National Science Foundation Chief Information Officer CIO Fall Update for the Advisory Committee for Business and Operations: Identity Management 2.0 George.

Slides:

Advertisements

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Advertisements

Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Social Economic and Legal Issues in Digital Libraries Group 7: Graham Hill Bianna Ine Matthew McGovern Francine Pfeffer.

Peter Deutsch Director, I&IT Systems July 12, 2005

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign InCommon and TeraGrid Campus Champions Jim Basney

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.

© 2011 The University of Chicago InCommon Silver Implementation at UChicago Tom Barton 1.

Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,

Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

RIVERA SÁNCHEZ-1 CSE 5810 User Authentication in Mobile Healthcare Applications Yaira K. Rivera Sánchez Computer Science & Engineering Department University.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.

PKI in Higher Education: Dartmouth PKI Lab Update Internet2 Virtual Meeting 5 October 2001.

Identity Management 2.0 George O. Strawn NSF CIO.

The InCommon Federation The U.S. Access and Identity Management Federation

Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.

NIH Policy Manual 2811 Policy on Smart Card Authentication iTrust Forum Mark L. Silverman December 10, 2009

IAMOhio: OARnet’s Trusted Identity Federation Internet2 Fall Member Meeting 2012 Philadelphia, PA Mark Beadles Program Manager, IAMOhio Federation

Identity Management Practical Issues Associated with Sharing Federated Services UT System Identity Management Federation William A. Weems The University.

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign Secure Access to Research Infrastructure via the InCommon Federation.

Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

NSF and IT Security George O. Strawn NSF CIO. Outline Confessions of a CIO Otoh NSF matters IT security progress at NSF IT security progress in the Community.

An Overview of Single Sign-On, Federation, Its Benefits, and Basic Procedures for Integrating Applications.

Baltic IT&T, Riga 2007 Identity Management within the educational sector in Norway Senior Adviser Jan Peter Strømsheim, Norwegian ministry of Education.

Identity Management Practical Issues Associated with Sharing Federated Services William A. Weems The University of Texas Health Science Center at Houston.

SIF for US Science Michael Helm Esnet 09 June 2011.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Jane Hill Directory Services Product Manager, Harvard University.

Copyright © 2003 Jorgen Thelin / Cape Clear Software 1 A Web Services Security Framework Jorgen Thelin Chief Scientist Cape Clear Software Inc.

Security & Privacy. Learning Objectives Explain the importance of varying the access allowed to database elements at different times and for different.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Federated Identity Management at NIH…NIH Login and Beyond Debbie Bucci September 2009.

1 May 5, 2000Confidential Information of Entegrity Solutions PKI Forum Workshop Art Goldberg SVP –Corporate Development and Chief Strategy Officer.

Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Federations: The New Infrastructure Speaker Name Here Date Here Speaker Name Here Date Here.

Attribute Delivery - Level of Assurance Jack Suess, VP of IT

Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.

Grants Management Update George O. Strawn NSF Chief Information Officer Advisory Committee for Business and Operations Spring 2006 Meeting.

Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

Shibboleth for Middle Schools James Burger -

1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)

 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

Identity and Access Management

John O’Keefe Director of Academic Technology & Network Services

Privacy, Security, and Identity Management Update

State of e-Authentication in Higher Education Bernie Gleason

Registrars are a Barrier to Collaboration: Truth or CIO Pretext?

Identity Management at the University of Florida

Appropriate Access InCommon Identity Assurance Profiles

PLANNING A SECURE BASELINE INSTALLATION

Technical Issues with Establishing Levels of Assurance

Protecting Privacy with Federated AA

Presentation transcript:

National Science Foundation Chief Information Officer CIO Fall Update for the Advisory Committee for Business and Operations: Identity Management 2.0 George O. Strawn NSF CIO Fall 2006

National Science Foundation Chief Information Officer Outline What is Identity Management (IdM)? IdM 1.0 Why not IdM 1.0? Why IdM 2.0? Why not IdM 2.0? What is IdM 2.0? Other matters

National Science Foundation Chief Information Officer What is Identity Management? Organization: The policies, processes, and tools used to “assure” that IT systems and applications are made available only to appropriate persons Individual: The persons I am working with and the systems I am using really are who they say they are. And no one can impersonate me, or read or change my information

National Science Foundation Chief Information Officer IdM has become important! Identity Management has greatly increased in importance as IT systems and applications are used to perform more and more of the work of society and commerce For this reason, we’ve got to do a better job of IdM (from IdM 1.0 to IdM 2.0)

National Science Foundation Chief Information Officer IdM 1.0 IdM is nothing new –we’ve had “user names and passwords” almost forever (in IT terms) A defining characteristic of IdM 1.0 is that each IT system and application does its own identity management –usually by keeping a list of authorized username/password pairs and checking it at login time

National Science Foundation Chief Information Officer Why not IdM 1.0? Ineffective: IdM 1.0 does a poor job of assuring privacy and security Inefficient: IdM 1.0 is expensive to manage and maintain (many separate IdM systems) Liability: IT and application providers (and their organizations) are now burdened with security and privacy responsibilities User-unfriendly: Users are now burdened with many username/password pairs –And these are proliferating!

National Science Foundation Chief Information Officer Why IdM 2.0? Effective: IdM 2.0 can provide a uniformly strong (eg, secure and private) identity management capability for an organization Efficient: IdM 2.0 can provide a single IdM system for an organization User-friendly: IdM 2.0 can greatly reduce the number of username/password pairs that a user must remember

National Science Foundation Chief Information Officer Why not IdM 2.0? IdM 2.0 will require changes to policies, processes, and IT systems –eg, replacing the IdM 1.0 software with the standardized IdM 2.0 software (middleware) IdM 2.0 is not free –The policies, processes, and IT systems must be developed and maintained But the benefits will outweigh the costs!

National Science Foundation Chief Information Officer What is IdM 2.0? A single, standardized solution for an organization to “assure” access to IT systems and applications only to appropriate persons Requires a “bigger/better” list of persons and it divides IdM into two parts: –authentication of users: Are you who you say you are? –authorization of users: Should you have access to a particular system or application?

National Science Foundation Chief Information Officer A bigger/better list of persons Often called a directory Will include all persons in your organization Q: But what about persons in other organizations who need access to your IT systems and applications? A: See next+2 nd slide. Will require as much “care and feeding” as your financial and personnel databases Will include information to enable authentication and authorization

National Science Foundation Chief Information Officer Authentication Are you who you say you are? –What you know (eg, a private password) –What you have (eg, a token that generates time-dependent random numbers) –What you are (eg, your fingerprint or retinal scan) These can be done alone (more or less well), or in (1-, or 2-, or 3-factor) combination

National Science Foundation Chief Information Officer Authorization Answers the question (for each person): which IT systems and applications are you permitted to use? Can be based on individuality (eg, Jane Jones is authorized to access the financial system) And can be based on role (eg, any staff member is authorized to use the internal web)

National Science Foundation Chief Information Officer Beyond the organization Another major benefit of IdM 2.0 will be that organizations can authenticate their members to other organizations (called “federated identity management”). Eg, –University X authenticates a student, and –College Y authorizes any student at University X to use its library system Higher Ed, USG, and industry are working hard to do this (eg, InCommon in HE)

National Science Foundation Chief Information Officer In the Federal world We are working to create a USG-wide “e- authentication” system We are working (under “HSPD-12”) to create an “intelligent card” for USG-wide physical access and (ultimately) for IT access NSF intends to move FastLane authentication from IdM 1.0 to IdM 2.0 –Eg, We intend that one could log into FastLane with a university credential if it is an InCommon credential

National Science Foundation Chief Information Officer Creating a Trusting e- Community Trusted Identity Management is one component of a trusted IT environment (together with secure IT applications and systems, and and digital information that is confidential, integral, and available) We will not enter the digital promised land until we do all these things better!