A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s.

Slides:

Advertisements

Similar presentations

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

Advertisements

How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.

Paul Caskey Technology Architect June 21, 2007 The University of Texas System Federated Identity Management Initiative

Starting Your Roadmap: Concepts and Terms Paul Caskey, The University of Texas System Copyright Paul Caskey This work is the intellectual property.

Educause Chuck Bartel Wireless Andrew- An Update on Lessons Learned.

Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.

Emory University Case Study I2 Day Camp November 5, 2010 John Ellis & Elliot Kendall.

Intra-campus Web SSO Management Topics for Deployed Campuses Nathan Dors, Technology Manager University of Washington CAMP Shibboleth June 25-27, 2007.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity1 Provisioning Services Collaborative CSU, East Bay and CSU, San Bernardino.

Peter Deutsch Director, I&IT Systems July 12, 2005

1 Governance in Identity Management Federations Clair Goldsmith, Ph.D. The University of Texas System Administration.

Administrative Information Systems Shibboleth: The Next Generation ISIS Technical Information Session for Developers Datta Mahabalagiri March

CAMP Integration Reflect & Join A Case Study The University of Texas Health Science Center at Houston William A. Weems Assistant Vice President Academic.

EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

Shibboleth Case Studies: Shibboleth as the Campus Web SSO Albert Wu, UCLA Datta Mahabalagiri, UCLA.

(Rev 1/11) UW System Identity and Access Management (IAM) Current Status and Roadmap Tom Jordan, IAM-TAG Chair Ty Letto, IAM Support Team Manager January,

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation Clair Goldsmith,

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

SERVING STUDENT VETERANS Faculty Senate April 3, 2014 Tracey L. Quada, M.A. Office of Military and Veterans Affairs.

FIM-ig Federated Identity Management Interest Group.

SWITCHaai Team Federated Identity Management.

Federated Identity Management: Is The State of Texas Ready? Paul Caskey The University of Texas System System-wide Information Services TASSCC 2008 August.

State of Information Technology Presentation for Faculty Council November 14, 2013 Mike Carlin Vice Chancellor for IT and CIO.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Identity Management Practical Issues Associated with Sharing Federated Services UT System Identity Management Federation William A. Weems The University.

Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.

ADFS in the U.T. System U.S. Federations Call - May 18, 2011 Paul Caskey System-wide Information Services.

Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federations 101: The U.T. System Identity Management Federation Internet2 Member Meeting Fall 2006 Paul Caskey.

Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.

FEDERATIONS Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO September 27,

Safeguarding Research Data Policy and Implementation Challenges Miguel Soldi February 24, 2006 THE UNIVERSITY OF TEXAS SYSTEM.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Integrated Institutional Identity Infrastructure: Implications and Impacts RL “Bob” Morgan University of Washington Internet2 Member Meeting, May 2005.

Navigating the Standards Landscape Andrew Owen SEARCH.

Portal-based Access to Advanced Security Infrastructures John Watt UK e-Science All Hands Meeting September 11 th 2008.

Shibboleth: An Introduction

Current list of common attributes of the EDIT federation Single Sign-On for the EDIT platform Lutz Suhrbier¹, Andreas Kohlbecker², Andreas Müller² 1 Freie.

Outsourcing Student at USC Institute for Computer Policy and Law Cornell University, August 2008 Asbed Bedrossian Director of Enterprise Applications.

Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.

Workforce Innovation in Regional Economic Development (WIRED) 1 Dude, Where’s my “Collaborative Workspace?” AN OVERVIEW OF THE WIRED WEST MICHIGAN CWS.

SAML a mature six year old? Glenn Wearen, Paul Caskey & Josh Howlett.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Intra- to Inter-institutional Use of Shibboleth Bruce Vincent, Stanford University June 28, 2006.

Federated Identity in Texas Paul Caskey The University of Texas System HEAnet National Conference Kilkenny, Ireland 13 November 2008.

Holly Eggleston, UCSD Beyond the IP Address: Shibboleth and Electronic Resources InCommon Library/Shibboleth Project.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Campuses New to Shibboleth: WebSSO Barry Johnson

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

Bringing it All Together: Charting Your Roadmap CAMP: Charting Your Authentication Roadmap February 8, 2007 Paul Caskey Copyright Paul Caskey This.

NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.

Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.

Introduction to Shibboleth Attribute Delivery for Campuses New to Shibboleth Paul Caskey The University of Texas System.

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.

Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.

Designing Identity Federation Policy, the right way Marina Vermezović, Academic Network of Serbia TNC2013 conference 4 May 2013.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

University of Texas System

John O’Keefe Director of Academic Technology & Network Services

U.T. System Federated Identity Management Update

Overview of The U.T. System Identity Management Federation

Presentation transcript:

A case study of Shibboleth deployment within the U.T. System June 26, 2006 Paul Caskey University of Texas System Copyright Paul Caskey 2006 Not Your Father’s SSO!

2 Agenda Background The Problems The Vision Current Status Lessons Learned Future Work

3 Background 16 institutions 9 general academic 6 health 1 system administration 16 unique organizations, budgets, problems, ideas

4 The Problems Small campuses tend to get left behind Little interoperability between infrastructures – makes collaboration difficult Security concerns from the scattered “islands” of identity information Regulations, threat of increased oversight User complaints about numerous logins and credentials No process for authorization

5 The Vision Reduce sign-ons, number of credentials Improve security islands of ID info improved authorization Establish plug n' play infrastructure for collaboration Implement consistent IdM standards

6 Current Status SLC Statement of Direction ETR Grant Shibboleth install fest 9/ institutions initially Began policy work Began deploying apps Shibboleth SP fest 5/05 5 production applications shared between institutions 1.Guest Wireless at System 2.Financial Reporting 3.Blackboard 4.Employee Training 5.Research Tracking 11 other applications shibb'd intra-institutionally MobileCampus, Chancellor's Project Tracking, etc. 16 IdPs operational 4/06 Policy docs approved 6/06 Moving federation to production on 9/1 Authorization processes still very immature

7 Lessons Learned Educate developers on technology, trust, authorization Pursue low hanging fruit early Communicate, communicate, communicate promote consistent understanding of technology set expectations Identifiers Namespace Lifetime/re-use Support models Who/where Skills Tools

8 Future Work Bring federation to production status Considerable work to do with authorization Work on application auto-provisioning/de- provisioning/updating Many more apps coming Interfederation

9 Questions Thank You THE UNIVERSITY OF TEXAS SYSTEM