Describing the Solution Patterns and Real-World Examples Tom Barton, University of Chicago Steven Carmody, Brown University Cal Racey, Newcastle University.

Slides:



Advertisements
Similar presentations
SciVal Experts & SciVal Funding Information Sessions.
Advertisements

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.
FERPA 101 Student Records: Institutional Responsibility and Student Rights What Every University Employee Should Know Prepared by the Office of the Registrar.
UFIRST Roles Study Staff – All UF employees who can start or be listed on a proposal, agreement or award Grants Administrators – work for a division, department,
University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy
Gary Brown, Senior Systems Developer, Portal Development Team Identity Management Toolkit a JISC sponsored project.
Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.
I2/NMI Update: Signet, Grouper, & GridShib Tom Barton University of Chicago.
Shibboleth as Attribute Delivery for Authorization Renee Shuey Penn State University June 27, 2006.
FERPA Basics From the University of Northern Iowa and Office of the Registrar.
Setting up Privilege Management with Signet Metadata.
Updated: 08/10/07 Web Grades Overview MAIS The Office of the Registrar and Michigan Administrative Information Services.
Updates to Program Approval Process and Graduate Faculty Nominations Dr. George Hodge Assistant Dean for Program Development.
Summer Pay for 9 Month Faculty and Staff A PowerPoint Primer for Payroll Preparers – Summer 2006 Compensation, Human Resources.
Advanced CAMP: BoF Summaries. 2 Role-based Access Control (RBAC)
Updates to Program Approval Process and Graduate Faculty Nominations Dr. George Hodge Assistant Dean for Program Development.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Categorizing Access Management Challenges  Rob Carter, Duke University  Scott Fullerton, University of Wisconsin.
BUSINESS OPERATIONS Business Management. Today’s Objectives  Identify workplace safety & security measures.  Analyze components included in policies.
Ad-hoc Lists / Opt-In Problem Definition Access rules for many applications and services cannot be derived from an authoritative source and must therefore.
Tri-C A WTRI REHEARSAL. What we have learned so far  Many community colleges are experiencing the manner in which they are reimbursed. Rather than “butts.
Participating in NCTN Studies NCI codes, Rosters, and Roles
Your Presenters Andrea Beesing Assistant Director, IT Security, Cornell University Liz Salley Product Manager, Identity.
The Human Side of Project Management
UW-Madison Guidelines for Managing the Records of Departing Employees*
Job Titles Examples Used for HISD Nonexempt Jobs
TYPES OF ORGANISATION.
IT Audit Processes and Audit
Towards a New ERP: Status Update
Workplace Projects.
Academic Planning Summit Developing Self-Support Programs
I2/NMI Update: Signet, Grouper, & GridShib
West Virginia Council for Community & Technical College Education
COMPGZ09 Project Management Definitions Lecture 1 Graham Collins, UCL
Post-Doctoral Trainee Senior Professional Research Staff Staff
SUNY Applied Learning Resolution.
Kode Etik dan IA Standard Dr Rilla Gantino, SE., AK., MM
Policy Update RAFT November 10, 2016
Project & Program Governance
Towards a New ERP: Status Update
Student Data Governance and MDM
HUMAN RESEARCH PROTECTION PROGRAM or
CMMI – Staged Representation
University Open Forum April 30, 2018
2016 Tenure and Promotion Workshop Policy and Procedures Overview
Dartmouth College Status Report
Overview of a typical grant budget
Privilege Management: the Big Picture
Shibboleth as Attribute Delivery for Authorization
Structures Understanding Business Higher Business Management 1.
Academic Misconduct training: Athletic Academic Advising
Review of Interim Policy Regarding Appointment of Principal Investigators FA
MODULE 2 UNIT 2 Incident Command Allow 60 minutes for this section.
Quality and Relevance in an IEP Exit Level
Honors Program Welcome Meeting
What are IAM Key Processes.
Unit 8: Course Summary.
Unit 6 ORGANIZING.
Program Review Guidelines & Processes at SUNY New Paltz
Academic Leadership Forum February 18, 2019
Unit 7 Documentation Documentation
Faculty Senate President’s Report
Welcome! _________________ HR Forum June 9, 2009
The EXCEPTION PRINCIPLE
Unit 2 Overview This unit presents the National Incident Management System (NIMS) management characteristics. These characteristics are the foundation.
Project Management Method and PMI ® PMBOK ® Roles
Academic Planning Summit Developing Self-Support Programs
2019 Arkansas VA/SAA/SCO State Conference – September
Ombudsman UMKC SOM GME.
Presentation transcript:

Describing the Solution Patterns and Real-World Examples Tom Barton, University of Chicago Steven Carmody, Brown University Cal Racey, Newcastle University Liz Salley, University of Michigan

Design Patterns From the Yahoo Design Pattern Library: Patterns are optimal solutions to common problems. As common problems are tossed around a community and are resolved, common solutions often spontaneously emerge. Eventually, the best of these rise above the din and self-identify and become refined until they reach the status of a Design Pattern.

Design Patterns

Academic Case #5 Authority rests with the Registrar (business role) Grantor is self-identified but constrained by authoritative source (only students may exert FERPA rights) Depending on IAM implementation, could be algorithmic (eg., by eduPersonAffiliation) or more ad hoc (Registrar may provide a list of covered students) Constraint: grantees must be identify (in some unspecified fashion) an academic need for information Business Case #4 Authority rests with HR department (business role) Grantor and grantee are the same, self- identified but constrained by authoritative source (only staff and faculty) Depending on IAM implementation, could be algorithmic (eg., by eduPersonAffiliation) or more ad hoc (HR provides eligible “staff” and “faculty” lists) Constraint: the grantee must accept terms and conditions of the program before being enrolled.

Access Management Solution Patterns At first glance, many of our use cases appear to be unique challenges. As we break each use case down into component parts, we begin to see similarities. We can now think about building solutions around the patterns rather than the use cases. Are there solutions that have been tossed around the community enough to emerge as design patterns?

Application Access Roles-Multiple Registrars for a Service Official Source with White and Black Lists Ad-hoc Lists Managing Hierarchies Proxy and Delegation Access Access to Internal Resource Granted to External Parties Time-restricted Access Access Management Solution Patterns

Application Access Roles Problem Individuals need to be specifically authorized to use a service. They are locally-identified, in that the organization does not track who belongs to each group. Only they know who they are. Typically, someone in authority assigns individuals to the appropriate group.

Application Access Roles Variants Single registrar grants and removes privileges for the entire organization. Multiple registrars, each responsible for a department or team, grant and remove access for their team. Multiple registrars, each responsible for different privileges within the service.

Application Access Roles Solution Create a group with a membership of the people authorized to use the service. If there is a need to support different privileges within the service, create multiple groups that map to the various Roles within the application. If there are multiple Registrars, give all of them the authority to manage group membership, or create separate groups for each of them to manage.

Example: Multiple Registrars for Campus Wireless Access

Example: Multiple Registrars for University Affiliates Any University of Michigan school, college, or department can sponsor and manage affiliates in our IAM system (known as MCommunity). Each sponsoring unit is a registrar responsible for managing affiliates within their area. Each unit can name one or more local administrators.

Official Source with White and Black Lists 12

uGreg Jackson uStudent testing uGraceful account closure uFrom “Use Cases Organized by Area of Interest” – Travel reimbursement approval – Trustee conflict of interest – Terminating Access for a Disgruntled Employee – Adding a lab assistant – Adding TA Access to Course Dropbox – Pre-hire affiliation 13 Some motivating situations

Ad Hoc Lists

Hierarchy examples HR organisational structure – School of engineering Chemical engineering – Process engineering group HR chain of command staff hierarchy – Dean Professor – Principle investigator » minions Physical Location hierarchy – Campus Building – floor Course Hierarchy – Business school Accountancy specialism – Auditing module

Using hierarchies What hierarchies does an institute have Where hierarchies are kept How to capture them Dealing with change Systems of record are imperfect – Perfection enemy of progress

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.