Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Management at USC: Collaboration, Governance, Access Margaret Harrington Director, Organization Improvement Services Brendan Bellina Identity.

Published byQuentin Morgan Modified over 9 years ago

Similar presentations

Presentation on theme: "Identity Management at USC: Collaboration, Governance, Access Margaret Harrington Director, Organization Improvement Services Brendan Bellina Identity."— Presentation transcript:

1 Identity Management at USC: Collaboration, Governance, Access Margaret Harrington Director, Organization Improvement Services Brendan Bellina Identity Services Architect and Manager of Enterprise Middleware Development

2 8/8/2008EDUCAUSE LIVE!2 University of Southern California Private research university, founded 1880 33,500 students (16,500 undergraduate, 17,000 graduate and professional) 3,200 full-time faculty, 8,200 staff $1.9 billion annual budget, $432 million sponsored research Two major LA campuses; six additional US locations; four international offices

3 8/8/2008EDUCAUSE LIVE!3 Today’s Presentation Overview of USC identity management program: evolution, scope and structure Highlight three distinctive characteristics –Broad participation and collaboration among business and technical communities –Data and policy governance as core activity –Attribute access process Future objectives

4 8/8/2008EDUCAUSE LIVE!4 Definition Identity and Access management (IAM) is a broad administrative function that identifies individuals in a system (in this case, USC), and controls and facilitates their access to resources within that system by associating user rights and restrictions with the established identity.

5 8/8/2008EDUCAUSE LIVE!5 Evolution 2001 – Eliminate/Suppress Social Security Numbers 2002 – Commit to unified identifier – USC ID number 2003 – Build data governance structure 2005 – Enable authentication and authorization 2007 – Support affiliates and visitors

6 8/8/2008EDUCAUSE LIVE!6 “We hold the need for Identity Management to be self-evident…” IAM at USC has been grass-roots – not driven by institutional directive Wide-spread volunteer engagement by “business” community Organization Improvement Services provides logistic support and operational leadership Information Technology Services leads technical development

7 8/8/2008EDUCAUSE LIVE!7 What is Data Governance? Data Governance brings together cross- functional teams to make interdependent rules or to resolve issues or to provide services to data stakeholders. These cross-functional teams - Data Stewards and/or Data Governors - generally come from the Business side of operations. They set policy that IT and Data groups will follow as they establish their architectures, implement their own best practices, and address requirements. Data Governance can be considered the overall process of making this work. http://www.datagovernance.com/adg_data_governance_governance_and_stewardship.html

8 8/8/2008EDUCAUSE LIVE!8 IAM Data Governance Committees Directory Services Steering Committee – policy development committee meets every 3 weeks focuses on policy regarding data acquisition and release, integration, and communication attendees include senior management representatives from academic schools, administrative departments, major IT units, General Counsel GDS Executive Committee - management committee every other week focuses on technical and staffing issues affecting direction and prioritizations attendees include management representatives from SOR’s and GDS team Data Team - technical committee meets monthly focuses on operational issues affecting SOR’s and PR/GDS attendees include representatives from SOR’s and GDS team Working Groups

9 8/8/2008EDUCAUSE LIVE!9

10 8/8/2008EDUCAUSE LIVE!10 Data Team

11 8/8/2008EDUCAUSE LIVE!11 GDS Executive Committee

12 8/8/2008EDUCAUSE LIVE!12 Directory Services Steering Committee

13 8/8/2008EDUCAUSE LIVE!13 Identity Operational Data Store ???

14 8/8/2008EDUCAUSE LIVE!14 Person Registry Policies Data Definitions (format of dates, names, identifiers, phone numbers, etc) Data Transport policies De-duping: Handling matches, partial matches Resource requirements for Systems of Record (SOR) Data Access policies - No access except for IAM purposes by approved SOR’s

15 8/8/2008EDUCAUSE LIVE!15 Attribute Access Request Process Required for all data requests to GDS content Directory Steering Committee reviews all new AAR submissions Data Stewards must also approve requests Requests must be reauthorized every 2 years Changes in data requirements require submission of a new AAR

16 8/8/2008EDUCAUSE LIVE!16 AAR Workflow Application sponsor or manager contacts Director of Organization Improvement to request AAR meeting Director of Organization Improvement schedules meeting with: Application sponsor, ITS IdM Team Meeting produces AAR document

17 8/8/2008EDUCAUSE LIVE!17 AAR Workflow (cont.) AAR routed to Data Stewards and DSC for approval Approved AAR posted to GDS Wiki page ITS IdM Team works with requestor to implement request

18 8/8/2008EDUCAUSE LIVE!18 Typical AAR Questions What information is needed? For what purpose? For what population? For what service? Is data for confidential students or employees required? Are there user exceptions?

19 8/8/2008EDUCAUSE LIVE!19 Common Attributes Released A persistent identifier A name An entitlement An email address

20 8/8/2008EDUCAUSE LIVE!20 Additional Attributes Group membership Course enrollment and/or association Affiliation Employment information (Department, Title, Work Status, etc.) Academic information (major, minor, school, level, year, etc.) Contact information (addresses, phone numbers, email addresses, etc.)

21 8/8/2008EDUCAUSE LIVE!21 Typical DSC Policies All data must be transmitted securely Servers must be properly secured No unnecessary release of attributes No chaining of data release

22 8/8/2008EDUCAUSE LIVE!22 Number of AAR’s Processed by the DSC

23 8/8/2008EDUCAUSE LIVE!23 Departments Submitting AAR’s Information Technology Services Office of the Provost Office of the Registrar Student Affairs Cancer Center Viterbi School of Engineering Marshall School of Business USC College USCard Services Cinematic Arts School of Theatre Trojan Transportation Services Family Medicine Career and Protective Services Career Planning and Placement Center University Libraries

24 8/8/2008EDUCAUSE LIVE!24 Notable Successes University Portal Blackboard Online Class Roster iTunes U Confluence Wiki MovableType Blog Google Apps Student Scheduling Portal Online Schedule of Classes iVIP Guest/Affiliate System Orientation Reservations Dspace Digital Repository Online Whitepages

25 8/8/2008EDUCAUSE LIVE!25 Next Steps for IAM at USC Build on foundation of trust Formalize executive endorsement and institutional expectations –Participation of all systems and databases with people information (except patients and clinical trials participants) –General use of central resource for authentication, authorization and personalization

26 8/8/2008EDUCAUSE LIVE!26 Next Steps for IAM at USC Expand Identity Data –Enhance iVIP, add Alumni/Donor/Parent system –Add smaller SOR’s – Emeriti, USCard Establish and fund administrative home “Office of Identity Management” Establish Identity Management (Directory Services) Steering Committee as presidential committee Reduce use of data feeds Pursue external federated relationships

27 8/8/2008EDUCAUSE LIVE!27 Additional Resources -USC GDS website: http://www.usc.edu/gdshttp://www.usc.edu/gds -Additional Presentations: http://its.usc.edu/~bbellinahttp://its.usc.edu/~bbellina

Download ppt "Identity Management at USC: Collaboration, Governance, Access Margaret Harrington Director, Organization Improvement Services Brendan Bellina Identity."

Similar presentations

How Will it Help Me Do My Job?

How Will it Help Me Do My Job?
Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
When will the helicopters end? Giving Parents Access Case Study The University of Arkansas and Southern Methodist University M3.3 February 4, 2013.

When will the helicopters end? Giving Parents Access Case Study The University of Arkansas and Southern Methodist University M3.3 February 4, 2013.
UCSC History. UCSC: A brief history 60s University Placement Committee A lot of field trips/interaction with employers.

UCSC History. UCSC: A brief history 60s University Placement Committee A lot of field trips/interaction with employers.
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Applying Data Governance in Identity Management: To Serve and Protect Brendan Bellina Identity Services Architect Information Technology Services University.

Applying Data Governance in Identity Management: To Serve and Protect Brendan Bellina Identity Services Architect Information Technology Services University.
Health Ingenuity Exchange (HingX) Best Practices for User Groups and Resource Registration.

Health Ingenuity Exchange (HingX) Best Practices for User Groups and Resource Registration.
STUDENT SUCCESS CENTERS : WORKING BETTER TOGETHER TO ENSURE STUDENT SUCCESS.

STUDENT SUCCESS CENTERS : WORKING BETTER TOGETHER TO ENSURE STUDENT SUCCESS.
Results of the Faculty Survey on Internationalization at Villanova: A Preliminary Report Prepared for the International Leadership Committee Prepared by.

Results of the Faculty Survey on Internationalization at Villanova: A Preliminary Report Prepared for the International Leadership Committee Prepared by.
Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.

Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.
1 Collaborators at the Gates of Troy: Extending eServices at USC.

1 Collaborators at the Gates of Troy: Extending eServices at USC.
1 The Evolving Definition of Student: Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.

1 The Evolving Definition of "Student": Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.
Orientation for Academic Program Reviews 2015-2016.

Orientation for Academic Program Reviews
Project Management: A Critical Skill for Organizations Presented by Hetty Baiz Project Office Princeton University.

Project Management: A Critical Skill for Organizations Presented by Hetty Baiz Project Office Princeton University.
1 LBNL Enterprise Computing (EC) January 2003 LBNL Enterprise Computing.

1 LBNL Enterprise Computing (EC) January 2003 LBNL Enterprise Computing.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Data Management Awareness January 23, 2008 1 University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Similar presentations

Ads by Google