The UW-Madison IAM Experience Building our Dream Home Presented by Steve Devoti, Senior IT Architect © 2007 Board of Regents of the University of Wisconsin.

Slides:



Advertisements
Similar presentations
Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
Advertisements

The Top 10 Reasons Why Federated Can’t Succeed And Why it Will Anyway.
Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.
Systems Analysis and Design in a Changing World
Project Management Methodology Procurement management.
IS&T Application Development and Acquisition Standards February 6, 2012.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
July 12, 2005 CSU SIMI Workshop - Melding Policy and Technology to Manage Identity1 Provisioning Services Collaborative CSU, East Bay and CSU, San Bernardino.
Ch1: File Systems and Databases Hachim Haddouti
May 10, 2001An Overview of the Princeton University Web - Portals 1 Enterprise Portals  What’s a portal? –Web page customized for a particular user. E.g.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
ECM Project Roles and Responsibilities
8 Systems Analysis and Design in a Changing World, Fifth Edition.
Version # Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 1999 by Carnegie.
Identity Management, what does it solve By Gautham Mudra.
Identity and Access Management
Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,
SDLC Phase 2: Selection Dania Bilal IS 582 Spring 2009.
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
State of Kansas Statewide Financial Management System Pre-Implementation Project Steering Committee Meeting January 11, 2008.
Final Year Project Presentation E-PM: A N O NLINE P ROJECT M ANAGER By: Pankaj Goel.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
DYNAMICS CRM AS AN xRM DEVELOPMENT PLATFORM Jim Novak Solution Architect Celedon Partners, LLC
Chapter 9 Database Planning, Design, and Administration Sungchul Hong.
Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.
SYS364 Evaluating Alternatives. Objectives of the Systems Analysis Phase determine, analyze, organize and document the requirements of a new information.
Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.
Documenting the Participation of Fishing Vessel Crew Members in Alaska’s Commercial Fisheries Documenting the Participation of Fishing Vessel Crew Members.
Roles and Responsibilities
SUNY System Administration Federation Overview Gavin Hogan July 15th, 2009 A work in progress….
1 Pre-Programmed Thread Tool Recommendation Pre-Programmed Thread February 12, 2002.
IAM REFERENCE ARCHITECTURE BRICKS EMBEDED ARCHITECTS COMMUNITY OF PRACTICE MARCH 5, 2015.
Conformance Mark Skall Lynne S. Rosenthal National Institute of Standards and Technology
ZLOT Prototype Assessment John Carlo Bertot Associate Professor School of Information Studies Florida State University.
Keeping Things Simple Is Harder Than You Think Brad Hannah – Manager, Systems and Storage ITServices - Queen’s University April 28 th 2014
Secure Systems Research Group - FAU Using patterns to compare web services standards E. Fernandez and N. Delessy.
How Can a Small College Adopt a Large Open Source Course Management System? NERCOMP March 17, 2003 Pattie Orr, Wellesley College Olivia Williamson, Stanford.
UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma
Identity Solution in Baltic Theory and Practice Viktors Kozlovs Infrastructure Consultant Microsoft Latvia.
Accounting Information System By Rizwan Waheed M.Com 710.
NYCDOE Division of Instructional and Information Technology Oren Hamami Chief Information Security Officer New York City Department of Education.
Programme Performance Criteria. Regulatory Authority Objectives To identify criteria against which the status of each element of the regulatory programme.
Proposal for RBAC Features for SDD James Falkner Sun Microsystems October 11, 2006.
State of e-Authentication in Higher Education August 20, 2004.
Brief Overview: Options for Licence & Support Open Source Job Scheduler Software- und Organisations-Service GmbH 
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Integrated Change Control 1 MEC-8. Processing of a Change Processing of a Change 2 Assess Impact within KA Change Request Implemented Change Create a.
Oracle HFM Implementation Boot Camp
Creating competitive advantage Copyright © 2003 Enterprise Java Beans Presenter: Wickramanayake HMKSK Version:0.1 Last Updated:
Continual Service Improvement Methods & Techniques.
Introducing Novell ® Identity Manager 4 Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/ (14pt)
Company LOGO. Company LOGO PE, PMP, PgMP, PME, MCT, PRINCE2 Practitioner.
IBM Software Group © 2008 IBM Corporation IBM Tivoli Provisioning Manager 7.1 Security Aspects of TPM 7.1.
INDIGO – DataCloud Security and Authorization in WP5 INFN RIA
LECTURE 5 Nangwonvuma M/ Byansi D. Components, interfaces and integration Infrastructure, Middleware and Platforms Techniques – Data warehouses, extending.
Practical IT Research that Drives Measurable Results Vendor Landscape Plus: Enterprise Content Management Suite ECM: A vendor marketing concept, not an.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
Systems Analysis and Design in a Changing World, Fifth Edition
Office 365 Security Assessment Workshop
UW-Madison. BUILDING A DISTRIBUTED ACCESS MANAGEMENT INFRASTRUCTURE Reports from the Real World.
Using E-Business Suite Attachments
Systems Analysis – ITEC 3155 Evaluating Alternatives for Requirements, Environment, and Implementation.
Harvard CRM Service Strategy
The Top 10 Reasons Why Federated Can’t Succeed
Solutions – Oracle’s Story
The UW-Madison IAM Experience
PLANNING A SECURE BASELINE INSTALLATION
{Project Name} Organizational Chart, Roles and Responsibilities
Presentation transcript:

The UW-Madison IAM Experience Building our Dream Home Presented by Steve Devoti, Senior IT Architect © 2007 Board of Regents of the University of Wisconsin System

The UW-Madison needs to remodel and expand its IAM services © 2007 Board of Regents of the University of Wisconsin System

You probably look a lot like us © 2007 Board of Regents of the University of Wisconsin System

We are clearly not meeting the needs of campus, we lack a blueprint © 2007 Board of Regents of the University of Wisconsin System

Analysis and an organized approach can get this thing built © 2007 Board of Regents of the University of Wisconsin System

Form a project, assign resources and recommend a direction © 2007 Board of Regents of the University of Wisconsin System

We had been working on a small space for over 4 years © 2007 Board of Regents of the University of Wisconsin System

We decided to build it our selves © 2007 Board of Regents of the University of Wisconsin System

There were no vendors that could meet our needs © 2007 Board of Regents of the University of Wisconsin System

We love to build things © 2007 Board of Regents of the University of Wisconsin System

Who knows? All the original decision-makers are gone! © 2007 Board of Regents of the University of Wisconsin System

Overly complex design © 2007 Board of Regents of the University of Wisconsin System

Never really structured as a project © 2007 Board of Regents of the University of Wisconsin System

Customers are getting grumpy © 2007 Board of Regents of the University of Wisconsin System

For 4 years, customers have been told that PASE will solve everything © 2007 Board of Regents of the University of Wisconsin System

The executive sponsor decided it was time for some changes © 2007 Board of Regents of the University of Wisconsin System

A new enterprise architect was assigned © 2007 Board of Regents of the University of Wisconsin System

A “real” project manager was assigned © 2007 Board of Regents of the University of Wisconsin System

The team reexamined the requirements and the decision to build VS © 2007 Board of Regents of the University of Wisconsin System

We formalized our requirements and did a high level evaluation of the options Functional /Non Functional IAM Category Scope Requirement Compliance Module or Feature Effort F AuthorizeSystem Shall provide the ability to define combinations of create, retrieve (read), update (modify) and delete permissions to created appropriate system roles (e.g. "Affiliation Manager") None Authorization Manager Difficult F AuthorizeSystem The system shall support integration with the institutional and/or standards-based authentication mechanisms (e.g. pubcookie, Shibboleth, SAML). None Authentication Manager Moderate F AuthorizeSystem The system shall support an "auditor" role which allows a subject to read and create reports from system logs, but allows no other system access. None Authorization Manager/UI Moderate F LogSystem Shall support logging of, and reporting on governance activities. Partial Log/Audit facility Easy See: WIBuyVSBuild.xls Build vs. Open Source vs. Buy © 2007 Board of Regents of the University of Wisconsin System

We also completed a high-level pros and cons analysis Acquire Total Solution (Commercial Vendor) Pros: –Consulting resources. Consulting resources are readily available to assist in commercial vendor implementations. –Provisioning. Commercial vendor identity management suites include advanced provisioning functionality. –Workflow. Commercial vendor identity management suites include workflow. –Functionality. In addition to provisioning, many vendor suites include other advanced identity management functionality that might be useful to the organization (web access control, federation services, virtual directory or meta-directory, etc.). Acquire Total Solution (Commercial Vendor) Cons: –Cost. Is more expensive than some other solutions. –Lack of higher education community. Though there is high adoption of commercial identity management software in private industry, there is much less adoption in higher education, particularly at large institutions See: WIProsAndCons.xls © 2007 Board of Regents of the University of Wisconsin System

We decided that the Grouper/Signet solution best met our needs © 2007 Board of Regents of the University of Wisconsin System

We went to some camps, and installed a POC system © 2007 Board of Regents of the University of Wisconsin System

The natives were getting even more restless © 2007 Board of Regents of the University of Wisconsin System

Priorities have changed © 2007 Board of Regents of the University of Wisconsin System

Our customers wanted us to address provisioning first © 2007 Board of Regents of the University of Wisconsin System

That was going to take a lot of building or maybe purchase of another product © 2007 Board of Regents of the University of Wisconsin System

The only reasonable thing to do was look at vender solutions © 2007 Board of Regents of the University of Wisconsin System

We did proof-of-concepts with Oracle and Sun © 2007 Board of Regents of the University of Wisconsin System

Our sponsor was exploring ways to pay for the solution © 2007 Board of Regents of the University of Wisconsin System

Through hard work and masterful persuasion funding was secured © 2007 Board of Regents of the University of Wisconsin System

We began an RFP, dividing the work into 3 high-level capabilities Directory Services Identity Management Integration Access Management History SupportCost © 2007 Board of Regents of the University of Wisconsin System

Each capability section was built with standard bricks See: WIRFPSpecs.doc © 2007 Board of Regents of the University of Wisconsin System

Capabilities, functions and “other considerations” were weighted © 2007 Board of Regents of the University of Wisconsin System

We ended up with something like this: 3Web Access Management CapabilityRating GuidancePoints Total Points= 3,400 We define Web Access Management Capability as a central policy and enforcement infrastructure capable of protecting heterogeneous web resources for the purpose of providing users with single sign-on. Note, in the context of this RFP, Web Access Management includes federation functionality and the protection of SOAP-based web services Architecture: Describe at a high level the elements and technologies that make up this capability and their relation to each other. Provide diagrams. What are the advantages of this architecture? Specify any disadvantages or limitations of this architecture. If your solution supports multiple high-level configurations, describe the advantages and disadvantages of each. Describe the logical architecture of the servers that make up your solution. SHOULD follow good application architecture practices with an architecture that is compatible with the University of Wisconsin's Common Systems technology infrastructure Policy Administration Points (PAPs): Describe how the PAP(s) are deployed. Do you provide a single PAP or must policies be individually managed on each Policy Decision Point (PDP)? SHOULD provide a single point of policy management 72 See: WIRFPSpecs.xls © 2007 Board of Regents of the University of Wisconsin System

We developed an evaluation methodology EvaluationDefinitionScore No Support No support according to the ratings guidance. No documentation. Extension to meet requirement is difficult, extremely expensive, or not possible to extend. 0 Partial Support Partially supported, with some aspects missing according to the ratings guidance or the answer doesn't follow expected format. Lacking clear or specific documentation. Unreasonable, or somewhat expensive to extend. 1 Strong Support Mostly supported, with a couple aspects missing according to the ratings guidance. Somewhat well documented in the vendor response with reference to technical documentation. Provides functionality out-of-the-box or easy to extend to provide functionality. 3 Full Support Completely supported according to the rating guidance. Fully or somewhat documented in the vendor response with reference to technical documentation. Requirement requires standard expertise to implement, perform, or meet. 9 © 2007 Board of Regents of the University of Wisconsin System

We sent it out, received the responses and scored them © 2007 Board of Regents of the University of Wisconsin System

And the winner is….. © 2007 Board of Regents of the University of Wisconsin System

Where do we go from here? FunctionCapability Capabilities GapsPrinciples Policy, Standards, Guidelines Stakeholders, Sponsors Identify Needed CapabilitiesIdentify FunctionsCompare to Current CapabilitiesIdentify GapsPrioritizeRecommend ProjectsDevelop PrinciplesRecommend Policy Projects Policy Working Groups © 2007 Board of Regents of the University of Wisconsin System

Questions? © 2007 Board of Regents of the University of Wisconsin System

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.