Presentation is loading. Please wait.

Presentation is loading. Please wait.

University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.

Published byFlorence Ross Modified over 8 years ago

Similar presentations

Presentation on theme: "University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed."— Presentation transcript:

1 University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed Systems Ian Taylor, Manager, Security Middleware ‘RL’ Bob Morgan, Architect Anne Hopkins, Lead Zephyr McLaughlin, Lead

2 Overview IAM Mission and Scope IAM Practices UW IAM Service Set International Collaboration in IAM Q & A

3 IAM Mission UW Mission “preservation, advancement, dissemination of knowledge” people-based processes, increasingly online Identity management provides... institutional means to know who can, should and did access online (and physical) resources

4

5 IAM Scope IAM supports the whole institution teaching, research, outreach, healthcare, student life, alumni, collaborators, affiliates, local, regional, global UW Identity and UW NetID Statistics 43,000 students at three campuses – Undergraduate, Graduate and Professional Plus an Extension Enrollment of 27,000 more 28,000 Faculty and Staff Two Medical Centers, Neighborhood Clinics, SCCA, etc. K-20 network 385,000 Active UW NetIDs (11/28/07)

6 IAM Practices One identity per person Many affiliations per person Not just people (applications, groups, roles, organizations,...) Manage entire identity lifecycle Level of Assurance (LoA) varies depending on population and application needs

7 IAM Practices (cont.) Compromise of credentials will happen Business needs often must be balanced with compliance requirements Identity theft is a serious problem

8 UW Identity and Access Management Service Set Identity Management Person Registry UW NetID Service Authentication UW Kerberos Realm UW Windows Infrastructure Weblogin Service (Pubcookie / Shibboleth) SecurID UW Certificate Authority

9 UW Identity and Access Management Service Set (cont.) Authorization and Aggregation ASTRA Groups Service Subscriptions Enterprise Directory Services Person Directory Groups Directory White Pages Directory

10 Federation Use university identity for external service access for web resources, using SAML standard Internet2 Shibboleth federation software widely deployed R&HE Federations create trust communities agree on standards, vet institutions, exchange keys InCommon Federation in US many national R&HE federations in Europe and Australia global service providers (eg Elsevier, Microsoft) join work starting on global interfederation

11 Other Identity Collaborations eduroam access to university wireless for HE visitors 802.1x and RADIUS technology deployed throughout Europe and Asia/Pacific grid supporting large e-science projects X.509 technology IGTF provides global linkage of grid CAs work on linking grid access to SAML/Shib federation

12 Q & A Thank you for your interest. We welcome your questions. Lori Stevens, lrs@u.washington.edulrs@u.washington.edu Ian Taylor, iant@u.washington.eduiant@u.washington.edu Bob Morgan, rlmorgan@u.washington.edurlmorgan@u.washington.edu Anne Hopkins, annehop@u.washington.eduannehop@u.washington.edu Zephyr McLaughlin, zephyrmc@u.washington.eduzephyrmc@u.washington.edu

13

14

15 Shibboleth Flow Overview User connects to resource and is redirected to WAYF User authenticates at his home organization User gets authenticated and redirected to web server of resource Attribute request – user is granted access to resource

16 1. User connects to resource and is redirected to WAYF

17 2. User authenticates at his home organization

18 3. User gets authenticated and redirected to web server of resource

19 4. Attribute request – user is granted access to resource

20 Shibboleth Demo https://spaces.internet2.edu Login via Shibboleth http://www.switch.ch/aai/demo/expert.html Excellent technical introduction

Download ppt "University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed."

Similar presentations

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
Introduction to Shibboleth and the IAMSECT Project.

Introduction to Shibboleth and the IAMSECT Project.
Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.

Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
1 The Evolving Definition of Student: Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.

1 The Evolving Definition of "Student": Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.
Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.

Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Iamsect.ncl.ac.u k IAMSECT Inter-institutional Authorisation Management to Support eLearning with reference to Clinical Teaching Core Middleware Programme.

Iamsect.ncl.ac.u k IAMSECT Inter-institutional Authorisation Management to Support eLearning with reference to Clinical Teaching Core Middleware Programme.
The Access Management Puzzle: Putting the Pieces Together Identity and Access Management at the UW Ian Taylor Manager of Security Middleware University.

The Access Management Puzzle: Putting the Pieces Together Identity and Access Management at the UW Ian Taylor Manager of Security Middleware University.
Shibboleth Update a.k.a. “shibble-ware”

Shibboleth Update a.k.a. “shibble-ware”
InCommon Policy Conference April 2005. 2 Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.
Managing Information UT November 13-14, 2008 Campus Identity and Access Management Services.

Managing Information UT November 13-14, 2008 Campus Identity and Access Management Services.
Lecture 12: WLAN Roaming Communities EDUROAM TM. eduroam TM eduroam (education roaming) is the secure, world-wide roaming access service developed for.

Lecture 12: WLAN Roaming Communities EDUROAM TM. eduroam TM eduroam (education roaming) is the secure, world-wide roaming access service developed for.
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.

Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
Copyright Copyright Ian Taylor 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Copyright Ian Taylor This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Similar presentations

Ads by Google