Management of users at UNIL

Slides:



Advertisements
Similar presentations
ADManager Plus Simplify Your Active Directory Management.
Advertisements

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.
CERN, Information Technology Department
Extern name server - translates addresses of s messages - enables users to use aliases - … ID cards system - controls entrance to buildings,
Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
Access Control Chapter 3 Part 3 Pages 209 to 227.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Enhancing Productivity & Lowering Costs with CA Management Software Case study Zürcher Kantonalbank (ZKB)
Password?. Project CLASP: Common Login and Access rights across Services Plan
Password?. Project CLASP: Common Login and Access rights across Services Plan
Active Directory: Final Solution to Enterprise System Integration
Presented by: Mark Hendricks
ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.
June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park
Design Aspects. User Type the URL address on the cell phone or web browser Not required to login.
Peter Deutsch Director, I&IT Systems July 12, 2005
Introduction To Windows NT ® Server And Internet Information Server.
Security features of Windows What is computer security ? Computer security refers to the protection of all components—hardware, software, and stored.
Copyright © 2007, SAS Institute Inc. All rights reserved. SAS Activity-Based Management Survey Kit (ASK): User Management & Security.
Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram.
Security Directions - Release 6 and beyond SearchDomino.com Webcast Patricia Booth Security and Directory Product Management 9/25/02.
G046 Lecture 05 Task E Briefing Notes Mr C Johnston ICT Teacher
1 Simon: What, How and Why Jon Finke Communication and Middleware Technology.
Integrating Applications with the Directory Andrea Beesing CIT/Integration and Delivery June 25, 2002.
CERN IT Department CH-1211 Genève 23 Switzerland t Identity Management Alberto Pace CERN, Information Technology Department
HAKA project HAKA User administration inside Finnish Higher Education Institutes results from the KATO project Barbro Sjöblom EDS 2003 Uppsala.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Identity Management in the Environment of Mendel University in Brno Milan Šorm.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Sudha Iyer Principal Product Manager Oracle Corporation.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
Identity and Access Management Siddharth Karnik. Identity Management -> Oracle Identity Management is a product set that allows enterprises to manage.
Password? CLASP Project FOCUS Meeting, 12 October 2000 Denise Heagerty, IT/IS.
Single Sign-On across Web Services Ernest Artiaga CERN - OpenLab Security Workshop – April 2004.
Internet Documentation and Integration of Metadata (IDIOM) Presented by Ahmet E. Topcu Advisor: Prof. Geoffrey C. Fox 1/14/2009.
Privilege Management Chapter 22.
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
® IBM Software Group ©IBM Corporation IBM Information Server Architecture Overview.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Access Control Chapter 3 Part 4 Pages 227 to 241.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
CERN IT Department CH-1211 Genève 23 Switzerland t Single Sign On, Identity and Access management at CERN Alex Lossent Emmanuel Ormancey,
Copyright © 2012 Pearson Education, Inc. or its affiliate(s). All rights reserved
Fermilab supports several authentication mechanisms for user and computer authentication. This talk will cover our authentication systems, design considerations,
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
1 Name of Meeting Location Date - Change in Slide Master Authentication & Authorization Technologies for LSST Data Access Jim Basney
User Registration in the SeaDataNet V1 system by Dick M.A. Schaap – technical coordinator Oostende, June 08.
Virtual Directory Services and Directory Synchronization May 13 th, 2008 Bill Claycomb Computer Systems Analyst Infrastructure Computing Systems Department.
19 Copyright © 2008, Oracle. All rights reserved. Security.
Identity and Access Management
Basharat Institute of Higher Education
Secure Connected Infrastructure
New Developments in Central Directory Service and Account Provisioning Dan Menicucci Enterprise Architect - University of Pittsburgh.
Active Directory Management Software Borna
Introduction to Operating Systems
AuthLite 2-Factor for Windows Administration
Chapter One: Mastering the Basics of Security
Using E-Business Suite Attachments
Novell Account Management Introduction and Overview
To Join the Teleconference
Authentication Protocol
Dartmouth College Status Report
CLASP Project AAI Workshop, Nov 2000 Denise Heagerty, CERN
Identity Management at the University of Florida
Authentication and Authorization in ColdFusion
James Cowling Senior Technical Architect
Presentation transcript:

Management of users at UNIL Who we are: Centre informatique (Ci) A service unit, not a research institute What we are doing: Administrative services Internet services (e-mail, web, …) Academic services Scientific computing Bibliographic databases of scientific publications Services are centralized Every person of UNIL is using at least one of our service

History Management of users: Filemaker application Manually defined in VMS and Unix Hundreds of users In 1992: GESU in production Ingres application Integrated with the HR and students database Thousands of users

GESU Now Part of the administrative applications Mixture of Ingres, Informix, (Oracle and SAP) Used by a non-technical operator Screens to do operations Create, delete, expire users Give, remove access to services for users Automatisation of some tasks GesuWeb: access to basic services for employees MailUnil: access to basic services for students

Gesu E-Mail Gesu application Unix (operator’s screens, Piece of GesuWeb, MailUnil) Piece of software Unix operations LDAP AD Win 2K

Authentication of a user Every person at UNIL has a Username Password E-Mail Web form Piece of software Unix Change password LDAP AD Win 2K

Authorization E-mail -> user database in e-mail system Unix -> /etc/passwd Web application -> LDAP Authentication in LDAP Authorization in Informix Protecting web pages Authorization: groups in LDAP Win 2K -> Active Directory

Future of authentication GESU E-Mail a directory Unix Windows Macintosh Web applic PKI, X509 Smart cards ??

Future of authorization Based on groups Managed in GESU Exported to the directory Two types of groups: Organisation groups: containing users Role and function of users determine the membership Service groups: containing organisation groups Groups that are specified in ACL of objects Group membership could be used for Attribute certificates Kerberos tickets

Other things … A LDAP – JDBC was developped A diploma work Include the Macintosh platform New Mac OS X ?? Use of Swisskey Corporate ID Université de Lausanne « Smart card » project at UNIL Try to push for a crypto card Give a single and simple view to the user Setup a portal Security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.