Stanford Authorization Existing mainframe based authority –homegrown, in operation since the 80’s –primarily for financial and personnel authority for.

Slides:

Advertisements

Similar presentations

CASE STUDIES Indiana University University of California, Davis University of Maryland San Joaquin Delta College University of Arizona University of Washington.

Advertisements

ISIS is the web-based student information system that manages the University's core student data. ISIS integrates information from the Registrar, Student.

Using Approvals Management Engine (AME) for Requisitions in R12

The University of Illinois at Urbana-Champaign. The Team Ed Krol – Asst Dir. Computing & Communications Bill Mischo – Engineering Librarian Mike Grady.

Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.

Weapons/Gear Accountability Utilizing Radio Waves (RFID)

Authorizing Access to Services at Penn State University

Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.

Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.

Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.

UPortal.Cornell Using uPortal to integrate disparate campus systems Jon Atherton, Cornell Information Technologies

Idaho National Engineering and Environmental Laboratory The Data Warehouse The Place to go for Integrated Data Norman H Stevens

Implementing Oracle iProcurement at the University of Pennsylvania Oracle AppsWorld San Diego, California.

Peter Deutsch Director, I&IT Systems July 12, 2005

Enterprise Portal Authentication: who are you? Authorization: what are you permitted to do? Personalization: the web pages you see are dynamically created.

Student Information system

System Architecture University of Maryland David Henry Office of Information Technology December 6, 2002.

Identity Management: The Legacy and Real Solutions Project Overview.

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

Managing Information UT November 13-14, 2008 Campus Identity and Access Management Services.

14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.

CS for IT Support Staff CIT Conference. Welcome to… Campus Solutions for IT Support Staff.

JVM Tehnologic Company profile & core business Founded: February 1992; –Core business: design and implementation of large software applications mainly.

Unified Student-Centric Authentication and Authorization Nathan Wilder Special Assistant - Technology Office of the CIO.

Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.

EVA User Groups. Agenda Tip and Trick – Signature Authority and Expenditure Limits Password Expiration – new information regarding passwords 1% transaction.

Security Management System for Department Sponsors Session #20244 March 15, 2006 Alliance 2006 Conference Nashville, Tennessee.

The University of Wisconsin University Directory Service UDS A repository of people information Has been in production for about a year. Serves White pages,

Eric Westfall – Indiana University Jeremy Hanson – Iowa State University Building Applications with the KNS.

SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.

Signet and Grouper A Use Case Study for Central Authorization at Cornell University March 2006.

KUALI IDENTITY MANAGEMENT Provides services for Identity and Access Management in Kuali Integrated Reference Implementations User Interfaces An “integration.

Chapter 11 CS Introduction to Database Systems.

Building Applications with the KNS. The History of the KNS KFS spent a large amount of development time up front, using the best talent from each of the.

© 2004, The Trustees of Indiana University Kuali Project Development Methodology, Architecture, and Standards James Thomas, Kuali Project Manager Brian.

Self Service Web Apps Directions Atlanta OAUG Brenda Carlton, KPMG June 19, 1998.

Stanford University -- Using Hyperion for Budget Formulation & Analysis Presented by Dr. Andrew Harker Director of Budget Management Stanford University.

This presentation describes the development and implementation of WSU Research Exchange, a permanent digital repository system that is being, adding WSU.

Information Technology Current Work in System Architecture January 2004 Tom Board Director, NUIT Information Systems Architecture.

Institutional Data Flows at MIT Paul B. Hill CSG, May 1999.

Authority Implementation Stanford University Lynn McRae CSG Presentation September 18, 2002.

RazorBuy University’s new procurement system Review and Approval of Purchase Requisitions.

KIM: Kuali Abstraction Layer for Identities, Groups, Roles, and Permissions.

ISC-ASTT PennGroups Central Authorization System (Grouper) June 2009.

Stanford University & National Student Clearinghouse Shibboleth Pilot CAMP Phoenix, AZ February 5, 2009.

Unified Address Book Security Implications. Unified Address Book Overview –What are we talking about –What is the Risk –What are we doing to minimize.

Building KFS using KNS Presented by James SmithJustin Beltran University of ArizonaUniversity of California, Irvine.

Access Account Activation and Electronic Signature Web Application.

Oracle Apps scm training Purchasing module Contact for free demo : Specto Training

Education Solution.

Networks ∙ Services ∙ People Jean Marie THIA GN4-1 Symposium, Vienna A case study GÉANT AuthN / AuthZ 9 march 2016 Solutions Architect -

Software sales at U Waterloo Successfully moved software sales online Handle purchases from university accounts Integrated with our Active Directory and.

Cut down on the time it takes employees to process invoices using Square 9’s SmartSearch integration with Microsoft Dynamics GP. SmartSearch allows invoice.

1 Name of Meeting Location Date - Change in Slide Master Authentication & Authorization Technologies for LSST Data Access Jim Basney

User Registration in the SeaDataNet V1 system by Dick M.A. Schaap – technical coordinator Oostende, June 08.

Higher Ed Students Faculty and staff are eligible, though better deals exist No K-12 students or faculty Institutions can sign up for a volume license.

QAD Global Requisition System (GRS). Agenda  Introduction  GRS Features  Key Design Decisions  GRS Setups  Process Walk-Through  Example for High-Volume.

Collaboration and Federated Identity Two powerful forces being leveraged – the rise of federated identity – the bloom in collaboration tools, most particularly.

October 2014 HYBRIS ARCHITECTURE & TECHNOLOGY 01 OVERVIEW.

Secure Connected Infrastructure

Sakai ID & Access Management

Business Partners Sold-to party Ship-to party Partner

ESA Single Sign On (SSO) and Federated Identity Management

Central Authorization System (Grouper) June 2009

Weapons/Gear Accountability Utilizing Radio Waves (RFID)

UK Access Management Federation

Cal Poly Pomona Identity Management

Guests and Collaborators

Audio for this webcast will stream via your computer’s speakers.

Authority Implementation Stanford University

Presentation transcript:

Stanford Authorization Existing mainframe based authority –homegrown, in operation since the 80’s –primarily for financial and personnel authority for tightly coupled mainframe systems - what, by whom, how much Moving toward distributed systems and need a more general authority model, including services as well as applications Kerberos authentication infrastructure

Directory based authority Privilege groups are stored in the LDAP based directory for access by services and applications Initial groups were –Stanford Community (sw licensing, etc) –Academic (sw licensing) –Leland full (eligible for all distributed services) –Leland base (authentication only)

Directory based Authority Adding additional privilege groups –Faculty \ –Student > (finer grain service authority) –Staff / –Others specific to Core Fin requirements Services and applications do directory lookup based on Kerberos principle Groups currently apply to person, not account

Distributed Financial Authority Oracle Core Financials application needed rules based authority Two types of authority - transaction and approval Currently implemented only on the user level, not group

Reports Applications Signature Authority Transaction Authority Approver List Maintenance Forms Rules Data Structure Authority Engine - General rules - User rules Report Views Validate Authority Function Validate Transaction Authority F. Approver List Function Reports Function

Authority Engine Authority rules –general rules (restrictions on process) –user rules (restrictions on actions) Transaction metadata –transactions –objects –object attributes

Example Object is purchase requisition line item. Transaction is purchase requisition. Object attributes are item, purchase requisition line ID, amount. User is Joe Smith. User transactions shows that Joe Smith has access to purchase requisitions. Authority entity shows that Joe Smith has access to view purchase requisitions. Constraints entity further restricts this privilege by representing the cost centers that Joe Smith can access.

Rules Maintenance App. Maintain metadata through 10SC app. –data about users –delegation of authority –reports Web screen for delegation Reports Initial metadata loaded from mainframe

Transaction routing Custom web-based application Provides information to originator for routing of transaction from information in rules engine

Future Authority engine developed to meet Core Financials requirements only How can it be applied to the general case for future applications? More capabilities in directory based authority?