Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.

Slides:



Advertisements
Similar presentations
1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
Advertisements

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Emory University Case Study I2 Day Camp November 5, 2010 John Ellis & Elliot Kendall.
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Understanding Active Directory
Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
InCommon and Federated Identity Management 1
Peter Deutsch Director, I&IT Systems July 12, 2005
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University
InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.
Copyright Copyright Ian Taylor This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
SWITCHaai Team Federated Identity Management.
Identity Management 2.0 George O. Strawn NSF CIO.
National Science Foundation Chief Information Officer CIO Fall Update for the Advisory Committee for Business and Operations: Identity Management 2.0 George.
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
The InCommon Federation The U.S. Access and Identity Management Federation
EuroPKI 2008 Manuel Sánchez Óscar Cánovas Gabriel López Antonio F. Gómez Skarmeta University of Murcia Levels of Assurance and Reauthentication in Federated.
1 The Partnership Challenge Higher education’s missions are realized in increasingly global, collaborative, online relationships –Higher educations’ digital.
Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.
Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.
Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.
Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
Shibboleth as Attribute Delivery for Authorization Renee Shuey Penn State University June 27, 2006.
Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.
FEDERATIONS Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO September 27,
Federations 101 John Krienke Internet2 Fall 2006 Internet2 Member Meeting.
Using Levels of Assurance Well, at least thinking about it…. MAX (just MAX)
Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Federations: The New Infrastructure Speaker Name Here Date Here Speaker Name Here Date Here.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
InCommon® for Collaboration Institute for Computer Policy and Law May 2005 Renee Shuey Penn State Andrea Beesing Cornell David Wasley Internet 2.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Bringing it All Together: Charting Your Roadmap CAMP: Charting Your Authentication Roadmap February 8, 2007 Paul Caskey Copyright Paul Caskey This.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
Data Access & New Banner Admin UI Professional Development Session May 11, am Presented by: Management Information Center.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
PremierPoint Solutions Announces Significant New Features in Extranet Collaboration Manager for SharePoint 2013 R2 1888PressRelease - PremierPoint Solutions.
1 EDUCAUSE Mid-Atlantic Regional Conference Top Strategies for Working with Stakeholders: Synopses of Recommendations from the Identity Management Summit.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Tom Barton, Senior Director for Integration, University of Chicago
Stop Those Prying Eyes Getting to Your Data
John O’Keefe Director of Academic Technology & Network Services
e-Infrastructure Workshop 28th March 2006, University of Leeds
ESA Single Sign On (SSO) and Federated Identity Management
PASSHE InCommon & Federated Identity Workshop
Registrars are a Barrier to Collaboration: Truth or CIO Pretext?
Shibboleth as Attribute Delivery for Authorization
Identity & Access Management
Technical Issues with Establishing Levels of Assurance
Presentation transcript:

Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey

Outline ‣ PSU and ITS ‣ Identity Management at Penn State ‣ Federating and Federations

A little bit about Penn State and ITS...

Penn State

‣ Established 1855, PA’s Land Grant ‣ 24 campus locations ‣ 80K students, 10K faculty, 10K staff ‣ $640M annual research expenditure

Information Technology Services at Penn State

IdM Level Set “An integrated system of business processes, policies, and technologies that enable organizations to facilitate and control their users' access to online applications and resources — while protecting confidential personal and business information from unauthorized users. It represents a category of interrelated solutions that are employed to administer user authentication, access, rights, access restrictions, account profiles, passwords, and other attributes supportive of users' roles/profiles on one or more applications or systems. “ The NMI-EDIT Authentication Roadmap

Identity Management at Penn State…

Components of IdM at Penn State ‣ Kerberos, DCE, Active Directory ‣ LDAP (eduPerson) ‣ Cosign (WebAccess is local branding) ‣ Shibboleth ‣ Member of InCommon Federation ‣ RSA SecurID Tokens ‣ “Access Account” - branding for Penn State identity (authn only available too), ~120K ‣ “Short Term Access Accounts” (authn only available too), 178/9104 as of 11AM today ‣ “Friends of Penn State” - branding for external identity, ~450K

Components of IdM at Penn State - Proofing Start AD20 Agreement AD54 Agreement Library Agreement Display Password Newswire?Printing? Newswire Agreement Printing Agreement End Sign For Account No Yes GPG Encrypt Signature Request join Save all agreements

Components of IdM at Penn State – Policy ‣ Student Record Policy ‣ Definition of student records ‣ Definition of student ‣ Public information regarding students ‣ Confidentiality hold ‣ Network Usage Policy

Transaction Importance Trust Strength of Identity Proofing

Improving the Quality of Our Digital Identity ‣ Join InCommon Federation ‣ Participate in the eAuthentication project (getting CAF’ed) ‣ Create new service and business models ‣ Create “governance” for IdM ‣ Expire passwords ‣ Increase password strength

Federating and Federations…

Drivers for Federating in HE ‣ Increasing dependence upon ever richer collaboration ‣ Mandates leading to more research consortia ‣ Increasing number of on-line resources and tools ‣ Access management complexities for resource and tool providers ‣ End-user experience, reliable and efficient to run infrastructure ‣ Federal and State laws & regulations (e. g., FERPA, HIPAA, Gramm-Leach-Bliley Act)

The Goal of Federating ‣ Simplified Usability for all collaborations ‣ Home organizations carefully manage the release of personal information ‣ On-line resource providers focus on the protection and authorization of use of their on-line resources.

InCommon Federation ‣ Created to support Higher Education and its research and business partners ‣ Federation operator is an LLC operated by Internet2 ‣ Builds on existing campus identity management and single sign-on systems ‣ Makes use of open industry standards (SAML) and open source federating software (Shibboleth)

eAuthentication Federation ‣ Setting the standards for the identity proofing of individuals and businesses (based on risk of online services used) ‣ Building the necessary infrastructure to support common, unified processes and systems for government-wide use ‣ Helps build the trust that must be an inherent part of every online exchange between citizens and the U.S. Government

Figuring out how to work together

Before our digital world looks like this…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.