Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shared Services – Technical and Security Considerations

Published byDominick Hunter Modified over 6 years ago

Similar presentations

Presentation on theme: "Shared Services – Technical and Security Considerations"— Presentation transcript:

1 Shared Services – Technical and Security Considerations
DRAFT Shared Services – Technical and Security Considerations CSG - IUPUI May 14, 2009

2 Technical Evaluation of Shared Services – Web Based
Authentication Directories/Account Provisioning/Identity Data Group Management and Authorization Architectural Considerations and Future Influence Multi vs. Single Tenant Services Instances Exit Strategy and Interoperability Risks of Skill and Capacity Atrophy Some non-Technical Thoughts N-Tier problem, out of scope of consideration

3 Directories/Account Provisioning/Identity Data
Transition of service provider account to institutional account or any other combination Is account linking good or bad? How to influence shared service providers that are not interested in institutional identity Attribute release vs. group data Real-time back to institution for Web Service/LDAP calls vs. identity data replication Range of position from CIO-ish folks about actual sensitivity of identity data

4 Authentication Don’t want to replicate institutional credentials to service provider Technologies like Shibboleth, recommended Neutralize plethora of authentication methods to single before going to shared service provider Not all shared services will be able to understand institutional identities e.g. GoogleApps vs. GoogleIMAP

5 Group Management and Authorization
Privacy over group membership Mapping of institutional groups to access controls in shared service There is an opportunity to provide a shared group service. e.g. Grouper There may be an opportunity to provide a shared authority service.

6 Architectural Considerations and Future Influence
Like Kuali Student, there a need for service contract (functional definitions) and the APIs to implement them From good architectural designs, flow good service levels, scalability, interoperability , security, exit strategies…flexibility, flexibility, flexibility. How does higher-ed influence these technical designs? Consortia?

7 Multi vs. Single Tenant Services Instances
Exchange example highlighted the functional (and cost) differential between two models Potential security concerns over partitioning in a multi-tenant instance Calendar is example of interop limitations demonstrating benefits of a multi-tenant model…or using the same service provider For lack of a better way to say it… Evil is good, as long as it scales.

8 Risks of Skill and Capacity Atrophy (consumers)
Once service is sourced elsewhere, over time there is a loss of technical expertise to provide that service Infrastructure and integration skills tend to persist, as long as we remain in the infrastructure business Factor skill set persistence in with exit strategy of any shared service

9 Some non-Technical Thoughts
Different viewpoints about whether there is a fundamental difference between shared services providers that are commercial or .edu based, at least on a technical or security level

Download ppt "Shared Services – Technical and Security Considerations"

Similar presentations

Issues of collaborating in a Shibboleth FE/HE trust environment Graham Mason KC-ROLO.

Issues of collaborating in a Shibboleth FE/HE trust environment Graham Mason KC-ROLO.
How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.

How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
The Changing Role of the Technologist as Higher Ed Embraces the Cloud Michele Decker, University of Notre Dame Jacob Farmer, Indiana University Derek D.

The Changing Role of the Technologist as Higher Ed Embraces the Cloud Michele Decker, University of Notre Dame Jacob Farmer, Indiana University Derek D.
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
Building a Consortia Stephanie Duerden March 2014.

Building a Consortia Stephanie Duerden March 2014.
JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.

JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.
Shared Technical Architecture’s Role within the ECIO Organization “Arkansas Shared Technical Architecture”

Shared Technical Architecture’s Role within the ECIO Organization “Arkansas Shared Technical Architecture”
A case for Shibboleth and grid security: are we paranoid about identity? UK e-Science All Hands Meeting, 2006 Mark Norman 19 Sept 2006.

A case for Shibboleth and grid security: are we paranoid about identity? UK e-Science All Hands Meeting, 2006 Mark Norman 19 Sept 2006.
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University

The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University
A Robust Health Data Infrastructure P. Jon White, MD Director, Health IT Agency for Healthcare Research and Quality 2014-06-10.

A Robust Health Data Infrastructure P. Jon White, MD Director, Health IT Agency for Healthcare Research and Quality
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.

Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Use of Identity Credentials in Public Transit Fare Payment Systems Professional Capacity Building Program T3 Webinar June 29, 2011 Washington Metropolitan.

Use of Identity Credentials in Public Transit Fare Payment Systems Professional Capacity Building Program T3 Webinar June 29, 2011 Washington Metropolitan.
Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.

Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.
Electronic identity management for eGovernment Conceptual framework and objectives Frank Robben General manager Crossroads Bank for Social Security Strategic.

Electronic identity management for eGovernment Conceptual framework and objectives Frank Robben General manager Crossroads Bank for Social Security Strategic.
Considering Community and Open Source Lois Brooks Stanford Terry Ryan UCLA A Decision Framework for Selecting.

Considering Community and Open Source Lois Brooks Stanford Terry Ryan UCLA A Decision Framework for Selecting.
Shibboleth: An Introduction

Shibboleth: An Introduction

Similar presentations

Ads by Google