Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Management: The Legacy and Real Solutions Project Overview.

Published byMoris Richards Modified over 8 years ago

Similar presentations

Presentation on theme: "Identity Management: The Legacy and Real Solutions Project Overview."— Presentation transcript:

1 Identity Management: The Legacy and Real Solutions Project Overview

2 Copyright @ 2007 Washington State University This work is the intellectual property of WSU. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the copyright owner. To disseminate otherwise or to republish requires written permission.

3 The Legacy WSU Network ID Integrated Business Systems Multiple Authentication Stores Disparate Authorization Methods No Single Sign-On No Metadirectory Ad Hoc Provisioning

4 Business Drivers Strategic Goal: “Seamless, Intuitive, Integrated” Aging technology (DCE, custom programs) Performance and reliability Management of NIDs Management of WSU affiliates (not eligible for NIDs) Increasing reliance on Active Directory

5 Project History Core team construction (2004) Representatives from ITS, College of Business, Libraries, Center for Teaching Learning and Technology Six months information gathering Microsoft Technology Center invitation Clarification of project goals

6 Project History Project divided into sub-projects  Single sign-on  Metadirectory services  Group services  WSU Friend IDs

7 Key Components Microsoft Active Directory (AD)  Authoritative source for NIDs  Authorization group structure Microsoft Identity Information Server (MIIS)  Metadirectory services for NIDs  Provisions AD groups

8 Key Components Microsoft Active Directory Federation Services (ADFS)  Single sign-on, internal federation Microsoft Authorization Manager (Azman)  Used in conjunction with claims (AD group structure) for authorization

9 WSU Enterprise Directory Services Intelligence & Business Rules Source Systems Active Directory Feed Authentication, Authorization, Attribute and Group Services Metadirectory Services Person Registry ADABAS Active Directory Online Phonebook Portal Database Portal OID UPS LDAP DCE Apps & Services Portal Feed Online Phonebook Feed NID Create Asynchronous Sources WSU Identity Management Architecture 2004 Consumer Systems WSU Core Business Systems Design Concept Courtesy of Thomas J. Barton, University of Chicago

10 Secure UNIX Web Server Secure zOS/CICS Web Server myWSU Oracle Portal DCE Security Server DCE Authentication AD Security Server Kerberos or LDAP Authentication Active Directory Services zOS Data & Backend Apps or Other Data Sources Distributed Secure IIS Web Servers Online Learning Environments Distributed Data & Backend Apps Local SSO Oracle External Apps SSO Network Services User AD Domain SSO Local Domain SSO Local Domain SSO Local Domain SSO WSU Network ID Authentication and SSO Environment 2004 NID Active Directory Enabled Apps DCE rpc Direct Natural Attunity

11 WSU Enterprise Directory Services Source Systems MIIS Authentication, Authorization, Attribute and Group Services Metadirectory Services Person Registry ADABAS Portal Apps DB Portal OID UPS SunOne Active Directory Apps & Services Portal Feed NID Create Asynchronous Sources Core Business Systems WSU Identity Management Architecture 2007 Consumer Systems ADFS Azman Active Directory Feed Intelligence & Business Rules Design Concept Courtesy of Thomas J. Barton, University of Chicago

12 Active Directory Group Structure WSU Authorization Groups Application Groups Enterprise Groups Provisioned Groups Role Groups Employees Employees.Appointed Employees.Active Students Students.Admitted Students.Enrolled Term Groups 2007_sum 2007_fall 2008_spr

13 ITS Secure IIS.NET ADFS Web Servers myWSU Oracle Portal Online Learning Environments ADFS Authentication AD Security Server LDAP Authentication ADFS Enabled Apps (Potential) Distributed Secure IIS.NET ADFS Web Servers Distributed Data & Backend Apps Network Services User ADFS Federation SSO WSU Network ID Authentication and SSO Environment Internal Federation 2007 NID EntireX Connx WSU ADFS Federation Server EntireX Connx ADFS Federation SSO ADFS Federation SSO ADFS Federation SSO ADFS Federation SSO zOS Data & Backend Apps or Other Data Sources

Download ppt "Identity Management: The Legacy and Real Solutions Project Overview."

Similar presentations

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
Web Application Management Moving Beyond CMS Douglas Clark Director, Web Applications Copyright Douglas Clark 2003 This work is the intellectual property.

Web Application Management Moving Beyond CMS Douglas Clark Director, Web Applications Copyright Douglas Clark 2003 This work is the intellectual property.
Copyright Dave Steiner and Jeremy Rosenberg 2010. This work is the intellectual property of the authors. Permission is granted for this material to be.

Copyright Dave Steiner and Jeremy Rosenberg This work is the intellectual property of the authors. Permission is granted for this material to be.
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau 2004. This work is the intellectual property of the authors. Permission is granted for.

Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
Copyright Judith Spencer 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.

On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.
1 Extending Authenticated Online Services with Friend Accounts at Washington State University Brian Foley Technology Architect/Application Developer.

1 Extending Authenticated Online Services with "Friend Accounts" at Washington State University Brian Foley Technology Architect/Application Developer.
Multi-Organizational Authorization Services RL “Bob” Morgan, University of Washington Internet2/Educause Advanced CAMP Boulder, Colorado July 2003.

Multi-Organizational Authorization Services RL “Bob” Morgan, University of Washington Internet2/Educause Advanced CAMP Boulder, Colorado July 2003.
Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.

Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.
Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
The Homegrown Single Sign On (SSO) Project at UM – St. Louis.

The Homegrown Single Sign On (SSO) Project at UM – St. Louis.
JA-SIG CAS Enterprise Single Sign-On Scott Battaglia Application Developer Enterprise Systems & Services Rutgers, the State University of New Jersey Copyright.

JA-SIG CAS Enterprise Single Sign-On Scott Battaglia Application Developer Enterprise Systems & Services Rutgers, the State University of New Jersey Copyright.
Copyright Steve Brandt 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Steve Brandt This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
MIT ROLES DB Internet 2 Authority Architectures CAMP, June 2004.

MIT ROLES DB Internet 2 Authority Architectures CAMP, June 2004.
1 No More Paper, No More Stamps: Targeted myWSU Communications Jack Alilunas, Lavon Frazier October 20, 2004.

1 No More Paper, No More Stamps: Targeted myWSU Communications Jack Alilunas, Lavon Frazier October 20, 2004.
Moving Your Paperwork Online Western Washington University E-Sign Web Forms Copyright Western Washington University, 2004. This work is the intellectual.

Moving Your Paperwork Online Western Washington University E-Sign Web Forms Copyright Western Washington University, This work is the intellectual.
GatorAid: Identity Management at the University of Florida Mike Conlon Director of Data Infrastructure

GatorAid: Identity Management at the University of Florida Mike Conlon Director of Data Infrastructure
CAMP - June 4-6, 2003 1 Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin 2003. This work is the intellectual property of the authors.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
1 No More Paper, No More Stamps: Targeted myWSU Communications Jack Alilunas, Lavon Frazier May 17, 2004 Copyright Jack Alilunas, Lavon Frazier 2004. This.

1 No More Paper, No More Stamps: Targeted myWSU Communications Jack Alilunas, Lavon Frazier May 17, 2004 Copyright Jack Alilunas, Lavon Frazier This.

Similar presentations

Ads by Google