Authorization in UCTrust

Slides:

Advertisements

Similar presentations

From Authentication to Privilege Management to the Attribute Economy: Marketing runs amok…

Advertisements

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

Multi-Organizational Authorization Services RL “Bob” Morgan, University of Washington Internet2/Educause Advanced CAMP Boulder, Colorado July 2003.

Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.

Information Resources and Communications University of California, Office of the President Information Technology Services The California State University.

A Middleware Unified Field Theory Identity Management / Directories Privileges / Groups Single Sign-On / Federation Enterprise Integration from network.

UABgrid Identity Infrastructure John-Paul Robinson, David Shealy, UAB, IT Infrastructure Services Educause.

UCLA’s Shibboleth Plan Shibboleth is an integral part of UCLA’s Enterprise Directory & Identity Management Infrastructure (EDIMI) Project Integrate with.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Introduction to Grouper. Open source, community-driven project of the Internet2 Middleware Initiative Initial release v0.5 in December 2004 Grouper originally.

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

Managing Information UT November 13-14, 2008 Campus Identity and Access Management Services.

A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.

Deciding Who’s on First?: Establishing the Identity Management Leadership Group October 11, 2006 Dallas.

Technical Overview of Kuali Rice UC Davis, Information & Educational Technology January 2009.

1 A Case for Collaborative Identity Management in a Complex Decentralized Environment Andrea Beesing Assistant Director, IT Security and David Yeh Assistant.

Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.

Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.

1 Early Adopters / Deployers Patterns and criteria for distinguishing roles and groups-based access control vs. privilege management. Why use one or the.

I2/NMI Update: Signet, Grouper, & GridShib Tom Barton University of Chicago.

Maturation & Convergence in Authentication & Authorization Services in US Higher Education: Keith Hazelton, Sr. IT Architect, University.

From Directory Steering to Identity Governance Experiences at CU-Boulder.

UC Middleware Needs David Walker Information & Educational Technology University of California, Davis

Shibboleth as Attribute Delivery for Authorization Renee Shuey Penn State University June 27, 2006.

Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.

UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma

User Provisioning Project Presented to ITLC September 28, 2010 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary Doyle,

Directory Policy, Privacy, etc. David Millman – Columbia Keith Hazelton – Wisconsin et al.

Kuali Rice A basic overview…. Kuali Rice Mission First and foremost to provide a consistent development framework and common middleware layer for Kuali.

Scared Straight… if you want to go outside… Authenticate Locally, Act Globally.

Kuali Rice: General Overview Brian McGough Kuali Rice Project Manager Kuali Lead Architect Director, Enterprise Software, IU May 13, 2008.

Implementing a Role Management System Mair é ad Martin Carrie Regenstein Internet2 Fall Meeting September 20, 2005.

Social Roles and Relationships.

TEAMS by Jeanne Nyquist

~60 staff 1.Collaborators around the world 2.Supports communities of collaborators external to Internet2 3.Community uses wiki, mailing lists, instant.

Identity Management Round Table Emerging Themes & Issues Spring CSG ‘07.

User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary.

Authorization: Just when you thought middleware was no fun anymore Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Member, Internet2 Middleware.

親愛的吉姆舅舅：今天吃完晚餐後，奶奶說，在家裡情況變好以前，您要我搬到城裡跟您住。奶奶有沒有跟您說，爸爸已經好久沒有工作，也好久沒有人請媽媽做衣服了？我們聽完都哭了，連爸爸也哭了，但是媽媽說了一個故事讓我們又笑了。她說：您們小的時候，她曾經被您追得爬到樹上去，真的嗎？雖然我個子小，但是我很強壯，

Oracle Virtual Directory

Community & Parental Involvement Opportunities Donna Independent School District.

UCTrust Integration for UC Grid David Walker University of California, Davis ucdavis.edu Kejian Jin University of California, Los Angeles kjin.

ΜΕΤΑΣΥΛΛΕΚΤΙΚΗ ΦΥΣΙΟΛΟΓΙΑ ΕΡΓΑΣΤΗΡΙΟ 3. Μετασυλλεκτική Εργ3-Λιοσάτου Γ.2 ΒΙΟΛΟΓΙΚΟΙ ΠΑΡΑΓΟΝΤΕΣ ΠΟΥ ΕΠΗΡΕΑΖΟΥΝ ΤΗ ΦΘΟΡΑ ΤΩΝ ΟΠΩΡΟΚΗΠΕΥΤΙΚΩΝ Αναπνοή Η λειτουργία.

Oracle Fusion SCM Online Training

Introducing Access Management

Identity Management (IdM)

I2/NMI Update: Signet, Grouper, & GridShib

Identity Management Integration CAMP

Communication National Food Service Management Institute

Moving Beyond Implementation: Authorization

A Business Case for Identity Management in Higher Education

Topics The simple life The Simple Life GUI The full IdM life

Privilege Management: the Big Picture

اثرات گرمايش جهاني تغييرات آب و هوا، تأثيرات عميق و شديدي بر بسياري از عوامل اساسي موثر بر سلامت از جمله : آب، غذا، هوا و محيط زيست دارد كه اين مورد خود.

Shibboleth as Attribute Delivery for Authorization

California Standards Test

U.T. System Federated Identity Management Update

Brian Arkills Microsoft Solutions Architect

Signet Privilege Management

The Big 6 Research Model Step 3: Location and Access

Guests and Collaborators

Today Introducing IAMUCLA ISIS to Shibboleth Migration

Enabling Applications to Use Your IdMS

DPMS Ticket & Permission Management

1. Who are the people in business?

How to build a restricted and public access to the Interest group

Signet Privilege Management

Project Name TEAM MEMBER 1 NAME TEAM MEMBER 2 NAME TEAM MEMBER 3 NAME

User Provisioning Project

Presentation transcript:

Authorization in UCTrust David Walker Information and Educational Technology University of California, Davis DHWalker @ ucdavis.edu

The Problem How do we authorize people to use applications via UCTrust? Two possible scenarios Campuses make authorization decisions and transmit them to applications Application management makes authorization decisions, based on identities provided by campuses

Some Definitions Affiliation / group – A person's relationship to the organization Student, employee, PS201 class member, ... Role – A person's purpose for the organization Low-value purchaser, IdM administrator, parent, ... Entitlement / permission – Something a person is allowed to do Access library materials, view general ledger, ...

The Big Picture (I Think)‏ App IdM App App Signet Grouper App KIM Shib App IdM App AuthN App IdM Signet Grouper Auth Srcs Signet Grouper

CO-Manage Demo http://middleware.internet2.edu/co/tour/index.html