Portal Services & Credentials at UT Austin CAMP Identity and Access Management Integration Workshop June 27, 2005.

Slides:



Advertisements
Similar presentations
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Advertisements

Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.
1 Collaborators at the Gates of Troy: Extending eServices at USC.
Identity Management Choosing and Using Sun’s Identity Management Suite March 13 th, 2007 Kim Tracy Executive Director University Computing Services Northeastern.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
1 The Evolving Definition of "Student": Identity Management at Duke University Klara Jelinkova Director, Computing Systems Office of Information Technology.
Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
MyUIdaho Orientation Darren Kearney. Agenda What is a portal? How does this fit into our web strategy? Why this portal product? Who is this for? What.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Managing Information UT November 13-14, 2008 Campus Identity and Access Management Services.
1 Data Strategy Overview Keith Wilson Session 15.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
CASE STUDY: Implementing and Administering SAS® Enterprise Guide® Across the Enterprise As a Solution for Data Access Security Ulf Borjesson Evangeline.
Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.
University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy
The UF Directory Project Project Leader: Warren Curry, Information Systems Project Project Web Site:
1 Secure Internet browsing and Support for staff in schools.
Division of Instructional and Information Technology Amy Johnson, Project Manager Student-Parent Project Overview January, 2011.
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
Presenter name. Ryan Brandon Exan Group What’s New with axiUm New Features in axiUm Patient Self-Service Options Future Plans axiUmSupport.com.
ITS NCID Next Generation (NG) Project Overview February 24, 2010.
Open source administration software for education software development simplified Kuali – IDM Requirements Summary Eric Westfall - Indiana University Matt.
University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy
U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.
NMI-EDIT CAMP Synopsis, ISCSI Storage Solution, Linux Blade Cluster, And Current State Of NetID By Jonathan Higgins Presentation Template available from.
GatorLink Password Management Policy March 31, 2004.
Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?
Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.
Top Issues Facing Information Technology at UAB Sheila M. Sanders UAB Vice President Information Technology February 8, 2007.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma
What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.
Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.
Capture the Movement: Banner 7.0 and Beyond Susan LaCour, Senior Vice President, Solutions Development California Community Colleges Banner Group.
Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.
CLc AEU Council September What is the cLc?
Outsourcing Student at USC Institute for Computer Policy and Law Cornell University, August 2008 Asbed Bedrossian Director of Enterprise Applications.
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
FSU Metadirectory Project The Issue of Identity Management Executive Overview
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Implementing a Role Management System Mair é ad Martin Carrie Regenstein Internet2 Fall Meeting September 20, 2005.
IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.
Seattle Community Colleges District IT Advisory Committee Information Technology Services Customer Service Survey Results Fall, 2009 Information Technology.
Portals and Web Standards Lessons Learned and Applied David Cook Copyright The University of Texas at Austin This work is the.
A Unified Digital Campus: Marshall University’s Solution Presented by: Terri L. Tomblin-Byrd Bradley Morgan.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
Stanford University & National Student Clearinghouse Shibboleth Pilot CAMP Phoenix, AZ February 5, 2009.
Data Integration with Veracross Wednesday, June 23 rd Lauren Banks.
FIRE1000S - Self-Paced FIREBIRD Training Training on the Federal Investigator Registry of Biomedical Informatics Research Data (FIREBIRD) for Clinical.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
OpenRegistry MACE-Dir 5/18/09 1 OpenRegistry Initiative Revisiting the Management of Electronic Identity Benjamin Oshrin Rutgers University May 2009.
Developing Best Practices for Qualtrics Administration
ESA Single Sign On (SSO) and Federated Identity Management
Identity and Access Management
Identity and Access Management Program Update CIO Council Update
INFORMATION TECHNOLOGY NEW USER ORIENTATION
Identity Management at the University of Florida
INFORMATION TECHNOLOGY NEW USER ORIENTATION
UPortal Meets Campus-wide Login at UBC Paul Zablosky ITServices The University of British Columbia Slide 1.
Presentation transcript:

Portal Services & Credentials at UT Austin CAMP Identity and Access Management Integration Workshop June 27, 2005

27 June 2005 – CAMP Identity & Access Management Discussion Items Setting the stage UT’s portal service – UT Direct UT’s authentication service – UT EID Credentialing & Support Challenges & Responses Future Directions

27 June 2005 – CAMP Identity & Access Management Setting the Stage UT Austin has large number of core constituents: –~50,000 students –~18,000 faculty & staff And even larger groups of “extended” populations (e.g., prospective students, former students, parents, job applicants)

27 June 2005 – CAMP Identity & Access Management UT’s Portal – UT Direct Created in 2000, upgraded in 2003 “Home-grown” using local custom development tools Serves as both a portal and a web application framework (look & feel, menus, bookmarks, etc.) Personalization is based on user’s affiliations

27 June 2005 – CAMP Identity & Access Management UT Direct Usage UT Direct has achieved strong penetration – –80% of students use it at least weekly –70% of faculty & staff use it weekly –100,000 distinct users login weekly UT Direct user interface is used for most business/administrative web services at UT Austin

27 June 2005 – CAMP Identity & Access Management UT’s Authentication Service – UT EID UT EID system created in 1995, upgraded in 1999, major overhaul coming this fall All members of UT community have EIDs Unified namespace for all EIDs Sponsoring departments control the affiliations attached to EIDs

27 June 2005 – CAMP Identity & Access Management EID Classes EIDs are grouped into 3 major classes based on affiliation and status of identity verification –Low assurance – Self-registered EIDs –Medium assurance – Sponsored by an approved UT department –High assurance – ID verified in-person & electronic signature agreement signed Required password strength depends on EID class

27 June 2005 – CAMP Identity & Access Management EID Populations The EID system currently contains 1.7M identity accounts, including: –Current students (~50K) –Former students (since ’74) (~600K) –Current employees (~35K*) –Former employees (since ’72) (~300K*) –Prospective students (~650K) –Guests (~400K) * Includes employees from certain other UT System universities that use shared administrative services.

27 June 2005 – CAMP Identity & Access Management Relationship between UT Direct & the EID System UT EID Authentication UT Direct Black- board Web- space Web- mail UT Direct and UT EID authentication are distinct systems Most but not all UT Direct Services are EID- authenticated UT EID authentication also used by many other services at UT Austin

27 June 2005 – CAMP Identity & Access Management EID Credentialing EID Creation –Guest EID suite (self-registration) –EID-on-demand (inline registration) –Automated EID creation Physical ID verification is required for most core affiliates, but not for extended populations EID eProxy allows one person to act on behalf of another for certain services (e.g., a parent who is paying a student’s housing bill)

27 June 2005 – CAMP Identity & Access Management EID Support EID web help suite lists contacts and provides password help options based on user’s current affiliations Passwords can be reset online via challenge/response questions or via ticketing (w/other credentials) EID phone support is delegated to affiliation sponsors; Central ITS help desk is the last resort

27 June 2005 – CAMP Identity & Access Management Challenges Part 1 Risks posed by a unified identifier (for example, FERPA compliance) –One set of credentials shared by multiple systems can expose data in unexpected ways –User support systems/options are complicated by need to prevent inappropriate access to confidential data

27 June 2005 – CAMP Identity & Access Management Challenges Part 2 Duplicate EIDs and merging of EIDs –Extended populations tend to be future or former core constituents, so duplicate EIDs can cause problems Privacy & identity theft concerns –Data elements used for identity reconciliation raise privacy concerns for the university community

27 June 2005 – CAMP Identity & Access Management Challenges Part 3 Relentless increase in identity registry size: +20% per year –New extended populations regularly being identified –Campus departments replacing local SSN-based identifiers with EIDs –Ongoing migration of campus systems to EID authentication (simplified sign-on initiative)

27 June 2005 – CAMP Identity & Access Management Responses Part 1 Risks posed by a unified identifier (for example, FERPA compliance) –Proactively coordinate EID support and password reset policies across sponsoring departments, especially when new affiliations are added –Move toward more granular authentication status and control

27 June 2005 – CAMP Identity & Access Management Responses Part 2 Duplicate EIDs and merging of EIDs –Increase intelligence of self-registration process with adaptive questionnaire –Push EID usage to start of business processes to limit backend EID merges Privacy & identity theft concerns –Remove SSN from EID System –Institute stricter controls on access to identity registry data

27 June 2005 – CAMP Identity & Access Management Responses Part 3 Relentless increase in identity registry size: +20% per year –Improve flexibility & agility of identity registry to better cope with growth –Limit identity reconciliation efforts to close affiliates –Implement new classes of EIDs (e.g., identifier-only) with characteristics targeted to campus needs

27 June 2005 – CAMP Identity & Access Management Future Directions – UT Direct Bolster support for non-authenticated sessions Unify central UT web site architecture with UT Direct portal Support Shibboleth-style local-campus authentication for other UT System universities Explore commercial & open-source tools/products for next generation of UT Direct

27 June 2005 – CAMP Identity & Access Management Future Directions – UT EID Complete overhaul of EID system will occur in Fall 2005 Improve online support tools for users, especially for former students Allow affiliation sponsors to define populations within an affiliation to provide customized support options Support strong second-factor authentication options

27 June 2005 – CAMP Identity & Access Management My Contact Info CW Belcher (512)

Portal Services & Credentials at UT Austin CAMP Identity and Access Management Integration Workshop June 27, 2005