An Integrated Framework for Identity and Access Management (IAM) RL”Bob” Morgan, U Wash., MACE Keith Hazelton, U Wisc., MACE Internet2 Spring Member Meeting.

Slides:



Advertisements
Similar presentations
© 2008 The MITRE Corporation. All rights reserved A Service Oriented Architecture (SOA) Approach to Department of Defense Architecture Framework (DoDAF)
Advertisements

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
How Identity and Access Management Can Help Your Institution Touch Its Toes Renee Woodten Frost Internet2 and University of Michigan Kevin Morooney The.
Overview What is the National ITS Architecture? User Services
June 10-15, 2012 Growing Community; Growing Possibilities Benn Oshrin, The Oshrinium, LLC Keith Hazelton, UW-Madison, Internet2 CIFER Community Identity.
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
1 Service Oriented Architecture: UW’s Migration Strategy a.k.a. What is it and how do we get one? Jim Phelps Sr. I.T. Architect, DoIT, UW-Madison
EuroCAMP: Porto An Introduction to Identity and Access Management Borrowed from Keith Hazelton Sr. IT Architect, University of.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Practices from the Field NSF Middleware Initiative: Identity and Privilege Management Model Michael Gettes, Duke University Jim Phelps, UW-Madison EDUCAUSE.
Application Integration, Data Access, and Process Change.
Oracle Fusion Middleware
Internet2 MACE Identity and Access Management (IAM) Projects integ-tb-kh-02.ppt Keith Hazelton, U Wisconsin With help.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Realising the Potential of Service Oriented Architecture Kris Horrocks Connected Systems Division Microsoft.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
© 2006 IBM Corporation SOA on your terms and our expertise Discovering the Value of SOA SOA In Action SOA & End-2-End Business Driven Development using.
The Access Management Puzzle: Putting the Pieces Together Identity and Access Management at the UW Ian Taylor Manager of Security Middleware University.
Welcome to CAMP Leveraging Campus Authentication Across Boundaries Workshop Ann West NMI-EDIT Outreach Michigan Tech/EDUCAUSE/Internet2.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
(Rev 1/11) UW System Identity and Access Management (IAM) Current Status and Roadmap Tom Jordan, IAM-TAG Chair Ty Letto, IAM Support Team Manager January,
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.
1 Open Library Environment Designing technology for the way libraries really work December 8, 2008 ~ CNI, Washington DC Lynne O’Brien Director, Academic.
Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.
SOA, BPM, BPEL, jBPM.
Initial slides for Layered Service Architecture
Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.
Integrating Applications with the Directory Andrea Beesing CIT/Integration and Delivery June 25, 2002.
Maturation & Convergence in Authentication & Authorization Services in US Higher Education: Keith Hazelton, Sr. IT Architect, University.
Integrated Identity and Access Management with I2MI Tools Integ-tb-kh-01.ppt Tom Barton, U Chicago Keith Hazelton,
IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.
Internet2 Middleware Initiative. Discussion Outline  What is Middleware why is it important why is it hard  What are the major components of middleware.
Directory Policy, Privacy, etc. David Millman – Columbia Keith Hazelton – Wisconsin et al.
Integrated Institutional Identity Infrastructure: Implications and Impacts RL “Bob” Morgan University of Washington Internet2 Member Meeting, May 2005.
CAMP Integration Identity and Access Management: a Functional Model iamintro ppt Keith Hazelton
Overview: Application Integration, Data Access, and Process Change November 16, 2005 Tom Board, NUIT.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.
11 ITLC – Middleware Report May 27, 2010 The work of a subgroup of ITAG.
Technical Support to SOA Governance E-Government Conference May 1-2, 2008 John Salasin, Ph.D. DARPA
Cyberinfrastructure Overview Russ Hobby, Internet2 ECSU CI Days 4 January 2008.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago.
The UW-Madison IAM Experience Building our Dream Home Presented by Steve Devoti, Senior IT Architect © 2007 Board of Regents of the University of Wisconsin.
October 2, 2001 Middleware: Pieces and Processes RL "Bob" Morgan, University of Washington.
Moving Forward in Stages Tom Barton, University of Chicago.
Authorization: Just when you thought middleware was no fun anymore Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Member, Internet2 Middleware.
2-Oct-0101 October 2001 Directories as Middleware Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
IAM VISION OUR CREATIVE INSPIRATION IAM STRATEGY & ROADMAP TEAM JUNE 3, 2015.
Welcome to CAMP Directory Workshop Ken Klingenstein, Internet2 and University of Colorado-Boulder.
Leadership Guide for Strategic Information Management Leadership Guide for Strategic Information Management for State DOTs NCHRP Project Information.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
NSF Middleware Initiative and Enterprise Middleware: What Can It Do for My Campus? Mark Luker, EDUCAUSE Copyright Mark Luker, This work is the intellectual.
University of Southern California Identity and Access Management (IAM)
LIGO Identity and Access Management
Current Activities in Middleware
Identity Management Integration CAMP
Proposal to Create IAM Working Group
University of Southern California Identity and Access Management (IAM)
Open Source Web Initial Sign-On Packages
Identity Management at the University of Florida
Shibboleth Deployment Overview
Signet & Privilege Management
SOA Strategies for Enterprise X
Technical Issues with Establishing Levels of Assurance
Data, Policy, Stakeholders, and Governance
Introduction to SOA Part II: SOA in the enterprise
Presentation transcript:

An Integrated Framework for Identity and Access Management (IAM) RL”Bob” Morgan, U Wash., MACE Keith Hazelton, U Wisc., MACE Internet2 Spring Member Meeting May 3, 2005, Arlington, VA RL”Bob” Morgan, U Wash., MACE Keith Hazelton, U Wisc., MACE Internet2 Spring Member Meeting May 3, 2005, Arlington, VA

2 Session overview I.Integration: IAM and applications (Keith) II.Drivers & requirements (RL “Bob”) III.From talking to doing (Keith again)

3 I: From Construction to Integration Construction Raw materials into systems Integration Subsystems into whole systems Multiple systems into ecosystems We’re all moving from construction to integration Let’s review state of middleware systems’ readiness for integration

4 IAM: Generic Functions VerbObjects ReflectData of interest from systems of record into registry, directory JoinIdentity information across systems ManageCredentials, group memberships, affiliations, privileges, services, policies ProvideIAM info via - run-time request/response - provisioning into App/Service stores Authenticate (AuthN)Claimed identities Authorize (AuthZ)Access or denial of access LogUsage for audit

5 Reflect, Join, and Manage Credentials Systems of Record Stdnt HR Other Enterprise Directory Registry LDAP

6 Collect bits of identity information in all the relevant IT systems Use business logic to Establish which records correspond to the same person Maintain that identity join in the face of changes to data in collected systems Assign a unique identifier for cross- system link Reflect, Join, and Manage Credentials

7 Manage Credentials When to assign, activate credentials (as early as possible) Who gets them? Applicants? Prospects? “Guest” NetIDs (temporary, identity-less) Reassignment (never; except…) Please send me a feed… Argument for WebISO

8 Manage IAM Info and Provide it via run-time calls or provisioning Systems of Record Central AuthN/ WebISO Apps / Resources Enterprise Directory

9 IAM functions & big pictures

10 IAM functions & big pictures Reflect Join Credential Provide/run-time (AuthN) Provide/provision AuthZ Manage Grps Manage Privs Log

11 The User to Service Provider slice across the systems Another aspect or perspective Courtesy of Mark Poepping, CMU

12 Another aspect or perspective Courtesy of Mark Poepping, CMU

13 The User to Service Provider perspective

14 The User to Service Provider perspective

15 Next-up integration services Message queuing (pub-sub, point-to-point) Workflow (business process orchestration) Policy info mgmt Policy decision point Service Oriented Architecture (SOA) as current buzz-word for the overall vision The vision will outlast the name

16 Middleware -- Application Integration ERPs SAKAI uPortal …

17 IAM and Application Integration

18 Inter-institutional integration Virtual Organization (VOs) Federations League of Federations

19 Part II: Drivers & Requirements

20 Part III: Doing Integration: Service Oriented Architecture (SOA) Goals What software is deployed during an integration, where and how is it deployed? W hat development is needed to accomplish an integration? What is the development / deployment process? How is the installation managed, maintained and expanded? How do individual integrations work together to form an infrastructure?

21 Service Oriented Architecture (SOA) Migration Strategy Courtesy of Jim Phelps, Architect U Wisconsin System Initiative Common Systems Interoperability Architecture Working Group (CSIAWG)

22 Migration Strategy - SOA Organization - Change Management Process - Business Process Analysis Information - Enterprise Data Definitions Infrastructure - Architecture and Technology Vendors – Fill the Gaps

23 Migration Strategy - SOA Organization - Change Management Culture shift from data to services Staff Training and Support New Expertise Service Interface Designer (2) Service Library Manager (2) Integration Competency Centers (3)

24 Integration Competency Center

25 Migration Strategy - SOA Organization - Change Management Culture shift from data to services Staff Training and Support New Expertise Service Interface Designer (2) Service Library Manager (2) Integration Competency Centers (3)

26 Migration Strategy - SOA Process - Business Process Analysis Prioritization -Most Pain, Most Gain Define/Document Business Processes Look for optimization opportunities Data needs (timeliness, availability, etc) Use disruption to your advantage

27 Migration Strategy - SOA Information - Enterprise Data Identification Let the Business Process Analysis drive the data definitions. Don’t build a complete dictionary Start with the most needed definitions Build on standards

28 Migration Strategy - SOA Infrastructure - Architecture and Technology Gap analysis - what pieces are missing Architecture Analysis Business Process Analysis and Enterprise Data Identification lead the efforts.

29 Migration Strategy - SOA We want to fix this business process. It needs data and services to/from these systems. We need these adaptors and data stores. We need these technologies to deploy these services.

30 Migration Strategy - SOA Vendor - Evaluation to fill gaps Business Process Analysis Enterprise Data Identification Data Definitions / schema development Service Design Technology Gaps

31 Migration Strategy - SOA Always ask “is the request for data really a request for service”

32 Roadmap to SOA Business Application Level UW System Level Campus Level

33 Roadmap to SOA Integration Competency Center ( ICC ) Registry Establish Governance Development Standards Common Tools UW System Level

34 Roadmap to SOA Analysis of Interfaces Analysis of Business Processes Reduction of Interfaces Schema Definitions Migration to Services Business Application Level

35 Roadmap to SOA ICC Take advantage of disruption Analysis of Business Processes Reduction of Interfaces Migration to Services Campus Level

36 References 1. Enterprise Application Integration, Revere Group Presentation June 26, Service-Oriented Architecture, A Field Guide to Integrating XML and Web Services, Thomas Erl 3. Introduction to Integration Competency Centers, Darwinmag.com html html 4. Enterprise Service Bus, David A. Chappell 5. ICC - The Fab Five - Competency Center Models and core skill sets, CIO Magazine

37 References OASIS on Tuesday is announcing the formation of a technical committee that will develop a reference model to provide clarity on the definition of an SOA, said Duane Nickull, chairman of the new OASIS SOA-RM (Reference Model) Technical Committee and senior standards strategist at Adobe. -- Infoworld, May 03, 2005

38

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.