The Access Management Puzzle: Putting the Pieces Together Identity and Access Management at the UW Ian Taylor Manager of Security Middleware University.

Slides:



Advertisements
Similar presentations
Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
Advertisements

CUMREC, 2004 Copyright: Ian Taylor, Rupert Berk, Heidi Berrysmith; This work is the intellectual property of the authors. Permission is granted for.
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
Plugging the Policy Gap: If You Build It, Governance Will Follow Ian Taylor University of Washington Copyright Ian Taylor, This work is the intellectual.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
1 The Evolving Definition of "Student": Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.
Emory University Case Study I2 Day Camp November 5, 2010 John Ellis & Elliot Kendall.
Intra-campus Web SSO Management Topics for Deployed Campuses Nathan Dors, Technology Manager University of Washington CAMP Shibboleth June 25-27, 2007.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Peter Deutsch Director, I&IT Systems July 12, 2005
Graduate Catalog Automation & Publication Project Graduate Catalog Automation & Publication Project.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Security Middleware Update IS Development Staff Forum December 8, 2004.
ASTRA Authorization Management at the University of Washington Rupert Berk Lead, Security Middleware CAMP, Denver, June 27, 2005.
Widely Distributed Access Management Tom Barton University of Chicago.
Active Directory at the University of Michigan Data Population and Kerberos Interoperability MaryBeth Stuenkel LAN/NOS/Groupware Services.
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
Copyright Copyright Ian Taylor This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.
A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.
NMI-EDIT Outreach: The first five years. Topics for Today  NMI-EDIT background  Activities  Outcomes  Resources.
Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.
Campus Active Directory Update Jim Green, Academic Technology Services Victor Lounds, Administrative Information Services Dave Carter, College of Agriculture.
1 A Case for Collaborative Identity Management in a Complex Decentralized Environment Andrea Beesing Assistant Director, IT Security and David Yeh Assistant.
Audit Challenges and Best Practices in a Research University Environment NSAA Annual Conference Jeffrey Huskamp Vice President and CIO.
Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.
Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.
Integrating Applications with the Directory Andrea Beesing CIT/Integration and Delivery June 25, 2002.
Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
UW Enterprise Portal Evaluation Report to Sponsors 18 February 2010.
NMI-EDIT CAMP Synopsis, ISCSI Storage Solution, Linux Blade Cluster, And Current State Of NetID By Jonathan Higgins Presentation Template available from.
University of Washington Teaching & Learning Infrastructure Mark C Donovan Director, UWired
SUNY System Administration Federation Overview Gavin Hogan July 15th, 2009 A work in progress….
COMPDIRS NATHAN DORS APRIL 16, AGENDA  IAM – who we are, what we do  HRP Modernization & Workday  What’s new in IAM?  Identity.UW soft.
Collaboration Tools and Challenges at the University of Washington Tony Chang, Senior Strategic Integration Architect Computing and Communications Scott.
HAKA project HAKA User administration inside Finnish Higher Education Institutes results from the KATO project Barbro Sjöblom EDS 2003 Uppsala.
USERS Implementers Target Communities NMI Integration Testbed The NMI Integration Testbed NMI Participation Developed and managed by SURA Evaluate NMI.
All the Moving Parts: Designing a Merged Library/IT Organization EDUCAUSE Mid-Atlantic Regional Conference January 10, 2006.
UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma
An Integrated Framework for Identity and Access Management (IAM) RL”Bob” Morgan, U Wash., MACE Keith Hazelton, U Wisc., MACE Internet2 Spring Member Meeting.
Integrated Institutional Identity Infrastructure: Implications and Impacts RL “Bob” Morgan University of Washington Internet2 Member Meeting, May 2005.
Identity Services Technical Briefing Tuesday, November 5, 2013 Nicholas Roy – Technical Manager 11/5/13Identity Services Technical Briefing1.
Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.
January 9, 2002 Internet2 WebISO Project RL "Bob" Morgan, University of Washington.
Implementing a Role Management System Mair é ad Martin Carrie Regenstein Internet2 Fall Meeting September 20, 2005.
University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.
LionShare Origins Visual Image User Study (VIUS) Hosted in University Libraries at Penn State A two-year user study sponsored by Mellon Foundation Looking.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
A Word from the Sponsors NMI-EDIT comprises Internet2 and EDUCAUSE –NSF Middleware Initiative (NMI)-Enterprise and Desktop Integration Technologies Consortium.
FROM MIT KERBEROS TO MICROSOFT ACTIVE DIRECTORY The Pennsylvania State University’s move from a lower case MIT Kerberos realm to a Standard Microsoft Active.
Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
1 ITS STRATEGIC INITIATIVES Ken Orgill Assistant Vice Chancellor, Information Technology Services and Campus Chief Information Officer.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
1 Name of Meeting Location Date - Change in Slide Master Authentication & Authorization Technologies for LSST Data Access Jim Basney
University of Southern California Identity and Access Management (IAM)
New Developments in Central Directory Service and Account Provisioning Dan Menicucci Enterprise Architect - University of Pittsburgh.
Current Activities in Middleware
Identity and Access Management Services
ESA Single Sign On (SSO) and Federated Identity Management
Identity and Access Management Program Update CIO Council Update
University of Southern California Identity and Access Management (IAM)
Copyright Copyright Ian Taylor This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Open Source Web Initial Sign-On Packages
Technical Issues with Establishing Levels of Assurance
Presentation transcript:

The Access Management Puzzle: Putting the Pieces Together Identity and Access Management at the UW Ian Taylor Manager of Security Middleware University of Washington

Context and Challenges  Large institution, diverse populations Three Campuses 43,000 students – Undergraduate, Graduate and Professional Extension Enrollment – 27,000 28,000 Faculty and Staff Two Medical Centers, Neighborhood Clinics, SCCA K-20 network  Result: over 512,000 UW NetIDs in use

Environment  Tension between central and decentralized governance Central IT (C&C), also much departmental computing  IT Strategic Plan: No ERP solution build on the legacy use best of breed niche solutions  IAM solutions: Open Source + Professionally-developed In-House

Foundation  UW NetID  Kerberos : MIT KDC deployed 1997  LDAP: Netscape Directory Server 1998 (switched to OpenLDAP in 2005)  Web ISO/SSO: pubcookie UW NetID "weblogin" service introduced on campus in 1999  Person Registry: 1999  Privilege Management: ASTRA v1 released 2003

Guiding Principles GGray’s Network Security Credo Open networks/Closed servers/Protected sessions Key elements of security architecture: Authn/Authz SSingle, ubiquitous identifier SSSO LLowest latency IIntegration VVisibility PPragmatism

Solution: Authentication

Solution: Authorization

Good outcomes  Roles Adapt to application needs Learn and limit  Authorization Management Central Distributed  Legacy Applications Publish Authorizations Manage Authorizations

Recent successes, upcoming challenges  UW Windows Infrastructure: course groups to AD  Treat Exchange population as a Subscription  Generate organizational groups by Budget  Push ASTRA Role occupants to Groups?  Web Service interfaces to LDAP directories  Greater federation via Shibboleth  Grouper  Global IdM  Levels of Assurance … and … of course …

Governance and Policy  IT and IM (OIM)  Data Management Committee  Minimum Data Security Standards  Roles Sub-committee

The Security Middleware Team (without which …)  Rupert Berk  Heidi Berrysmith  Donn Cave  Nathan Dors  Jim Fox  Anne Hopkins  Ken Lowe  Zephyr McLaughlin  RL ‘Bob’ Morgan  Bob Salnick  Tracy Stenvik  Ann Testroet

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.