Baltic IT&T, Riga 2007 Identity Management within the educational sector in Norway Senior Adviser Jan Peter Strømsheim, Norwegian ministry of Education.

Slides:

Advertisements

Similar presentations

Federation management A mess? Nordunet Conference Mikael Linden CSC, the Finnish IT Center for Science.

Advertisements

© State Services Commission, 2006 Authentication to access government services What might the future hold? Laurence Millar Deputy Commissioner Information.

Promoting Knowledge. 2 Norwegian Ministry of Education and Research Administrative levels. Counties (19) Ministry of Education and Research Municipalities.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

Study visit to Karmøy / Haugesund (Norway, 2012) Dilys Vyncke Flanders, Belgium.

Standards Certification Education & Training Publishing Conferences & Exhibits Using Outbound IP Connections for Remote Access EXPO 2005 Chicago, IL.

Outsourcing IAM in North Carolina

Digital Identities for Networks and Convergence Joao Girao, Amardeo Sarma.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

1 eAuthentication in Higher Education Tim Bornholtz Session #47.

Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Peter Deutsch Director, I&IT Systems July 12, 2005

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Education in Norway. 2 Norwegian Ministry of Education and Research The system - Responsibilities Ministry of Education (MoE) - policy, legislation, budget.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Identity and Access Management Business Ready Security Solutions.

NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.

SWITCHaai Team Federated Identity Management.

Information Sharing Puzzle: Next Steps Chris Rogers California Department of Justice April 28, 2005.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

1 ”Pathways in the Open Classroom” Copenhagen 2002 A Norwegian perspective and understanding of the Nordic pedagogy Ingeborg Bø Norwegian Association for.

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Feide is a identity management system on a national level for the educational sector in Norway. Federated Electronic Identity for Norwegian Education Tromsø,

Identity Management 2.0 George O. Strawn NSF CIO.

Federated Identity Management in New Zealand Sat Mandri Service Manager TNC15 REFEDs Meeting, 14 th June 2015.

National Science Foundation Chief Information Officer CIO Fall Update for the Advisory Committee for Business and Operations: Identity Management 2.0 George.

Middleware challenges to service providers, the Nordic view TERENA, Ingrid Melve, UNINETT.

Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.

UFD ICT in education in Norway Thorvald Astrup, OMEC-OCDE-Canada Seminar, Montreal april 2002 Royal Ministry of Education and Research.

Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.

IT ISSUES & TRENDS, 2015 Faculty Technology Day Wednesday, August 19, 2025.

IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.

Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.

KUALI IDENTITY MANAGEMENT Provides services for Identity and Access Management in Kuali Integrated Reference Implementations User Interfaces An “integration.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma

Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.

Towards Interconnecting the Nordic Identity Federations TNC2007 Walter M Tveter, UiO Mikael Linden, CSC/HAKA Ingrid Melve, Uninett/Feide.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Erie 1 BOCES / WNYRIC eBOCES applications Visit us at:

Virtual Platform for Education Cooperation in the Americas Webinar Technical Secretariat of the Inter-American Committee on Education-CIE Department of.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

Oxford University e-Science Centre 1 Managing Access 4 Dec Managing Access to Resources on the Grid 4 December 2002.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Identity Management Practical Issues Associated with Sharing Federated Services William A. Weems The University of Texas Health Science Center at Houston.

State of e-Authentication in Higher Education August 20, 2004.

Information Technology Current Work in System Architecture January 2004 Tom Board Director, NUIT Information Systems Architecture.

Federation Building Blocks EuroCAMP, Malaga 18 Oct 2006 Julie Frøseth, UNINETT.

Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.

Towards a Unified Authentication, Authorisation and Accounting Infrastructure Patrick Kirk Chief Technical Officer (YHGfL) Lifelong Learning Infrastructure.

Interoperable Trust Networks Chris Rogers California Dept of Justice February 16, 2005.

Wavetrix Changing the Paradigm: Remote Access Using Outbound Connections Remote Monitoring, Control & Automation Orlando, FL October 6, 2005.

Learning materials Assessments Learning guidance Student records Personal finance Campus information Social information Student services Timetables.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Attribute Delivery - Level of Assurance Jack Suess, VP of IT

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.

Chris Louloudakis Solution Specialist Identity & Access Management Microsoft Corporation SVR302.

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.

Use case: Federated Identity for Education (Feide)

ESA Single Sign On (SSO) and Federated Identity Management

PASSHE InCommon & Federated Identity Workshop

Identity Management at the University of Florida

Feide status TF-EMC2, Malaga 17 Oct 2006 Julie Frøseth, UNINETT

Presentation transcript:

Baltic IT&T, Riga 2007 Identity Management within the educational sector in Norway Senior Adviser Jan Peter Strømsheim, Norwegian ministry of Education and Research

2 Norwegian Ministry of Education and Research jps/ Identity Management (IdM) Identity management is a broad administrative area that deals with –identifying individuals in a system (such as a country, a network, or an enterprise) and –controlling their access to resources within that system by associating user rights and restrictions with the established identity.

3 Norwegian Ministry of Education and Research jps/

4 ICT trends: Usage in education All Norwegian universities and colleges are online since 1992 Currently all students in higher education use e- learning –Tracking learning, tracking teaching –Personalization requires stronger central ICT systems Traffic grows exponentially Above 95% of all primary and secondary schools are on-line Upper secondary schools – 55 students pr 100 PC –LMS and digital learning resources Compulsory education – 21 students pr 100 PC

5 Norwegian Ministry of Education and Research jps/ New National Curriculum in Primary & Secondary Education from 2006 Basic skills as basis for all learning and development. The ability to –express oneself orally –read –express oneself in writing –do arithmetic –use information and communication technology ICT is integrated in all subject areas being part of the curriculum Report No. 17 (2006–2007) to the Storting: An Information Society for All Three preconditions in particular form the basis for the government’s commitment to digital inclusion: –Digital access, –Universal design and –Digital skills. Provisions must be made for identity management for primary and secondary education based on the Feide project.

6 Norwegian Ministry of Education and Research jps/ FEIDE – Federated Electronic Identity for Norwegian Education FEIDE is a non-commercial identity management federation for people in education FEIDE is technology and plattform agnostic FEIDE offers guidelines and policy for campus identity management FEIDE-names are valid for all education services, and may be used internally, for community services and with educational related services

7 Norwegian Ministry of Education and Research jps/ Why federate? Users and home organizations and service providers need to exchange information Trust establishment Information exchange Policy Technology Federations: authenticate enforce information flow policy privacy control security trust establishment

8 Norwegian Ministry of Education and Research jps/ Business drivers for Feide End user: one username, one password Each educational institution benefits from –Local dataflow clean-up –Overview and control of services –Common guidelines, requirements and best practice for identity management University, college or school as Service Provider benefits –Easy integration of non-local users –Data protection contracts and guidelines Common shared services benefit from –Integrated user space –Data protection contracts and guidelines

9 Norwegian Ministry of Education and Research jps/

10 Norwegian Ministry of Education and Research jps/

11 Norwegian Ministry of Education and Research jps/ Feide login User tries to access service Service transfer user to Feide login Authentication is done at campus –Local authentication point –Local control over information Authentication is confirmed with the service, possibly with attribute release –Attribute release controlled by user, governed by contract

12 Norwegian Ministry of Education and Research jps/ “Hei! I am Maia – a freshman student” (Identity) “…this is my FEIDE name and password to prove it (Electronic identity) (Authentication: is this the right person?) “I want to delete a file in my Virtual Learning Environment” (Authorization : Maia can use the services she is supposed to have access to) “And I would like to change my midterm exam B into A” (Authorization  : Stop Maia from using a service she is not supposed to have access to ) Studying today…

13 Norwegian Ministry of Education and Research jps/ CleanIT, the User Management System (BAS) process Identify key data Identify who is reponsible for –Initial data –Data updates –Data removal Organizational process –Move data maintenance out of the IT department –Enable Human Resource and Student Management staff to do their jobs better Student registry: FS or MSTAS HR/payroll system: rolling in SAP, currently shared systems across several institutions

14 Norwegian Ministry of Education and Research jps/ Benefits: Campus/Institution Identity Provider Authoritative quality for all affiliated users Control of information flow for all affiliated users Enhanced user management simplifies and automates business processes Federated login provides access to services One contract with Feide eliminates bi-lateral contracts with all service providers Service Provider Access for all Feide users No local administration of user database Feide handles login and gives high quality data about users One contract with Feide eliminates bi-lateral contracts with all identity providers User One username One password (or other credential) Do not need to register information at each service, automatic updates from campus information Informed consent for personal data transfer Familiar log-in page may increase security

15 Norwegian Ministry of Education and Research jps/ Identity management for education Feide since 2000 (initially higher education) –Operational login service since 2003 –Universities and university colleges: (7) Schools and Feide –Participation decided by Ministry of Education early 2006 –Identity management should be available by 2008 for all schools Strong campus identity management efforts –Universities and colleges develop and deploy IdM software –Organizational process: identify responsibilities and enforce routines for processing personal information –Supporting the Personal Data Act Operational service providers (current: 23)

16 Norwegian Ministry of Education and Research jps/ Feide operates with –One Identity Provider (central login service) –Many Authentication points (one at each educational insitution) Attribute release is important –Feide-name valid only in organizational context –What school, affiliation, group, address, NIN, unit? –Provisioning: started PIFU standardization effort Cross-federations needed (imply IdP chaining) –National: MyID for public sector –Nordic: Kalmar Union for higher education and research –International: eduGAIN, InCommon? Service Oriented Architecture –Services talk on behalf of user to mediate content delivery

17 Norwegian Ministry of Education and Research jps/ The way ahead -technical Consolidating BAS (user management system) for user management –Technical solutions Policy and regulations –Giving access to someone I do not control? Interfaces –XML definitions for import/export –LDAP based on eduPerson/noredu* Available software is improving

18 Norwegian Ministry of Education and Research jps/ universities, 46 university colleges ( persons) –+70% of students/others use FEIDE Primary, Lower and Upper Secondary Schools – pupils, teachers + pluss parents –454 upper secondary schools owned by 19 regions –Around 3100 schools owned by 430 municipalities

19 Norwegian Ministry of Education and Research jps/ The way ahead -organizational Higher Education – FEIDE is on track The challenge: Primary and Secondary Education We need the important stakeholders onboard –the Business Associations of Norwegian knowledge- and technology based enterprises, –the Union of Education, –The Norwegian Association of Local and Regional Authorities, –The National Parents ’ Committee for Primary and Lower Secondary Education Political and financial backing –FEIDE is recognized by the Government as the IdM for Education in Norway –Funding is allocated on an annual basis

20 Norwegian Ministry of Education and Research jps/ More information Information from Feide, including deployment status – for Feide: Questions for Jan Peter or Ingrid Melve (leader of the Feide Project)