Multi-Organizational Authorization Services RL “Bob” Morgan, University of Washington Internet2/Educause Advanced CAMP Boulder, Colorado July 2003.

Slides:



Advertisements
Similar presentations
Glenn Johnson John A. Dutton e-Education Institute Project Manager, Penn States e-Portfolio Initiative Glenn Johnson John A. Dutton e-Education Institute.
Advertisements

What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.
DSpace: the MIT Libraries Institutional Repository MacKenzie Smith, MIT EDUCAUSE 2003, November 5 th Copyright MacKenzie Smith, This work is the.
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
Supporting and Hosting Web- Based Learning Systems Educause 2001 Charlene Douglas – Director Kathryn Gomm - Training Manager Sharon McCarrager – Accessibility.
Identity Management: The Legacy and Real Solutions Project Overview.
Unraveling Web Development PRESENTERS: Bob Nakles and Paras Kaul, George Mason University.
Tangible Flags Collaborative Educational Technology to enhance grade school field trips Gene Chipman PhD Candidate in Computer Science
Darrel S. Huish Katherine J. Ranes Arizona State University Lessons Learned During the First Year of myASU, a Large Institution Portal Copyright Darrel.
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, This work is the intellectual property of the.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
Collaborative Associate of Arts Degrees. Collaboration In thought a good idea Every one wants to be invited to the dance. Sharing sounds good. In deed.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Sharing Information and Controlling Content: Continuing Challenges for Higher Education Susanna Frederick Fischer Assistant Professor Columbus School of.
Copyright Copyright Ian Taylor This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Copyright The Board of Regents of the University of Wisconsin System This work is the intellectual property of the author. Permission is granted.
Ten Thing IT Staff Need to Know About Education Records Privacy Ten Things IT Staff Need to Know About Education Records Privacy Jeff von Munkwitz-Smith.
A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.
NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.
Copyright Michael White and Sandra Thompson, This work is the intellectual property of the author. Permission is granted for this material to be.
Dot.edu: An e-learning Infrastructure for the University of Wisconsin System and Beyond CUMREC 2002 Charlene Douglas – Director Kathryn Gomm – Training.
Managing Intellectual Property for Distance Learning Liz Johnson Project Manager Advanced Learning Technologies Board of Regents of the University System.
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.
Center for Planning and Information Technology T HE C ATHOLIC U NIVERSITY of A MERICA ERP Systems: Ongoing Support Challenges and Opportunities Copyright.
NERCOMP 2002 Ten Things IT Staff Need to Know About Education Records Privacy Jeff von Munkwitz-Smith University Registrar University of Connecticut.
Welcome to CAMP: Charting Your Authentication Roadmap Mike Grady Senior Technology Architect and Strategist Campus Information Technologies and Educational.
Integrated Institutional Identity Infrastructure: Implications and Impacts RL “Bob” Morgan University of Washington Internet2 Member Meeting, May 2005.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 NMI R3 Enterprise Directory Components.
Copyright David A. Cox This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
Digital Diversity: Multi- institutional Access to Distributed Course Resources Barry Ribbeck UT HSC - Houston.
Integration is Critical for Success Curriculum Course Delivery Ongoing Support Instructor & Learner.
Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Authors: Victoria F. Sarkisian, Linguistic Coordinator at the Academic Learning Center Austin C. Schilling, Senior Consultant at IBM In collaboration with:
Authorization: Welcome to the Funhouse RL “Bob” Morgan, University of Washington Internet2/Educause Advanced CAMP Boulder, Colorado July 2003.
WebISO, Single Sign-On & Authorization General Overview Shelley Henderson Project Manager, Grid Software USC Information Services Copyright.
Bringing it All Together: Charting Your Roadmap CAMP: Charting Your Authentication Roadmap February 8, 2007 Paul Caskey Copyright Paul Caskey This.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
Chief Information Officer Effectiveness in Higher Education Wayne Brown, Ph.D. Copyright Wayne Brown This work is the intellectual property of the.
© Scottsdale Community College Leveraging the Power of E-Learning Taking your course to a higher level Presented by Sidne Tate Director, Instructional.
Resources to CAMP: Charting Your Authentication Roadmap.
Systemic Progress in Teaching and Learning Common Elements that Support Campus-Wide Innovation Copyright Andrea Nixon, A. Michael Berman, Christine Haile,
University of Southern California Identity and Access Management (IAM)
Federated Identity Management at Virginia Tech
Educause/Internet 2 Computer and Network Security Task Force
John O’Keefe Director of Academic Technology & Network Services
Identity and Access Management:
Federating with NIH, NSF, and the National Student Clearinghouse
IT All Staff M. Mundrane 16 March 2018.
Copyright Notice Copyright Bob Bailey This work is the intellectual property of the author. Permission is granted for this material to be shared.
Ed Barboni, Senior Advisor, Council of Independent Colleges
Blaine A. Brownell, President,
University of Southern California Identity and Access Management (IAM)
Privilege Management: the Big Picture
Project for OnLine Instructional Support (POLIS)
Open Source Web Initial Sign-On Packages
myIS.neu.edu – presentation screen shots accompany:
Signet Privilege Management
An App A Day Copyright Tina Oestreich and Brian Yuhnke This work is the intellectual property of the author. Permission is granted for this material.
Technical Topics in Privilege Management
EDUCAUSE Networking 2002 Washington, D.C. April 17, 2002
Managing Enterprise Directories: Operational Issues
Enabling Applications to Use Your IdMS
Signet Privilege Management
Terry Coatta VP Development, Silicon Chalk
Presentation transcript:

Multi-Organizational Authorization Services RL “Bob” Morgan, University of Washington Internet2/Educause Advanced CAMP Boulder, Colorado July 2003

Copyright RL ‘Bob’ Morgan, This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

Topics External users in your enterprise IdM and apps Consortia and Identity The multi-attribute-provider problem

External users in your enterprise Yet another external population every day... all doctors in the state collaborative course hosted by your LMS grant collaborators Just give 'em campus netids? feed problems, identifying info, etc; authorization granularity;... ultimately doesn't scale... So, federate, of course with Shib, or accept Passport, or PKI, or whatever not the whole story...

External users and IdM App Your University Some Origin IdM/Authz Authn Attribute Authority IDs?

Privacy and IDs Privacy protection: not using a single permanent ID in some cases (eg licensed content), simple group-based attribute may be all that's needed for access this is why “entitlement” is attractive but permanent target-specific identifier may still be useful, e.g. for personalization non-shared target-specific IDs make combining authorizations difficult put burden on user to gather entitlements?

Integration of externals In most cases, external users coexist with internal users on same app system but that app relies on your IdM for more than just netid external user's origin may supply authz attributes... but if the app relies on user data in IdM... implies external user in your IdM, with their external id Provisioning issues does external user get registry-id? does remote site supply one? how do you get notification of external-id change? are external entries mixed with your existing user entries?

Integration of externals, more Remote user entries in your IdM? every institutional IdM is a view of the whole world, just contains “more authoritative” data about internal users Stanford IdM is authoritative about Stanford user's netid UW IdM is authoritative about Stanford user's use of UW app ultimately sources of authority are distributed... Existing internal attributes now need scope... app may have policy: if “student” then X –does it mean “if student anywhere” or “if

State-wide K-20 service authz Washington plans access to learning services for all students, state-wide who is a student's identity provider? (ie, where are they from?) UW, which supplies infrastructure? the learning-services project? their school district? eg) their school?

Multi-attribute authorities App Target Origin Attr Authority Authn Attribute Authority

the multi-attribute-provider problem aka “the IEEE problem” foo.edu user at info-provider.com site –can get to some resources as a Foo U member –can get to other resources as IEEE member –wants to do both at once, with foo.edu-based authentication approaches: –Foo U IdM/AA has “ieee-member” attribute, supplies it, info-provider accepts it –info-provider redirects user to IEEE site, user gets assertion, returns –info-provider calls IEEE site directly to get member info –info-provider provisioned with ieee-member attribute for that user constraints: user experience, privacy, forgery, identity mapping

Conclusion If they're “users” they're probably “internal” There will be many attribute providers Application architecture essential

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.