University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.

Slides:

Advertisements

Similar presentations

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.

Advertisements

Introduction to Shibboleth and the IAMSECT Project.

Trends in Identity Management Nate Klingenstein Internet2 EDUCAUSE Security Professional 2007.

Lecture 23 Internet Authentication Applications

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

1 The Evolving Definition of "Student": Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.

Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

Federated Identity Management for the context of storage Bart Kerver - TERENA Storage-meeting, Amsterdam,

Peter Deutsch Director, I&IT Systems July 12, 2005

Iamsect.ncl.ac.u k IAMSECT Inter-institutional Authorisation Management to Support eLearning with reference to Clinical Teaching Core Middleware Programme.

The Access Management Puzzle: Putting the Pieces Together Identity and Access Management at the UW Ian Taylor Manager of Security Middleware University.

Shibboleth Update a.k.a. “shibble-ware”

InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.

Managing Information UT November 13-14, 2008 Campus Identity and Access Management Services.

Lecture 12: WLAN Roaming Communities EDUROAM TM. eduroam TM eduroam (education roaming) is the secure, world-wide roaming access service developed for.

Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.

Copyright Copyright Ian Taylor This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.

A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.

Federated A(A(A))I Jens Jensen hepsysman, RAL,

EduRoam Australia Project Experience in location independent wireless networking with international collaboration with TERENA EduRoam Project 19 th APAN.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

The InCommon Federation The U.S. Access and Identity Management Federation

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.

1 The Partnership Challenge Higher education’s missions are realized in increasingly global, collaborative, online relationships –Higher educations’ digital.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.

COMPDIRS NATHAN DORS APRIL 16, AGENDA  IAM – who we are, what we do  HRP Modernization & Workday  What’s new in IAM?  Identity.UW soft.

High-quality Internet for higher education and research do you like to puzzle, build an AAI ! xxx AA systems 2nd EuroCAMP - Porto November 8, 2005

ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.

Integrated Institutional Identity Infrastructure: Implications and Impacts RL “Bob” Morgan University of Washington Internet2 Member Meeting, May 2005.

Shibboleth at Columbia Update David Millman R&D July ’05

Shibboleth: An Introduction

OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Identity Management Practical Issues Associated with Sharing Federated Services William A. Weems The University of Texas Health Science Center at Houston.

Middleware Futures Internet2 Member Meeting Arlington VA, April 2006 RL “Bob” Morgan, University of Washington and Internet2.

Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Advanced research and education networking in the United States: the Internet2 experience Heather Boyles Director, Member and Partner Relations Internet2.

Administrative Information Systems Shibboleth Install Session Technical Information Session for Developers Datta Mahabalagiri.

NSF Middleware Initiative and Enterprise Middleware: What Can It Do for My Campus? Renee Woodten Frost Internet2/University of Michigan.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

Interfederation: From Demo to Eternity RL “Bob” Morgan, University of Washington and Internet2 Internet2 Member Meeting, Chicago December, 2006.

1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)

Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

NSF Middleware Initiative and Enterprise Middleware: What Can It Do for My Campus? Mark Luker, EDUCAUSE Copyright Mark Luker, This work is the intellectual.

1 Name of Meeting Location Date - Change in Slide Master Authentication & Authorization Technologies for LSST Data Access Jim Basney

THE CAMPUS IDENTITY SYSTEM Lucy Lynch, NSRC. Learning Objectives Discovering the key role campus networks play in trusted identities for R&E Authoritative.

University of Southern California Identity and Access Management (IAM)

Tom Barton, Senior Director for Integration, University of Chicago

LIGO Identity and Access Management

John O’Keefe Director of Academic Technology & Network Services

New CyberInfrastructure for Collaboration between Higher Ed and NIH

University of Southern California Identity and Access Management (IAM)

Context, Gaps and Challenges

Copyright Copyright Ian Taylor This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Open Source Web Initial Sign-On Packages

Community AAI with Check-In

Technical Issues with Establishing Levels of Assurance

Presentation transcript:

University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed Systems Ian Taylor, Manager, Security Middleware ‘RL’ Bob Morgan, Architect Anne Hopkins, Lead Zephyr McLaughlin, Lead

Overview IAM Mission and Scope IAM Practices UW IAM Service Set International Collaboration in IAM Q & A

IAM Mission UW Mission “preservation, advancement, dissemination of knowledge” people-based processes, increasingly online Identity management provides... institutional means to know who can, should and did access online (and physical) resources

IAM Scope IAM supports the whole institution teaching, research, outreach, healthcare, student life, alumni, collaborators, affiliates, local, regional, global UW Identity and UW NetID Statistics 43,000 students at three campuses – Undergraduate, Graduate and Professional Plus an Extension Enrollment of 27,000 more 28,000 Faculty and Staff Two Medical Centers, Neighborhood Clinics, SCCA, etc. K-20 network 385,000 Active UW NetIDs (11/28/07)

IAM Practices One identity per person Many affiliations per person Not just people (applications, groups, roles, organizations,...) Manage entire identity lifecycle Level of Assurance (LoA) varies depending on population and application needs

IAM Practices (cont.) Compromise of credentials will happen Business needs often must be balanced with compliance requirements Identity theft is a serious problem

UW Identity and Access Management Service Set Identity Management Person Registry UW NetID Service Authentication UW Kerberos Realm UW Windows Infrastructure Weblogin Service (Pubcookie / Shibboleth) SecurID UW Certificate Authority

UW Identity and Access Management Service Set (cont.) Authorization and Aggregation ASTRA Groups Service Subscriptions Enterprise Directory Services Person Directory Groups Directory White Pages Directory

Federation Use university identity for external service access for web resources, using SAML standard Internet2 Shibboleth federation software widely deployed R&HE Federations create trust communities agree on standards, vet institutions, exchange keys InCommon Federation in US many national R&HE federations in Europe and Australia global service providers (eg Elsevier, Microsoft) join work starting on global interfederation

Other Identity Collaborations eduroam access to university wireless for HE visitors 802.1x and RADIUS technology deployed throughout Europe and Asia/Pacific grid supporting large e-science projects X.509 technology IGTF provides global linkage of grid CAs work on linking grid access to SAML/Shib federation

Q & A Thank you for your interest. We welcome your questions. Lori Stevens, Ian Taylor, Bob Morgan, Anne Hopkins, Zephyr McLaughlin,

Shibboleth Flow Overview User connects to resource and is redirected to WAYF User authenticates at his home organization User gets authenticated and redirected to web server of resource Attribute request – user is granted access to resource

1. User connects to resource and is redirected to WAYF

2. User authenticates at his home organization

3. User gets authenticated and redirected to web server of resource

4. Attribute request – user is granted access to resource

Shibboleth Demo Login via Shibboleth Excellent technical introduction