data are great, except that I need to add this one exception…”

8 Grouper Internet2 developed group management software Open source
Flexible group management capabilities Ongoing work to integrate with other I2 initiatives

9 Grouper in IAMUCLA PPS SRS Enterprise Directory Shibboleth Grouper
4 1 3 SRS Group Membership/Role Attribute Storage and Delivery 2 Grouper generates university groups/roles automatically using known data sources Administrators create custom groups Group data provisioned into Enterprise Directory Group data delivered to applications via Shibboleth Others Administrators University Data Sources Group Management

10 Demonstration

11 Grouper for Naga Gamers
PPS Enterprise Directory Shibboleth Grouper 4 1 3 SRS Group Membership/Role Attribute Storage and Delivery 2 Grouper generates university groups/roles automatically using known data sources Administrators create custom groups Group data provisioned into Enterprise Directory Group data delivered to applications via Shibboleth Others Administrators University Data Sources Group Management

12 Using Grouper Data to Manage Access
Group data delivered through Shibboleth attribute response Protect static content using Shibboleth SP Map attributes to groups in applications

13 https://spaces.ais.ucla.edu/iamucla

14 EVERYBODY PANIC!!! OMG! O NOES!

Download ppt "Introducing Access Management"

Similar presentations

How to Set Up a System for Teaching Files, Conferences, and Clinical Trials Medical Imaging Resource Center.

How to Set Up a System for Teaching Files, Conferences, and Clinical Trials Medical Imaging Resource Center.
SAML CCOW Work Item: Task 2

SAML CCOW Work Item: Task 2
Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.

Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.
RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.

RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.

Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.

A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.
Developers End Users Productivit y  Build once, run everywhere  Streamlined Lifecycle  Web Standards, Open Platform  O365 Integration Developers.

Developers End Users Productivit y  Build once, run everywhere  Streamlined Lifecycle  Web Standards, Open Platform  O365 Integration Developers.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
UCLA’s Shibboleth Plan Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with.

UCLA’s Shibboleth Plan Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
New Faculty Orientation Blackboard Academic Suite 7.1 University of the Pacific June 28, 2015.

New Faculty Orientation Blackboard Academic Suite 7.1 University of the Pacific June 28, 2015.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Chapter 5 Database Application Security Models

Chapter 5 Database Application Security Models
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Microsoft Identity and Access Solutions Market Trends and Futures

Microsoft Identity and Access Solutions Market Trends and Futures
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Copyright Albert Wu 2008. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Albert Wu This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Overview of Access and Information Protection

Overview of Access and Information Protection

Similar presentations

Ads by Google