Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager,

Slides:



Advertisements
Similar presentations
Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
Advertisements

How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.
PKI and LOA Establishing a Basis for Trust David L. Wasley PKI Deployment Forum April 2008.
Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Appropriate Access: Levels of Assurance Stefan Wahe Office of Campus Information Security.
Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.
Going for the Silver Winter 2010 CSG January 13, 2010.
NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.
InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker.
Getting to Silver: Practical Matters for CIC Universities Tom Barton University of Chicago © 2009 The University of Chicago.
Security and Personnel
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
Enterprise Architecture 2014 EAAF as a vehicle for LoA Using EAAF processes to incrementally approach InCommon/UCTrust certification.
EDUCAUSE Best Practices Build Better Systems Ann West, InCommon Dedra Chamberlin, UC Berkeley.
Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
1 Authentication Trustworthiness The Next Stage in Identity-Based Access and Security Tom Board, NUIT.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Office of the Chief Information Officer EFCOG Annual Meeting Fred Catoe (IM-32) U.S. Department of Energy.
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Mary Dunker Common Solutions Group January 12, 2010.
Peter Deutsch Director, I&IT Systems July 12, 2005
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Meeting InCommon Silver Profile Standards at UCD and UCB Bob Ono, UC Davis, Dedra Chamberlin, UC Berkeley, David Walker, UC Davis, Doreen Meyer, UC Davis.
Winter 2011 CSG Workshop: InCommon Silver January 12, 2011.
Appropriate Access: Levels of Assurance Stefan Wahe Office of Campus Information Security.
© 2011 The University of Chicago InCommon Silver Implementation at UChicago Tom Barton 1.
Federal Requirements for Credential Assessments Renee Shuey ITS – Penn State February 6, 2007.
Refining Silver CSG January 2011, Duke University Renee Shuey, RL "Bob" Morgan, Tom Barton.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Joining the Federal Federation: a Campus Perspective Institute for Computer Policy and Law June 29, 2005 Andrea Beesing IT Security Office.
1 EDUCAUSE Midwest Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit Mark.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 STRIDE towards 2-factor Web SSO Rich Graves October 2014 GIAC GSE, GCIA, GCIH, GPEN,
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Gary Brown, Senior Systems Developer, Portal Development Team Identity Management Toolkit a JISC sponsored project.
InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb
IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS: PEEK INTO PROPOSED FICAM CHANGES 12/12/12 1.
PIV 1 Ketan Mehta May 5, 2005.
IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.
Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.
Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.
Identity Assurance: When it Matters David L. Wasley Internet2 / InCommon.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.
Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Information Resource Stewardship A suggested approach for managing the critical information assets of the organization.
Winter 2011 CSG Workshop: InCommon Silver Campus Panel: University of Iowa January 12, 2011.
The Policy Side of Federations Kenneth J. Klingenstein and David L. Wasley Tuesday, June 29, CAMP Shibboleth Implementation Workshop.
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Incorporating Privacy Into Systems Development Methodology Phil Moleski Director Corporate Information Technology Branch Saskatchewan Health
LoA In Electronic Identity Jasig Dallas Levels of Assurance In Electronic Identity Considerations for Implementation Benjamin Oshrin Rutgers University.
Tom Barton, Senior Director for Integration, University of Chicago
InCommon Participant Operating Practices: Friend or Foe?
John O’Keefe Director of Academic Technology & Network Services
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Federal Requirements for Credential Assessments
PASSHE InCommon & Federated Identity Workshop
InCommon Participant Operating Practices: Friend or Foe?
Appropriate Access InCommon Identity Assurance Profiles
Technical Issues with Establishing Levels of Assurance
Presentation transcript:

Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager, Identity Management Michigan State University © Michigan State University Board of Trustees

Toward InCommon Silver Certification at MSU Jim Green Manager, Identity Management MSU – Academic Technology Services © Michigan State University Board of Trustees

Why? Use cases – research, government, sensitive data Shibboleth proliferation CIC sharing Opportunity to influence the process Worth doing Can be a driver

What we’ve done so far Study IAP and related documents Establish a weekly meeting with IdM, ATS, and Internal Audit Participate in CIC InC Silver conference calls Presented project proposal to ATS management Use a spreadsheet (based on InCommon checklist) to tally gap analysis bullets Summarized issues for Phase 1 report by answering Tom Barton’s questions © Michigan State University Board of Trustees

IAP areas Policy – Privacy policy – Policy on disabling netids Business processes – Netid provisioning process Technical infrastructure – Network security

Issue categories Documentation lacking – Policy, process, or infrastructure probably OK Policy lacking or doesn’t comply Process lacking or doesn’t comply Technical infrastructure lacking or doesn’t comply

Documents lacking appropriate staffing identity proofing credential issuance process Many, many examples of processes that are not well documented

Policy lacking or doesn’t comply – privacy policy – credential issuance and management - -policy on disabling netids, end of lifecycle management of netids – mitigate risk of sharing credentials

Process lacking or doesn’t comply – IT audit – strong resistance to guessing shared secret – our password complexity rules likely do not rise to Silver level – Risk management methodology – Background checks not retroactive – Strong digital credentials (?)

Technical infrastructure lacking or doesn’t comply – end-to-end secure communication – 10 or more successive failed authentication attempts in 10 minutes – physical security – log entrance and exit

Approaches New ID Office will manage physical ID cards and digital credentials – reports to central IT Considering two factor authentication Affiliates system in development – System of record for non-HR, non-SIS – Owned by Enterprise Information Stewardship – Operated by Identity Management

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.