Presentation is loading. Please wait.

Presentation is loading. Please wait.

PASSHE InCommon & Federated Identity Workshop

Published byDenis Hunter Modified over 5 years ago

Similar presentations

Presentation on theme: "PASSHE InCommon & Federated Identity Workshop"— Presentation transcript:

1 PASSHE InCommon & Federated Identity Workshop
DAY 2 John O’Keefe – Associate VP and CIO, Lafayette College Renee Shuey – Principal Lead Identity and Access Management, Penn State University

2 Privacy and Security

3

4 Critical Elements of Identity
Who are you? (identification) Collect personally identifying information to prove you are who you say you are (identity proofing), such as drivers license or passport Assign attributes [(name, address, college or university, department, role (faculty, staff, student), major, address] How can you prove it? (authentication) Verifying that the person seeking access to a resource is the one previously identified and approved

5 Value of Institutional Identity
We own the data We trust ourselves FIdM enables integration with cloud services Keeps us agile in a frequently changing IT landscape The identity is what our community wants Attribute Consent

6

7

8 Federation Protects Collaboration
Privacy - Sends the minimum amount of attributes Security - Keeps person attributes secured in your local identity vault and limits number of UserIDs and passwords Outsourcing - Enables integrated institutional use of external applications Regulations - Access that must adhere to Federal regulations can easily be provisioned

9 Security is Multi-Dimensional
Secure credentials Secure attributes Secure transmission

10 Privacy is Multi-Dimensional
Keep attributes private Keep what you release to a minimum required

11 Other Privacy Concerns
FERPA and other Federal, State, and Local Regulations Informed Consent Federated Incident Response Right to change mind, to be forgotten Data Protection vs. privacy protection Common definitions of privacy (particularly internationally)

12 Policy Considerations

13

14 Business Process/Policy Improvement
Align business processes When new faculty/staff/students come or leave, how does that work? Account creation/deletion must be a rule-based activity! Partner with HR, Dean’s Office, whoever to change business processes Good business processes ensure currency and security

15 Campus Engagement Over time, we want to do higher stakes transactions on-line. That’s true within campus/for campus, and off campus, between campuses/labs/etc. Every step along the way, there were naysayers. They weren’t right. Others with whom we do business are heading in the same directions/driving the same direction, for incredibly similar reasons.

16 Federated IdM as Good IdM Hygiene
Use InCommon’s guidelines as a cookbook for internal IdM practices Whether Federated or not, the best practices recommended are sound for your IdM infrastructure Attribute collection and maintenance required for internal systems Extending schemas Automation of provisioning and de-provisioning must be your goal

17 FIdM Practices Account creation and termination procedures
Properly maintained and secured identity store Attribute Release Policy (ARP) Cooperation from key administrative units (HR, Admissions) Policies and procedures to match Level of Assurance (LoA) How do you determine who gets NetIDs? How do you validate new users? How do you remove accounts once users leave? How long do you keep NetIDs? How do you keep identities secure in the directory? How do you keep identities secure in transmission?

18 Participant Operating Practices
What is the PoP? How do I complete it? Why is it necessary? Implications for internal processes

19 Accuracy of information
What processes do you have to maintain audit trails? How reliable is the attribute information? How do you update the person registry? Who can update the person registry?

20 Service providing What attributes are required to access your service?
What do you do with attributes you receive as part of a federated identity exchange? How do you secure attributes you receive as part of a federated identity exchange? How do you notify a federated user if his/her attributes have been compromised?

21

22

23 Bundles and Application Categories
Attributes tend to travel in bundles The R&S (research and scholarship) bundle {name, , authenticated identity, affiliation} Applications are being vetted for minimal use and qualification for R&S Attribute release “automatic” by IdP Several bundles are likely, e.g. {opaque-id, affiliation}, {authentication only}, privacy-preserving-personalization

Download ppt "PASSHE InCommon & Federated Identity Workshop"

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.
IAM Online Friday, February 12, 2010 “Introduction to Federated Identity Management” John O’Keefe, Lafayette College Questions either via Adobe Connect.

IAM Online Friday, February 12, 2010 “Introduction to Federated Identity Management” John O’Keefe, Lafayette College Questions either via Adobe Connect.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
1 The Evolving Definition of Student: Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.

1 The Evolving Definition of "Student": Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Www.incommon.org InCommon and Federated Identity Management 1 www.incommon.org.

InCommon and Federated Identity Management 1
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
IT Security Challenges In Higher Education Steve Schuster Cornell University.

IT Security Challenges In Higher Education Steve Schuster Cornell University.
Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.

Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Identity and Access Management (IAM) What’s in it for Me? NC State University - Computer Security Day October 26, 2009 Mark Scheible Manager, Identity.

Identity and Access Management (IAM) What’s in it for Me? NC State University - Computer Security Day October 26, 2009 Mark Scheible Manager, Identity.
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,
Copyright 2006 Archistry Limited. All Rights Reserved. SOA Federated Identity Management How much do you really need? Andrew S. Townley Founder and Managing.

Copyright 2006 Archistry Limited. All Rights Reserved. SOA Federated Identity Management How much do you really need? Andrew S. Townley Founder and Managing.
InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb

InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb
The InCommon Federation The U.S. Access and Identity Management Federation www.incommon.org.

The InCommon Federation The U.S. Access and Identity Management Federation
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.

Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.

Similar presentations

Ads by Google