Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –"— Presentation transcript:

1 Identity and Access Management IAM A Preview

2 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that – Improves the user experience – Increases our security and audit capability – Opens the door to different levels of access

3 3 How will IAM help us? Streamlining business processes through workflow Reducing the need to hire additional technology staff to manage new applications Supporting collaboration, both internal to and external to the University.

4 4 Drivers for IAM The drivers from both inside and outside the University promoting the implementation of this infrastructure include: – interdisciplinary and inter-institutional research and collaboration – Changing needs of teaching and learning – Fund raising and outreach – Digital library access – Increasing budgetary pressures – Interactions with government agencies

5 5 The IAM Infrastructure The Business Case – 7 Major Outcomes It will reduce the number of credentials that constituents must know to perform the actions for which they are authorized It will reduce the implicit denial of service experienced by new members of the University. – Accounts are not currently set up in a timely manner because processes – both manual and automated – may not function properly.

6 6 IAM – The Business Case It will reduce the operational and management overhead of enabling our constituents to perform actions for which they are already authorized and the incremental cost of implementing a new online service. It will reduce the operational and management overhead of disabling authorization for former constituents (individuals no longer in a relationship with the University) who should no longer have access to University services and resources.

7 7 IAM – The Business Case It will enable the University to quickly modify a constituent ’ s access permissions as the his/her role, and therefore his/her set of authorizations, change It will improve the quality of auditing actions across the University by using persistent identifiers common to all applications

8 8 IAM – The Business Case It can provide an environment in which the University ’ s confidence that the credential presented by someone to perform an authorized action is presented by the person to whom the credential was issued. – By centralizing identity proofing and establishing appropriate policies on how an individual can prove who he says he is. – The middleware infrastructure stores the credential in a secure manner. Today credentials are stored in a variety of systems, rather than a central one, with sometimes questionable levels of security.

9 9 IAM – Benefits Significant benefits can be reaped from the deployment of an IAM infrastructure – Enhanced Security IAM reduces the management of user access to a single system Who is active is deterministic since the identity information about individuals emanates from the University ’ s key administrative systems Identity data is stored in a single protected data repository with data encryption and single sign-on capability Relatively small staff to manage it

10 10 IAM – Benefits – Enhanced Security (continued) Provides a mechanism to express access control policies – Supports authorization services to applications Supports better logging and audit capability – User login identifiers are identical across systems so we are better able to track activity. – Improves support for after-the-fact audit analyses

11 11 IAM – Benefits Simplified Network and Online Service Access – Enables unified access to multiple applications – Enables initial-sign-on, also called single-sign-on – With initial-sign-on, it is a straightforward step to a campus portal

12 12 IAM – Benefits Economies of Scale – The identity information that is populated into the identity and access management infrastructure comes from administrative systems like the Human Resources and Student Administration systems – Additional identity information will be populated from other systems or interfaces as required. These entries will have explicit expiration dates associated with them.

13 13 IAM – Benefits Provides better application standards around authentication and authorization Not only are applications using a common directory for identification, but a standard (single) interface to authenticate Applications will be easier to build, will be more consistent with each other, and provide a common user experience around authentication and authorization

14 14 IAM – Benefits – Economies of Scale continued Provides a unified means of enabling and disabling access to a wide range of online services infrastructure for access control information – It requires more support staff to have each application maintain its own accounts and access privileges Since all applications authenticate and authorize against the same directories, the training costs are reduced (and users are more comfortable as well) It is easier to outsource an application that are compliant to our standards since we would not need the vendor to provide access control

15 15 IAM – The Proposal The model that we are pursuing to solve the IAM problem is based on the work of the National Science Foundation Middleware Initiative and Internet 2. We are committed to an open standards solution. We are committed to an extensible solution.

16 16 IAM – The Proposal We will address initial sign-on for web applications We will attempt to address initial sign-on for desktop/client applications We will address the affiliate user issue and provide mechanisms for adding such users to the database to allow access to only those services that they should receive

17 17 IAM – The Proposal The next slide shows the roadmap for the identity and access management infrastructure for UConn. – This will be adapted as necessary during the project, but is strongly based on the recommended roadmap from the NSF Middleware Initiative.

18 18

19 19 IAM – Who? The design of the Identity Management component of the IAM infrastructure will require both technical staff from UITS and functional staff from a variety of areas – The functional staff will provide the business processes by which we can eliminate duplicate identities for the same person, determine the roles we care about, and help us to understand where besides the Human Resources and Student Administration Systems we must look for identities.

20 20 IAM – Who continued? The Identity Management component will also require technical staff with expertise in identity management, programming, and database administration. The Provisioning Engine will require either a purchased product or some programming staff. This component will also require system and application administrators.

21 21 IAM – Who needs to be involved? The Access Management component requires programmers, system administrators, identity management experts, and application administrators.

22 22 IAM – Where do we start? Our goal is to carve out a manageable piece of this huge project and build for extensibility. – We have initiated a short project to investigate what is available in the market. – RFIs are in – we just got them and we need to start reviewing them.

Download ppt "Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –"

Similar presentations

ADManager Plus Simplify Your Active Directory Management.

ADManager Plus Simplify Your Active Directory Management.
Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
NetPay provides best and effective solution for company Managers to maintain their employee scheduling task (including staff in/out details, overtime,

NetPay provides best and effective solution for company Managers to maintain their employee scheduling task (including staff in/out details, overtime,
Medicaid Management Information System (MMIS) Replacement

Medicaid Management Information System (MMIS) Replacement
A university wide electronic research ethics review system?

A university wide electronic research ethics review system?
Enterprise Architecture 2013 ITLC & ITAG Leadership Meeting Discussion Points April 9, 2013.

Enterprise Architecture 2013 ITLC & ITAG Leadership Meeting Discussion Points April 9, 2013.
Sponsored by the National Science Foundation Campus Policies for the GENI Clearinghouse and Portal Sarah Edwards, GPO March 20, 2013.

Sponsored by the National Science Foundation Campus Policies for the GENI Clearinghouse and Portal Sarah Edwards, GPO March 20, 2013.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Graffiti Reporting A partnership of Local and State Government; My Local Services App enhancements.

Graffiti Reporting A partnership of Local and State Government; My Local Services App enhancements.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.

Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.

Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.

Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Federal Student Aid Technical Architecture Initiatives Sandy England

Federal Student Aid Technical Architecture Initiatives Sandy England
© 2006 IBM Corporation IBM Software Group Relevance of Service Orientated Architecture to an Academic Infrastructure Gareth Greenwood, e-learning Evangelist,

© 2006 IBM Corporation IBM Software Group Relevance of Service Orientated Architecture to an Academic Infrastructure Gareth Greenwood, e-learning Evangelist,
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.

Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.
Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services.

Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services.

Similar presentations

Ads by Google