Identity Management 2.0 George O. Strawn NSF CIO.

Slides:



Advertisements
Similar presentations
1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
Advertisements

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.
Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
How Do You Establish Student Identity Remotely: A Survey Keith Hazelton, University of Wisconsin-Madison Ann West, Internet2/InCommon Federation 2010 Fall.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Adoption of PKI Where are we, where should we be, what’s holding us back, and where do we want to go? And: what about authentication vs. authorization?
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Peter Deutsch Director, I&IT Systems July 12, 2005
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign InCommon and TeraGrid Campus Champions Jim Basney
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University
Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.
CAMP Integration Reflect & Join A Case Study The University of Texas Health Science Center at Houston William A. Weems Assistant Vice President Academic.
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
1 EDUCAUSE Midwest Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit Mark.
RIVERA SÁNCHEZ-1 CSE 5810 User Authentication in Mobile Healthcare Applications Yaira K. Rivera Sánchez Computer Science & Engineering Department University.
Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.
PKI in Higher Education: Dartmouth PKI Lab Update Internet2 Virtual Meeting 5 October 2001.
Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.
Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.
National Science Foundation Chief Information Officer CIO Fall Update for the Advisory Committee for Business and Operations: Identity Management 2.0 George.
Account Authority Digital Signature AADS Lynn Wheeler First Data Corporation
Middleware challenges to service providers, the Nordic view TERENA, Ingrid Melve, UNINETT.
IAMOhio: OARnet’s Trusted Identity Federation Internet2 Fall Member Meeting 2012 Philadelphia, PA Mark Beadles Program Manager, IAMOhio Federation
Identity Management Practical Issues Associated with Sharing Federated Services UT System Identity Management Federation William A. Weems The University.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign Secure Access to Research Infrastructure via the InCommon Federation.
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
The Grid System Design Liu Xiangrui Beijing Institute of Technology.
Internet2 Middleware Initiative. Discussion Outline  What is Middleware why is it important why is it hard  What are the major components of middleware.
FEDERATIONS Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO September 27,
Baltic IT&T, Riga 2007 Identity Management within the educational sector in Norway Senior Adviser Jan Peter Strømsheim, Norwegian ministry of Education.
Identity Management Practical Issues Associated with Sharing Federated Services William A. Weems The University of Texas Health Science Center at Houston.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Security & Privacy. Learning Objectives Explain the importance of varying the access allowed to database elements at different times and for different.
Federations: The New Infrastructure Speaker Name Here Date Here Speaker Name Here Date Here.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
Identity Management Round Table Emerging Themes & Issues Spring CSG ‘07.
Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
IAM VISION OUR CREATIVE INSPIRATION IAM STRATEGY & ROADMAP TEAM JUNE 3, 2015.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
Trusted Electronic Communications for Federal Student Aid Mark Luker Vice President EDUCAUSE Copyright Mark Luker, This work is the intellectual.
Shibboleth for Middle Schools James Burger -
1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
1 EDUCAUSE Mid-Atlantic Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
SafeNet MobilePKI for BlackBerry® SSO solution, backed by strong MobilePKI-based security Name, Title.
Mark McConahay Delivering, Sourcing, and Securing Services Throughout
John O’Keefe Director of Academic Technology & Network Services
UNC Digital Library Project
Privacy, Security, and Identity Management Update
Firewalls.
SafeNet MobilePKI for BlackBerry® SSO solution, backed by strong MobilePKI-based security Name, Title.
State of e-Authentication in Higher Education Bernie Gleason
Mark McConahay Delivering, Sourcing, and Securing Services Throughout
A Business Case for Identity Management in Higher Education
September 2002 CSG Meeting Jim Jokl
Technical Issues with Establishing Levels of Assurance
4th Annual Conference on Technology and Standards Washington
KC-ROLO Project Kidderminster College – Repository Of Learning Objects
Presentation transcript:

Identity Management 2.0 George O. Strawn NSF CIO

Outline Who are we and what are we doing here? What is Identity Management (IdM)? IdM 1.0 Why not IdM 1.0? Why IdM 2.0? Why not IdM 2.0? What is IdM 2.0? Other matters

Who are we? Campus thought leaders (plus one) –One third high tech –One third middle tech –One third low tech/high application My job: to provide a level-setting definition and description of the state-of-the-art of Identity Management to an audience that ranges broadly in IT and IdM background

What are we doing here? Creating a “business plan” outline that could be used by EDUCAUSE member institutions to sell IdM 2.0 to the campus administration Creating a “marketing plan” outline that could be used by EDUCAUSE member institutions to sell IdM 2.0 to the campus

What is Identity Management? Organization: The policies, processes, and tools used to “assure” that IT systems and applications are made available only to appropriate persons Individual: The persons I am working with and the systems I am using really are who they say they are. And no one can impersonate me, or read or change my information

IdM has become important! Identity Management has greatly increased in importance as IT systems and applications are used to perform more and more of the work of society and commerce For this reason, we’ve got to do a better job of IdM (from IdM 1.0 to IdM 2.0)

IdM 1.0 IdM is nothing new –we’ve had “user names and passwords” almost forever (in IT terms) A defining characteristic of IdM 1.0 is that each IT system and application does its own identity management –usually by keeping a list of authorized username/password pairs and checking it at login time

Why not IdM 1.0? Ineffective: IdM 1.0 does a poor job of assuring privacy and security Inefficient: IdM 1.0 is expensive to manage and maintain (many separate IdM systems) Liability: IT and application providers (and their organizations) are now burdened with security and privacy responsibilities User-unfriendly: Users are now burdened with many username/password pairs

Why IdM 2.0? Effective: IdM 2.0 can provide a uniformly strong (eg, secure and private) identity management capability for an organization Efficient: IdM 2.0 can provide a single IdM system for an organization User-friendly: IdM 2.0 can greatly reduce the number of username/password pairs that a user must remember

Why not IdM 2.0? IdM 2.0 will require changes to policies, processes, and IT systems –eg, replacing the IdM 1.0 software with the standardized IdM 2.0 software (middleware) IdM 2.0 is not free –The policies, processes, and IT systems must be developed and maintained But the benefits will outweigh the costs!

What is IdM 2.0? A single, standardized solution for an organization to “assure” access to IT systems and applications only to appropriate persons Requires a “bigger/better” list of persons and it divides IdM divides into two parts: –authentication of users: Are you who you say you are? –authorization of users: Should you have access to a particular system or application?

A bigger/better list of persons Often called a directory Will include all persons in your organization Q: But what about persons in other organizations who need access to your IT systems and applications? A: See next+2 nd slide. Will require as much “care and feeding” as your financial and student record databases Will include information to enable authentication and authorization

Authentication Are you who you say you are? –What you know (eg, a private password) –What you have (eg, a token that generates time- dependent random numbers) –What you are (eg, your fingerprint or retinal scan) These can be done alone (more or less well), or in (1-, or 2-, or 3-factor) combination

Authorization Answers the question (for each person): which IT systems and applications are you permitted to use? Can be based on individuality (eg, Jane Jones is authorized to access the financial system) And can be based on attribute (eg, any student is authorized to use the library system)

Beyond the organization Another major benefit of IdM 2.0 will be that organizations can authenticate their members to other organizations (called “federated identity management”). Eg, –University X authenticates a student, and –College Y authorizes any student at University X to use its library system Higher Ed, USG, and industry are working hard to do this (eg, InCommon in HE)

In my other (the Federal) world We are working to create a USG-wide “e- authentication” system We are working (under the spur of “HSpd- 12”) to create an “intelligent card” for USG- wide physical access and (ultimately) for IT access NSF intends to move FastLane authentication from IdM 1.0 to IdM 2.0

Creating a Trusting e-Community Trusted Identity Management is one component of a trusted IT environment (together with secure IT applications and systems, and and digital information that is confidential, integral, and available) We will not enter the digital promised land until we do all these things better!