User Provisioning Project

Slides:

Advertisements

Similar presentations

Implementing Federated Identity Management across a Multi-campus Statewide System: The Texas Experience William A. Weems Assistant Vice President Academic.

Advertisements

Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.

Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.

16/3/2015 META ACCESS MANAGEMENT SYSTEM Implementing Authorised Access Dr. Erik Vullings MAMS Programme Manager

UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Infrastructure for Multi-Professional Education and Training Using Shibboleth.

Widely Distributed Access Management Tom Barton University of Chicago.

Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Functional Model Workstream 1: Functional Element Development.

Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.

Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.

Integrating with UCSF’s Shibboleth system

UC Middleware Needs David Walker Information & Educational Technology University of California, Davis

I2Q & WMnet Pilot Presented by Jason Rousell – i2Q Jay Neale - i2Q.

AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

SAML 2.1 Building on Success. Outline n Summary of SAML 2.0 n Work done since 2.0 n Objectives of SAML 2.1 n Proposed Task List n Undecided Issues n Invitation.

User Provisioning Project Presented to ITLC September 28, 2010 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary Doyle,

Navigating the Standards Landscape Andrew Owen SEARCH.

Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.

Implementing Kuali Identity Management at your Institution Jasig Spring 2010 Wednesday, March 10, am.

Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

11 ITLC – Middleware Report May 27, 2010 The work of a subgroup of ITAG.

Géant-TrustBroker Project Overview Daniela Pöhn 7 th FIM4R meeting Frascati, Italy April 24 th, 2014.

Campuses New to Shibboleth: WebSSO Barry Johnson

User Provisioning Project Design Phase Presented to ITLC March 24, 2011 David Walker, ITAG Co-Chair Information and Educational Technology, UC Davis Mary.

June 9, 2009 SURFfederatie: implementing a multi- protocol federation Hans Zandbelt & Joost van Dijk, SURFnet.

Administrative Information Systems Shibboleth Install Session Technical Information Session for Developers Datta Mahabalagiri.

126/02/2016 META ACCESS MANAGEMENT SYSTEM A Ship on the Grid – Interoperability between Shibboleth and the Grid – Dr. Erik Vullings Programme Manager Macquarie.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

The Technology of Privacy Walter Hoehn

UCTrust Integration for UC Grid David Walker University of California, Davis ucdavis.edu Kejian Jin University of California, Los Angeles kjin.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

SAML & OAuth V2 Nov 19/09. Goals Explore (useful) combinations of SAML & Oauth Builds on 2008 proposal from Ping ID for combining SAML SSO & Oauth authz.

David Millman—Columbia January 2005

Using Your Own Authentication System with ArcGIS Online

Shibboleth Architecture

Cross-sector and user-centric AAI

Federation Systems, ADFS, & Shibboleth 2.0

Shibboleth Integration Fairfield University

HMA Identity Management Status

8/3/16 Prepared for ITLC by ITAC

Identity Federations - Overview

Géant-TrustBroker Dynamic inter-federation identity management

Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support

John O’Keefe Director of Academic Technology & Network Services

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

OGSA Data Architecture Scenarios

Identity Federations - Installation and operation

ESA Single Sign On (SSO) and Federated Identity Management

A Business Case for Identity Management in Higher Education

Agenda Introductions Brief review of our project charge

Today Introducing IAMUCLA ISIS to Shibboleth Migration

Shibboleth in Switzerland

, editor October 8, 2011 DRAFT-D

Recommended CPI Process

TeraGrid Identity Federation Testbed Update I2MM April 25, 2007

Authorization in UCTrust

BPOS to Office 365 Transition for Existing BPOS Customers

Presentation transcript:

User Provisioning Project David Walker Information and Educational Technology University of California, Davis DHWalker @ ucdavis.edu

Overview What are we doing? What UCTrust does currently Proposed addition to UCTrust's services Current status

What Are We Doing? UCTrust federates authentication and identity information during a session. Many applications need information about their users at other times (e.g., Connexxus, SumTotal. We are extending UCTrust to exchange identity information when the user is not online. This was a pain point for SumTotal and Connexxus, among other UC-wide projects.

What UCTrust Does Now A Service Provider (SP) specifies the identity attributes it requires. Identity Providers (IdP) configure their Attribute Release Policies (ARP) for the SP. At the start of a session, the SP requests attributes from the IdP for the current user. The IdP returns requested attributes that are allowed by the ARP.

Proposal for User Provisioning A Service Provider (SP) specifies the identity attributes it requires and the people it requires those attributes for. Identity Providers (IdP) configure their Attribute Release Policies (ARP) for the SP. The IdP also defines the group of its community members required by the SP. At a time determined by the SP, the SP requests all attributes allowed by the ARP.

Four Types of Requests Snapshot Subscription Change Log SSO Event All identity information for all people.. Subscription Identity information will be transmitted to the application as add, delete, and update transactions on an event-driven basis. Change Log All add, delete, and update transactions that have been generated since the last Snapshot, Subscription, or Change Log. SSO Event The existing Shibboleth access type.

High-Level Design

Current Status The design has been vetted with the IT Architecture Group and the UCTrust Work Group. The project will be proposed to the ITLC on September 28 Assuming approval, project will commence in early 2011.