Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shibboleth as Attribute Delivery for Authorization

Published byDiane Gauthier Modified over 5 years ago

Similar presentations

Presentation on theme: "Shibboleth as Attribute Delivery for Authorization"— Presentation transcript:

1 Shibboleth as Attribute Delivery for Authorization
Renee Shuey Penn State University June 27, 2006

2 Outline PSU and ITS What Identity Management looks like at Penn State
External attribute distribution Considerations when releasing attributes Wrap-up

3 A little bit about Penn State and ITS…

4 Penn State

5 Penn State Established 1855, PA’s Land Grant 24 campus locations
80K students, 10K faculty, 10K staff $640M annual research expenditure

6 Components of IdM at Penn State
Kerberos, DCE, Active Directory LDAP (eduPerson) Cosign (WebAccess is local branding) Shibboleth Member of InCommon “Access Account” - branding for Penn State identity (authn only available too), ~120K “Short Term Access Accounts” (authn only available too), 178/9104 as of 11AM today “Friends of Penn State” - branding for external identity, ~450K

7 Example of Access Account Uses
WebMail eLion Filespace Employee Benefits Personal webspace LIAS (Library Resources) ANGEL (Course Management) Penn State Portal Time cards e-Portfolio General Stores – shopping online Parking permit applications Res Hall applications, network connections Travel services Office of Physical Plant –Customer Info Center Id+ Online WebForum Student Computer Labs Wireless authn VPN etc.

8 Examples of Short Term Access Account uses
Temporary access to a computer lab Temporary access to wireless Helps solve the summer camp problem Continuing Education (big deal at non-UP campuses)

9 Examples of “Friends of Penn State” Uses
ANGEL (Course Mgt) Undergraduate Admissions World Campus Registrar Office of Human Resources Outreach Bursar Counselor Training Program

10 Examples of Shib uses WebAssign Napster ANGEL
Office of Student Aid (coming soon) Symplicity (coming soon) Worldwide University Network turnitin.com (coming soon) Lionshare Thomson Publishing (coming soon)

11 What attributes do we share with which service providers?

12 Example 1 - WebAssign Attributes Released
eduPersonPrincipalName (EPPN) Physics course Common name Surname Given name

13 Example 2 - Turnitin Attributes Released: eduPersonPrincipalName
eduPersonPrimaryAffiliation Given Name Surname

14 Example 3 – PHEAA (Pennsylvania Higher Education Assistance Agency)
Attributes Released: eduPersonScopedAffiliation eduPersonAffiliation Given Name Surname Date of Birth Social Security Number      

15 So….how did we decide what attributes can be released to an external service provider?

16 Using Example 1 - WebAssign
Course information students pay directly for access to physics content Existing policies related to FERPA and student records (AD-11) “The following is a list of directory items that may be made available to the public regarding students of the University without their prior consent and is considered part of the public record of their attendance: “ Confidentiality hold

17 Using Example 3 - PHEAA Current policies define what attributes, or combination of attributes, constitute a FERPA protected record AD-11 - University policy on confidentiality of student records Social Security Number AD Use of Penn State Identification and Social Security Number Requires special permission from Chief Privacy Officer

18 Summary of Process for Distributing Attributes
Identify which attributes are “required” by service provider to complete transaction Work with appropriate people to verify attributes can be shared University affiliate, IdM administrators, Chief Privacy Officer, Data Stewards Shibboleth Identity provider admin creates attribute release policy

19 Points to Ponder Confidentiality hold
Leverage well established business rules Personal management of attribute release (SHARPE) Third party policy Audits of TP security practices Addendums to contracts

20 The On-Going Challenge
Good tools exist but that’s not enough The only thing standing between these principles & practices and making a big difference with them is: developing the institutional will to constantly improve IdM creating a groundswell of epiphanies across the university

21 Questions?

Download ppt "Shibboleth as Attribute Delivery for Authorization"

Similar presentations

When will the helicopters end? Giving Parents Access Case Study The University of Arkansas and Southern Methodist University M3.3 February 4, 2013.

When will the helicopters end? Giving Parents Access Case Study The University of Arkansas and Southern Methodist University M3.3 February 4, 2013.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
The Family Educational Rights and Privacy Act

The Family Educational Rights and Privacy Act
Maureen Cronin Associate Registrar for DARS University of Nevada, Reno.

Maureen Cronin Associate Registrar for DARS University of Nevada, Reno.
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.

EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
FERPA Refresher Training Start. Page 2 of 11 Copyright © 2006 Arizona Board of Regents FERPA Refresher Training What is FERPA FERPA stands for Family.

FERPA Refresher Training Start. Page 2 of 11 Copyright © 2006 Arizona Board of Regents FERPA Refresher Training What is FERPA FERPA stands for Family.
Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.

Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.
Authorizing Access to Services at Penn State University

Authorizing Access to Services at Penn State University
1 GRAND VALLEY STATE UNIVERSITY FAMILY EDUCATIONAL RIGHTS & PRIVACY ACT (FERPA) TRAINING OFFICES OF THE REGISTRAR AND UNIVERSITY COUNSEL JANUARY 20, 2009.

1 GRAND VALLEY STATE UNIVERSITY FAMILY EDUCATIONAL RIGHTS & PRIVACY ACT (FERPA) TRAINING OFFICES OF THE REGISTRAR AND UNIVERSITY COUNSEL JANUARY 20, 2009.
What is FERPA? Family Educational Rights and Privacy Act.

What is FERPA? Family Educational Rights and Privacy Act.
Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.

Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.
UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.

UC Irvine’s Pre-Shib Attribute Setup PH / QI Directory Provides Authoritative Attribute Store –Had both Faculty / Staff and Student Information UCI’s Campus.
June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park

June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park
The Family Educational Rights and Privacy Act (FERPA) The Importance of Protecting Student Records This session will help you better understand the law.

The Family Educational Rights and Privacy Act (FERPA) The Importance of Protecting Student Records This session will help you better understand the law.
Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, 2004. This work is the intellectual property of the.

Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, This work is the intellectual property of the.
© 2011 The University of Chicago InCommon Silver Implementation at UChicago Tom Barton 1.

© 2011 The University of Chicago InCommon Silver Implementation at UChicago Tom Barton 1.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Similar presentations

Ads by Google