Presentation is loading. Please wait.

Presentation is loading. Please wait.

Current Campus Issues – From My Horizon

Published byColin Park Modified over 6 years ago

Similar presentations

Presentation on theme: "Current Campus Issues – From My Horizon"— Presentation transcript:

1 Current Campus Issues – From My Horizon
TF-EMC2, Torbjörn Wiberg Umeå Universitet

2 Current issues – my impression
Goal: A Deployed Identity Architecture Initial casification of an application System maintenance issues Shall you charge system owners for use of the IdArch Who is responsible for maintenance of casifications How do you plan system updates for the whole integrated application structure (a system owner cant take an isolated decision to update a system). LOA – not only technology A lot of decisions around interpretations of enterprise data

3 Deploy and Use an Identity Architecture
An Identity architecture consists of: An enterprise repository for identity and privilege information; Procedures for identity management; A meta-directory for synchron. of enterprise data; Services for Authentication, Authorisarion and controlled release of identity and privilege information The primary driver is SSO user-friendliness is the primary success factor (not the increased quality or efficiency of user administration) Identity management is by now identified by most campuses as an important . a lot of talks at conferences and a lot of courses ... but other issues and problems involved are not appreciated enough

4 Level of Assurance Have we deployed an Identity Architecture with an Identity Management we trust enough to control authorization of the use of shared resources? We need identities on different levels of assurance Initial ident does not reach the required LOA Speed of getting an account Students off campus Loose affiliation

5 Remember! The services introduced are convenient for the user – single-signon But we also introduce another mission critical cmponent in our infrastructure (comparable to the DNS)

6 Basic issues in Identity Management
To be accepted as a member of an Identity Federation you need to have your Id Mgmt in order. the Id Federation is about trusting each others identities You need to know Who you issue an identity to and why How you identify the person receiving the credentials Why you assign a certain affiliation to an identity How you manage that affiliation and other info

7 Further issues in Identity Management
How is the management of the information from different sources that is synchronised by the meta- directory managed? The necessary coherent view of the organisation in systems to be integrated is not a reality. The freedom of management of systems is heavily reduced in an integrated environment The quality of identity management must aim at use of the information for authorization

8 A coherent view of the organisation
Who is respons5ble for keeping a coherent view of the organisation How is a new organisational unit established? Changed? Removed? Does any system contain a ”correct” view of the organisation? Can it be a component in the meta-directory?

9 Meta-directory issues
Precedence rules when the same data may be found in several systems Employee and/or student Name changes Change of social security numbers

10 Decentralised management
Identity and privilege information Management of an attribute shall harmonise with the order of delegation Remember: The attributes shall be used for authorisation Much of the information can be managed decentralised (follow the order of delegation ”Guests” have to be added to be authorized to use resources

11 Grace Periods When is an account inactivated?
a student leaves an employee leaves faculty and staff Different grace periods for different systems and services? Exceptions when who can decide

12 Privilege Information
Authorization requires other type of information roles in courses projects, board members virtual organisations Management of the privileges shall be done by those controlling the resource or service

13 System owners The systems are integrated
The System owners cant decide on their own any more Upgrades have to be coordinated How is that best organised?

14 As you can see Many of these issues are non-technical and one may say that to get your Identity Management in order you have to get your organisation in order

Download ppt "Current Campus Issues – From My Horizon"

Similar presentations

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.

Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.
Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.

Identity Management at the University of Florida Mike Conlon, Director of Data Infrastructure University of Florida, Gainesville, Florida Background Identity.
Autenticazione e Gestione delle Identità Giacomo Aimasso – CISM – CISA.

Autenticazione e Gestione delle Identità Giacomo Aimasso – CISM – CISA.
Data Ownership Responsibilities & Procedures

Data Ownership Responsibilities & Procedures
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
16/3/2015 META ACCESS MANAGEMENT SYSTEM Implementing Authorised Access Dr. Erik Vullings MAMS Programme Manager

16/3/2015 META ACCESS MANAGEMENT SYSTEM Implementing Authorised Access Dr. Erik Vullings MAMS Programme Manager
Insight Consulting Siemens Identity Management Survey Conducted April – June 2007 Info

Insight Consulting Siemens Identity Management Survey Conducted April – June 2007 Info
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.

LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.
Managing Information UT November 13-14, 2008 Campus Identity and Access Management Services.

Managing Information UT November 13-14, 2008 Campus Identity and Access Management Services.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Digital Identity Management Strategy, Policies and Architecture Kent Percival 2005 06 23 A presentation to the Information Services Committee.

Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.
Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.

Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.

Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
Integrating Applications with the Directory Andrea Beesing CIT/Integration and Delivery June 25, 2002.

Integrating Applications with the Directory Andrea Beesing CIT/Integration and Delivery June 25, 2002.

Similar presentations

Ads by Google