InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb

Slides:

Advertisements

Similar presentations

GridShib Tom Barton, U Chicago. 2 Grid Computing Distributed computing and/or data resources Heterogeneous computing & storage environments Interfaces.

Advertisements

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager,

Presented by: Doug Falk National Student Clearinghouse Student Access to Federal Loan Data and Other Online Student Services.

Going for the Silver Winter 2010 CSG January 13, 2010.

Federal Identity Management

InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker.

Getting to Silver: Practical Matters for CIC Universities Tom Barton University of Chicago © 2009 The University of Chicago.

Enterprise Architecture 2014 EAAF as a vehicle for LoA Using EAAF processes to incrementally approach InCommon/UCTrust certification.

Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

1 Penn State’s Identity & Access Management Initiative “It’s all about who you know … and what you know about them”

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Mary Dunker Common Solutions Group January 12, 2010.

InCommon and Federated Identity Management 1

Peter Deutsch Director, I&IT Systems July 12, 2005

Meeting InCommon Silver Profile Standards at UCD and UCB Bob Ono, UC Davis, Dedra Chamberlin, UC Berkeley, David Walker, UC Davis, Doreen Meyer, UC Davis.

Winter 2011 CSG Workshop: InCommon Silver January 12, 2011.

Appropriate Access: Levels of Assurance Stefan Wahe Office of Campus Information Security.

Application Security Management Functional Project Manager (s) ERP Project Director ERP Campus Executive University & Campus Administration Security Policy.

© 2011 The University of Chicago InCommon Silver Implementation at UChicago Tom Barton 1.

(Rev 1/11) UW System Identity and Access Management (IAM) Current Status and Roadmap Tom Jordan, IAM-TAG Chair Ty Letto, IAM Support Team Manager January,

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

The InCommon Federation The U.S. Access and Identity Management Federation

1 The Partnership Challenge Higher education’s missions are realized in increasingly global, collaborative, online relationships –Higher educations’ digital.

IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS: PEEK INTO PROPOSED FICAM CHANGES 12/12/12 1.

(Inter)Federation as Identity Management Policy Driver? RL "Bob" Morgan University of Washington.

Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.

Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.

1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

SUNY System Administration Federation Overview Gavin Hogan July 15th, 2009 A work in progress….

Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.

Identity Assurance: When it Matters David L. Wasley Internet2 / InCommon.

COmanage and InCommon: Present and Future Activities and Interactions Heather Flanagan, COmanage Project Coordinator, Internet2.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Campus Identity Management Requirements (=IAP) REFEDs meeting Mikael Linden,

Identity and Access Management Roadmap Presentations for Committee on Technology and Architecture March 21, 2012 Amy Day, MBA Director of GME IAM Committee.

State of e-Authentication in Higher Education August 20, 2004.

The Feds and Shibboleth Peter Alterman, Ph.D. Asst. CIO, E-Authentication National Institutes of Health.

Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.

Intra- to Inter-institutional Use of Shibboleth Bruce Vincent, Stanford University June 28, 2006.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Attribute Delivery - Level of Assurance Jack Suess, VP of IT

E-Authentication October Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.

Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.

Winter 2011 CSG Workshop: InCommon Silver Campus Panel: University of Iowa January 12, 2011.

SEPARATE ACCOUNTS FOR PROSPECTS? WHAT A HEADACHE! Ann West Assistant Director, InCommon Assurance and Community Internet2 at Michigan Tech.

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.

1 US Higher Education Root CA (USHER) Update Fed/Ed Meeting December 14, 2005 Jim Jokl University of Virginia.

Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

Tom Barton, Senior Director for Integration, University of Chicago

New Developments in Central Directory Service and Account Provisioning Dan Menicucci Enterprise Architect - University of Pittsburgh.

Preparing For An InCommon Silver Audit – Lessons From the First Phase

Cross-sector and user-centric AAI

LIGO Identity and Access Management

California State University CSUconnect Federation

John O’Keefe Director of Academic Technology & Network Services

AAI Alignment Nicolas Liampotis (based on the work of Mikael Linden)

PASSHE InCommon & Federated Identity Workshop

HIMSS National Conference New Orleans Convention Center

Fed/ED December 2007 Jim Jokl University of Virginia

Presentation transcript:

InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb

Goals  Improve our Identity Management infrastructure  Higher Levels of Assurance  Better documentation of process and procedures  Enable collaboration  Build trust with external partners  Facilitate access to services

Initial Challenges  Difficulty interpreting the Bronze/Silver Identity Assurance Profile (IAP)  Infrastructure incompatibility (password policy)  Sorely lacking:  Documentation  Policy  Scope  Taming wild provisioning processes  Where’s the killer app? (Motivation)

Approach  Work with other institutions (CIC, etc)  Partner with campus stakeholders  Identify a subset of the population for Silver  Likely a pilot comprised of research faculty  Leverage our ID Office  Verification process  Credentialing  Investigating second credential (certificates) through iClass ID Cards

Reasons for Hope  Flexible technical architecture  Solid person registry  MIT Kerberos  Shibboleth  ID Office  Created in Central IT, migrated existing physical and digital provisioning activities  Cross functional campus participation  Specifically strong commitment from Internal Audit  We’re not alone (CIC Partners)

Future State  Assert LoA Silver through our Shibboleth Identity Provider (IdP)  Authentication-time calculated attribute  Continue to maintain a single IdP for all Levels of Assurance (we hope)  Implement multifactor Authentication  This puts us on a track for Gold (someday)  Silver credential provisioning through ID Office

A Haiku; for InC Silver Spring of assurance collaboration the goal; Silver, together