SUNY System Administration Federation Overview Gavin Hogan July 15th, 2009 A work in progress….

Slides:



Advertisements
Similar presentations
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Advertisements

The Engine Driving Business Management in Project Centric Environments MAGSOFT INTERNATIONAL LLC.
Trusted 3 rd Party Authentication & Friends: SSO and IdM NWACC Security Workshop 2013 Portland.
DRAGOLJUB NESIC 08/12/2013 DOES IDENTITY MANAGENT REALLY HAVE TO BE DIFFICULT?
Emory University Case Study I2 Day Camp November 5, 2010 John Ellis & Elliot Kendall.
Active Directory: Final Solution to Enterprise System Integration
Evolution of Identity Management May 15, 2008 For: CIPS Security Special Interest Group Presented by: Mike Waddingham, PMP President, Code Technology Corp.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Understanding Active Directory
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity1 Provisioning Services Collaborative CSU, East Bay and CSU, San Bernardino.
Peter Deutsch Director, I&IT Systems July 12, 2005
Project Centric Solutions Page 1 Swaziland Electricity Board Magsoft e-Tendering Solution Magsoft International LLC
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
National Finance Center’s 2008 Customer Forum EmpowHR 9.0 Billy Dantagnan Teracore.
1 Data Strategy Overview Keith Wilson Session 15.
“This presentation is for informational purposes only and may not be incorporated into a contract or agreement.”
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
SWITCHaai Team Federated Identity Management.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.
Blue Coat Systems, Inc. Oracle Enterprise, Planning & Budgeting (EPB) April 8, 2005 Bob Verheecke Chief Financial Officer.
Copyright 2006 Archistry Limited. All Rights Reserved. SOA Federated Identity Management How much do you really need? Andrew S. Townley Founder and Managing.
InCommon Michigan State Common Solutions Group, January 2011 Matt Kolb
SWITCHaai Team Introduction to Shibboleth.
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.
The Engine Driving Purchasing Management in Complex Environments MAGSOFT INTERNATIONAL LLC.
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.
TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
8.1 Lawson Security Overview Del Dehn Product Manager.
…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma
GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,
Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.
Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.
Shibboleth: An Introduction
Current list of common attributes of the EDIT federation Single Sign-On for the EDIT platform Lutz Suhrbier¹, Andreas Kohlbecker², Andreas Müller² 1 Freie.
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Planning the Portal Project Overview of the Plan Presentation to ALL-IT-Managers April 3, 2002 Gould Auditorium.
State of Georgia Release Management Training
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Office of Consulting and Project Management Major Initiatives.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
F5 APM & Security Assertion Markup Language ‘sam-el’
Chapter 15 Telecommunication Department Management.
1 Milestone Systems, Inc. Confidential Milestone Systems Open Platform Video Management Software Reinier Tuinzing Strategic Alliance Manager, Americas.
10/08/20041 © 2004 Pete Palmer Federated Identity Management and Regional Health Information Organizations Pete Palmer, Principal Security Analyst, Guidant.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
People Inc. from P&A Software
Federation made simple
California State University CSUconnect Federation
Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support
John O’Keefe Director of Academic Technology & Network Services
ESA Single Sign On (SSO) and Federated Identity Management
People Inc. from P&A Software
Mary Montoya, CIO Bogi Malecki, Project Manager
Shibboleth 2.0 IdP Training: Introduction
Presentation transcript:

SUNY System Administration Federation Overview Gavin Hogan July 15th, 2009 A work in progress….

2 Agenda Overview of SUNY Overview of IdM History at SUNY Federation/IdM Roadmap The Oracle Experience to date.

3 Overview of SUNY 64 Campuses. –Plus Research Foundation and Other Entities Total Enrollment :438,361 SUNY Employees : 87,362 $11B Annual Budget

4 History of IdM for SUNY Mainframe: Centralized Management. Decentralized Management. Portal/Web Phase I Leverage Mainframe for AuthN. Migrate to Distributed AuthN (LDAP/POP) Centralized Entitlements with distributed Management.

5 Distributed Authentication This is our current mode of operation. About 60 campuses have enabled LDAP. Entitlement and Access Control engine is Home Grown Protects Business Services ONLY at System Administration. Credential Management is maintained at home campus. Low learning curve, easy to implement.

6 Systems Integrated With SUNY SSO Financial/Accounting Human Resources and Payroll Institutional Research Data Collection and Reporting Business Intelligence Student Enrollment/Application Processing

7 Systems Targeted For Integration Other Agencies: State Controllers Office Campus Student Information Systems UWide and Campus Confluence Wikis Lots of 3 rd Party Software.

8

9 Moving to SUNY Federation Created a task force to establish shared attribute specifications. Work on populating attributes at campuses. Evaluating Technologies; modifications to existing systems False starts and personnel departures.

10 Key Motivations Put more control into the hands of the campuses. User convenience, better SSO. Improving audit compliance/capabilities Integrate with other entities through a standard channel.

11 Implementation Team System Administration –Centralized IT Services Information Technology Exchange Center (ITEC) –Campus Services and Support Alliance for Strategic Technologies. –Combined view for the whole University.

12 Key Sponsors SUNY System Administration –Central Business Offices –Office of Administrative Technologies SUNY ITEC –Campus clients

13 SUNY Shared Attributes eduPerson attributes Mail, telephone, postalAddress etc sunyPerson attributes –Student ID –Person/Emplolee ID

14 Shibboleth POC The shibboleth POC started with 1.x Moved on to a 2.0 implementation. Was used to a establish technological proving ground for the team. Highly likely to be used by many campuses as IdP. Original team moved on from SUNY.

15 Oracle POC Oracle has a large suite of IdM software, including a federation component (OIF). Solution is complicated, but it covers a lot of ground. OIF is really a light weight SAML2 gateway for the Oracle Access Manager OAM could replace much of our existing Security system.

16 Oracle POC Oracle consulting engaged for the POC Shibboleth2 support has been assured by Oracle, we will hold them to that. Shibboleth1 support is expected to be available in the next release – 11G.

17 Oracle POC - Scope The scope of the project is small. Prove that OAM/OIF can protect a federated Oracle Business Intelligence server. Prove that users can navigate back and forth across a local and a federated OBI server with a single sign-on session.

18 Oracle POC - Scope OIF Acting as a service provider must interact with a Shibboleth2 identity provider.

19 Why Oracle Oracle is a primary technology partner for SUNY Good relationship since 1987 The SUNY CIO negotiated for a full University license of the IdM suite at a very good price. The suite is fully featured.

20 The Oracle Experience. For several months we have been drafting a consulting engagement with Oracle. We had difficulty coming to a technological design/approach. Product management is very interested in out project and provided some expertise to help Oracle Consulting.

21 The Oracle Experience. For several months we have been drafting a consulting engagement with Oracle. Oracle Consulting had difficulty coming to a technological design/approach. The project has been nearly derailed multiple times through a lack of professionalism from Oracle Consulting.

Does it work? Check back in a few months.

23 Next Steps. UWide Entitlements. Training – The Oracle Product Is Lacking Training. Non SUNY Integrations.

24 Contact me:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.