From Directory Steering to Identity Governance Experiences at CU-Boulder.

Slides:



Advertisements
Similar presentations
HRMS 8.9 Upgrade Person Model. Introduction One of the significant changes to HRMS with the upgrade to 8.9 is the new Person Model. This course provides.
Advertisements

Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,
Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.
Identity Management at USC: Collaboration, Governance, Access Margaret Harrington Director, Organization Improvement Services Brendan Bellina Identity.
1 Collaborators at the Gates of Troy: Extending eServices at USC.
Technical Primer: Identifiers Internet2 Base CAMP Boulder, Colorado June, 2002.
Andy Cardamone Charnele Kemper
1 The Evolving Definition of "Student": Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.
1 Authentication Trustworthiness The Next Stage in Identity-Based Access and Security Tom Board, NUIT.
Manifest – the Service Application Manifest is our new service, with Grouper as its logic engine, to manage populations which are known to us and those.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
UNIVERSITY OF CALIFORNIA, RIVERSIDE COMPUTING AND COMMUNICATIONS “GETTING CONNECTED” Presented by: Computing and Communications Josee Larochelle September.
Staff Compensation Program Update
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Directory Services Project University of Colorado at Boulder.
On Beyond Z Building a Directory Service educause presentation #074 University of Colorado at Boulder Deborah Keyek-Franssen Marin Stanek Paula J. Vaughan.
PENN Community Project SUG Presentation April 8, 2002.
Directory Services Project University of Colorado at Boulder.
Directory Services Project University of Colorado at Boulder.
Planview for Resource Managers: Create Your Project
Project & Portfolio Management Software. Definitions and processes Navigation and overview How to create and edit a project: – General details – Resources.
Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,
Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.
Managing Information UT November 13-14, 2008 Campus Identity and Access Management Services.
Life After Implementation On-going Directory Management and Governance Sharing Experiences Jon Giltner Director of IT Architecture and Security Information.
NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.
ECOI electronic Conflict of Interest User Guide 1 Emory University, Office of Research Administration.
Identity and Access Management (IAM) What’s in it for Me? NC State University - Computer Security Day October 26, 2009 Mark Scheible Manager, Identity.
Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.
University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy
Agenda 1. Definition and Purpose of Data Governance
Who’s Who and What’s What in the University Directory at Georgetown Common Solutions Group Spring Meeting University of Chicago May 9, 2002 Charles F.
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy
University of Michigan Enterprise Directory Services Appendix A Conceptual Architecture.
Cost Policy Training Sponsored Project Training Program April 30, 2012 Beverly Blakeney & Jennifer Gagnon April 30, 2012Sponsored Project Training Program1.
UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma
Directory Policy, Privacy, etc. David Millman – Columbia Keith Hazelton – Wisconsin et al.
User creates problem ticket on Web tool? User has Problem End user requests asst. via , phone, in person. No ticket created Helpdesk staff decides.
1 Free Help: State Support Team Technical Assistance Services 2012 MIS Conference February 15, 2012 Corey Chatis, State Support Team Jan Petro, CO Department.
Learning Objectives Conducting an On-Site Monitoring Review FPO calls the Grantee: “As you know, we’re a little more than nine months into your 24 month.
Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
Jane Hill Directory Services Product Manager, Harvard University.
Enterprise Service Desk (ESD) Enterprise Service Desk for Notification / Knowledge Article Authors.
Site Security Policy Case 01/19/ : Information Assurance Policy Douglas Hines, Jr.
Implementing a Role Management System Mair é ad Martin Carrie Regenstein Internet2 Fall Meeting September 20, 2005.
KIM: Kuali Abstraction Layer for Identities, Groups, Roles, and Permissions.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
CCSDS Registry Re-Engineering Organizations & Persons SCIDs, Assets (new) & OID Tree Peter Shames, Erik Barkley Marc Blanchet, Brian Oliver, Tom Gannett.
TASFAA 2016 Legacy of Leadership. TASFAA 2016 Legacy of Leadership Family Educational Rights and Privacy Act (FERPA) An Overview Molly Thompson Associate.
Introduction to Terra Dotta Applications Integration with Campus Data Systems for institutions beginning their software implementation.
U.S. Department of Agriculture eGovernment Program eAuthentication Initiative eAuthentication Solution Screens Review Meeting October 7, 2003.
1 Name of Meeting Location Date - Change in Slide Master Authentication & Authorization Technologies for LSST Data Access Jim Basney
Community of Practice K Lead Project Team: الالتزامالتحفيز التفكير المؤسسي المرونةالتميزالشراكةالاستقامة.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
University of Southern California Identity and Access Management (IAM)
UW-Madison. BUILDING A DISTRIBUTED ACCESS MANAGEMENT INFRASTRUCTURE Reports from the Real World.
Office of Information Technology October 18, 2016
Congratulations - You Have a Grant! Now What?!
Current Campus Issues – From My Horizon
University of Southern California Identity and Access Management (IAM)
Welcome to the FERPA training for Faculty and Staff.
PASSHE InCommon & Federated Identity Workshop
Identity Management at the University of Florida
MIT Case Study Notes Paul B. Hill
Want to Integrate Your Data? Let’s Start at the Beginning
Presentation transcript:

From Directory Steering to Identity Governance Experiences at CU-Boulder

Dog

Summary What we called Directory Steering at the time was really Enterprise Identity Management.

Conclusions There are two types of IdM governance. IdM governance activities happen in flurries related to specific projects. This is not ideal.

2001 Directory Project Steering Team Member Criteria: Policy maker at campus or system level AND/OR Knowledge expert in how University conducts business

Task: Directory Policy Establishes –Directory Governance ; –Official Data Sources (the information systems from which the Directory will extract its data, create entries, and update entries, and upon which it will base its reconciliation) ; –Directory Inclusion (categories of people who will be included in the CU- Boulder Directory) ; –Directory Use (privacy requirements; who may have authenticated access to the Directory; who may pull data from the directory and for what purposes; and who must use the Directory)

Task: Affiliation Affiliation describes an individual’s relationship with the university. Affiliation will be used for two primary purposes: To determine whether services should be granted to the user (check performed via a directory- enabled system) To determine what information should be displayed and/or made public for the individual associated with the entry. Affiliation DISPLAY /QUERY Admitted Student  Confirmed Student  Parent?   Student   Staff   Faculty   Student Employee   Retiree  Employee Spouse  Alum  Sponsored  vendor?  contractor?  visiting faculty?   Directory-only Conference Attendee  SERVICE

And Even… dir list idke y labADmode m dhcpWe b host acctemem o libraryidcardRTDrecctrotherspecial conditio ns ContEd noncredit[1][1] no no[2][2]no no? no yes[3][3]no[4][4]no[ 5][ 5] yes PLU S;we b ct[6][6] current enrollm ent campus ministries no yes/n o yes/ no yes/no yes/ no yesno special id card clubs/orgs[7][7]no yes/n o yes/ no yes/no yes/ no yes ucsu- reg if stdent org. Expire date conference attendee[8][8] no yes/n o yes/ no yes/no [ 9] [ 9] yes/ no yes/no no yesyes[10 ][10 ] noyes web CT, wshc short term service vendor/contrac tor no yes/n o yes/ no yes/no yes/ no yes/no no yes/no (special ) no svcs vary by ven.; expire per vendor. CU Agency list[11][11] yes/ no yes/n o yes/ no yes/no noyes/n o yes/ no yes/nono yes/no alumnino (addr ) no yes[12 ][12 ] no yes[1 3][1 3] PLU S Foundation Staff yesno yes noyes

Ongoing Governance Structural and Logistical Prioritization of new development Review of data use requests (ie. Photo Class Rosters) New application access to Registry data “Local” vs. “Enterprise” identity data: Application specific extensions to directory. New Process and Policy Evolving groups, roles, and affiliations Delegated administration Non-person identities Multi-campus identities and federated between campuses and entities external to the university.

When Ad-hoc as needed to resolve issues related to specific projects (eg. desire for new “sponsored” affiliation type to support a new departmental application). May get bypassed because issue “not worth effort.”

Discussion Points Should the Structural/Logistical issues be addressed by same governance as policy and process issues (are they so intertwined that the structural issues can’t be pure IT design and management concerns)? The right balance for governance: –Frequent, regular involvement in the identity implications of any and all on-going projects. –Very infrequent high-level policy making, leaving the details to business process and application owners.