Presentation is loading. Please wait.

Presentation is loading. Please wait.

Portal Services & Credentials at UT Austin CAMP Identity and Access Management Integration Workshop June 27, 2005.

Published byPeregrine Taylor Modified over 8 years ago

Similar presentations

Presentation on theme: "Portal Services & Credentials at UT Austin CAMP Identity and Access Management Integration Workshop June 27, 2005."— Presentation transcript:

1 Portal Services & Credentials at UT Austin CAMP Identity and Access Management Integration Workshop June 27, 2005

2 27 June 2005 – CAMP Identity & Access Management Discussion Items Setting the stage UT’s portal service – UT Direct UT’s authentication service – UT EID Credentialing & Support Challenges & Responses Future Directions

3 27 June 2005 – CAMP Identity & Access Management Setting the Stage UT Austin has large number of core constituents: –~50,000 students –~18,000 faculty & staff And even larger groups of “extended” populations (e.g., prospective students, former students, parents, job applicants)

4 27 June 2005 – CAMP Identity & Access Management UT’s Portal – UT Direct Created in 2000, upgraded in 2003 “Home-grown” using local custom development tools Serves as both a portal and a web application framework (look & feel, menus, bookmarks, etc.) Personalization is based on user’s affiliations

5 27 June 2005 – CAMP Identity & Access Management UT Direct Usage UT Direct has achieved strong penetration – –80% of students use it at least weekly –70% of faculty & staff use it weekly –100,000 distinct users login weekly UT Direct user interface is used for most business/administrative web services at UT Austin

6 27 June 2005 – CAMP Identity & Access Management UT’s Authentication Service – UT EID UT EID system created in 1995, upgraded in 1999, major overhaul coming this fall All members of UT community have EIDs Unified namespace for all EIDs Sponsoring departments control the affiliations attached to EIDs

7 27 June 2005 – CAMP Identity & Access Management EID Classes EIDs are grouped into 3 major classes based on affiliation and status of identity verification –Low assurance – Self-registered EIDs –Medium assurance – Sponsored by an approved UT department –High assurance – ID verified in-person & electronic signature agreement signed Required password strength depends on EID class

8 27 June 2005 – CAMP Identity & Access Management EID Populations The EID system currently contains 1.7M identity accounts, including: –Current students (~50K) –Former students (since ’74) (~600K) –Current employees (~35K*) –Former employees (since ’72) (~300K*) –Prospective students (~650K) –Guests (~400K) * Includes employees from certain other UT System universities that use shared administrative services.

9 27 June 2005 – CAMP Identity & Access Management Relationship between UT Direct & the EID System UT EID Authentication UT Direct Black- board Web- space Web- mail UT Direct and UT EID authentication are distinct systems Most but not all UT Direct Services are EID- authenticated UT EID authentication also used by many other services at UT Austin

10 27 June 2005 – CAMP Identity & Access Management EID Credentialing EID Creation –Guest EID suite (self-registration) –EID-on-demand (inline registration) –Automated EID creation Physical ID verification is required for most core affiliates, but not for extended populations EID eProxy allows one person to act on behalf of another for certain services (e.g., a parent who is paying a student’s housing bill)

11 27 June 2005 – CAMP Identity & Access Management EID Support EID web help suite lists contacts and provides password help options based on user’s current affiliations Passwords can be reset online via challenge/response questions or via email ticketing (w/other credentials) EID phone support is delegated to affiliation sponsors; Central ITS help desk is the last resort

12 27 June 2005 – CAMP Identity & Access Management Challenges Part 1 Risks posed by a unified identifier (for example, FERPA compliance) –One set of credentials shared by multiple systems can expose data in unexpected ways –User support systems/options are complicated by need to prevent inappropriate access to confidential data

13 27 June 2005 – CAMP Identity & Access Management Challenges Part 2 Duplicate EIDs and merging of EIDs –Extended populations tend to be future or former core constituents, so duplicate EIDs can cause problems Privacy & identity theft concerns –Data elements used for identity reconciliation raise privacy concerns for the university community

14 27 June 2005 – CAMP Identity & Access Management Challenges Part 3 Relentless increase in identity registry size: +20% per year –New extended populations regularly being identified –Campus departments replacing local SSN-based identifiers with EIDs –Ongoing migration of campus systems to EID authentication (simplified sign-on initiative)

15 27 June 2005 – CAMP Identity & Access Management Responses Part 1 Risks posed by a unified identifier (for example, FERPA compliance) –Proactively coordinate EID support and password reset policies across sponsoring departments, especially when new affiliations are added –Move toward more granular authentication status and control

16 27 June 2005 – CAMP Identity & Access Management Responses Part 2 Duplicate EIDs and merging of EIDs –Increase intelligence of self-registration process with adaptive questionnaire –Push EID usage to start of business processes to limit backend EID merges Privacy & identity theft concerns –Remove SSN from EID System –Institute stricter controls on access to identity registry data

17 27 June 2005 – CAMP Identity & Access Management Responses Part 3 Relentless increase in identity registry size: +20% per year –Improve flexibility & agility of identity registry to better cope with growth –Limit identity reconciliation efforts to close affiliates –Implement new classes of EIDs (e.g., identifier-only) with characteristics targeted to campus needs

18 27 June 2005 – CAMP Identity & Access Management Future Directions – UT Direct Bolster support for non-authenticated sessions Unify central UT web site architecture with UT Direct portal Support Shibboleth-style local-campus authentication for other UT System universities Explore commercial & open-source tools/products for next generation of UT Direct

19 27 June 2005 – CAMP Identity & Access Management Future Directions – UT EID Complete overhaul of EID system will occur in Fall 2005 Improve online support tools for users, especially for former students Allow affiliation sponsors to define populations within an affiliation to provide customized support options Support strong second-factor authentication options

20 27 June 2005 – CAMP Identity & Access Management My Contact Info CW Belcher c.belcher@its.utexas.edu (512) 232-6519

21 Portal Services & Credentials at UT Austin CAMP Identity and Access Management Integration Workshop June 27, 2005

Download ppt "Portal Services & Credentials at UT Austin CAMP Identity and Access Management Integration Workshop June 27, 2005."

Similar presentations

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.

Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.

Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.

Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.

Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.
1 Collaborators at the Gates of Troy: Extending eServices at USC.

1 Collaborators at the Gates of Troy: Extending eServices at USC.
Identity Management Choosing and Using Sun’s Identity Management Suite March 13 th, 2007 Kim Tracy Executive Director University Computing Services Northeastern.

Identity Management Choosing and Using Sun’s Identity Management Suite March 13 th, 2007 Kim Tracy Executive Director University Computing Services Northeastern.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
1 The Evolving Definition of Student: Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.

1 The Evolving Definition of "Student": Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.
Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.

Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
MyUIdaho Orientation Darren Kearney. Agenda What is a portal? How does this fit into our web strategy? Why this portal product? Who is this for? What.

MyUIdaho Orientation Darren Kearney. Agenda What is a portal? How does this fit into our web strategy? Why this portal product? Who is this for? What.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Managing Information UT November 13-14, 2008 Campus Identity and Access Management Services.

Managing Information UT November 13-14, 2008 Campus Identity and Access Management Services.
1 Data Strategy Overview Keith Wilson Session 15.

1 Data Strategy Overview Keith Wilson Session 15.

Similar presentations

Ads by Google