Presentation is loading. Please wait.

Presentation is loading. Please wait.

Signet Privilege Management

Published byCassandra Byrd Modified over 6 years ago

Similar presentations

Presentation on theme: "Signet Privilege Management"— Presentation transcript:

1 Signet Privilege Management
nmi-edit Signet Privilege Management 2004 Internet2 Fall Members Meeting Austin, September 29, 2004 Lynn McRae, Stanford University Copyright Lynn McRae, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author. 1/3/2019

2 What is Signet? A Privilege Management System & toolkit
Tools to define privileges UI to assign privileges to people Components for integrating with other systems NSF funded Internet2 /MACE project Part of AuthZ core middleware initiative Based on Stanford Authority Management system 1/3/2019

3 Central Privilege Management
System independent source of privilege data Simplifies policy management and tracking Consistent application of rules NOT an authorization service… Integrates with local system security Integrates with authorization mechanisms A source of data for an authorization service What is an authorization service? 1/3/2019

4 Signet home page 1/3/2019

5 Signet home page 1/3/2019

6 Signet home page 1/3/2019

7 Subsystems Define domains of ownership and responsibility
Reflect real world boundaries Can be large or small One built-in subsystem to manage other subsystems 1/3/2019

8 Categories Group privileges into topics
Organize data for UI and reports Some control features, e.g., choose one vs choose many 1/3/2019

9 Functions Basic unit of privilege assignment
Can encapsulate one or more permissions functions 1/3/2019

10 Smaller subsystems Just a few functions Categories not required
1/3/2019

11 Signet home page 1/3/2019

12 Signet privilege details
1/3/2019

13 Signet - Person View 1/3/2019

14 Signet - Person View 1/3/2019

15 Signet - Granting 1/3/2019

16 Signet - Granting - Privileges
1/3/2019

17 Signet - Granting - Scope
1/3/2019

18 Scope Places privileges in a hierarchy Distributed delegation control
“you can only give what you have” Independent of personnel hierarchy Each subsystem can have a different scope, or no scope 1/3/2019

19 Signet - Granting - Limits
Qualifiers/constraints for a privilege Limit types: Numeric, ranges Single/multiple choice Input values, edited against domain of values Extensible Knows “less” or “fewer” for delegation 1/3/2019

20 Signet - Granting - Conditions
Prerequisites (auto-activation) Conditions (auto-revocation), extensible Having vs delegating authority 1/3/2019

21 Demo - Signet - Granting
1/3/2019

22 Other features Assigning privileges to groups Designated drivers
Groups may represent roles But Role management per se is a future concern Synergy with Grouper project Designated drivers Privilege granting proxy Acting proxy Notification 1/3/2019

23 Feature summary By authority of the Dean grantor
principal investigators role (group) who have completed training prerequisite can approve purchases function in the School of Medicine scope for research projects up to $100,000 limits until January 1, 2006 condition 1/3/2019

24 Privileges building blocks
System view Permissions Business view Subsystems Categories Functions Scope Limits Prerequisites Conditions 1/3/2019

25 Function/Permissions
1/3/2019

26 Permissions integration - provisioning
1/3/2019

27 Permissions integration - infrastructure
1/3/2019

28 Signet components 1/3/2019 Yellow = institution provided

29 Auditing Logging History Subsystem and Assignment snapshots
Reconciling Signet privileges with consumer privileges 1/3/2019

30 Project Status/Overview
Core objects: Subsystem metadata - schema/api Scope tree - schema/api Subject - schema/api Assignment schema/api 1st alpha release, basic UI -- November 1, 2004 1/3/2019

31 Project Status/Overview
Second tier features Limits and Proxy Integration connectors Lifecycle Conditions and Prerequisites Group assignments Metadata management UI 1/3/2019

32 Early Adopters Queens College, Ontario University of California, Davis
University of Southern California 1/3/2019

33 For more information… The project web site: list: 1/3/2019

Download ppt "Signet Privilege Management"

Similar presentations

Glenn Johnson John A. Dutton e-Education Institute Project Manager, Penn States e-Portfolio Initiative Glenn Johnson John A. Dutton e-Education Institute.

Glenn Johnson John A. Dutton e-Education Institute Project Manager, Penn States e-Portfolio Initiative Glenn Johnson John A. Dutton e-Education Institute.
CHECK 2012 Bridging the Gap for Mobile Devices: Eager Adoption v. Practical Support Emporia State University The Faculty & Staff Support Perspective Cory.

CHECK 2012 Bridging the Gap for Mobile Devices: Eager Adoption v. Practical Support Emporia State University The Faculty & Staff Support Perspective Cory.
Experiences in Middleware Deployment: Teach a man to fish… Mary Fran Yafchak NMI Integration Testbed Manager SURA IT Program Coordinator.

Experiences in Middleware Deployment: Teach a man to fish… Mary Fran Yafchak NMI Integration Testbed Manager SURA IT Program Coordinator.
A Successful Help Desk Process for all IT Support

A Successful Help Desk Process for all IT Support
What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.

What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Managing Roles & Privileges with Grouper and Signet Middleware Nate Klingenstein (some words stolen from Tom Barton & Lynn Mcrae) Helsinki EuroCAMP, April.

Managing Roles & Privileges with Grouper and Signet Middleware Nate Klingenstein (some words stolen from Tom Barton & Lynn Mcrae) Helsinki EuroCAMP, April.
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau 2004. This work is the intellectual property of the authors. Permission is granted for.

Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
Design & Development Scott Battaglia Application Developer Enterprise Systems and Services Rutgers, the State University of New Jersey

Design & Development Scott Battaglia Application Developer Enterprise Systems and Services Rutgers, the State University of New Jersey
Flexible Information Literacy Alternatives for Independent Learners Suzanne Hayes March 17, 2003 Copyright Suzanne Hayes 2003. This work is the intellectual.

Flexible Information Literacy Alternatives for Independent Learners Suzanne Hayes March 17, 2003 Copyright Suzanne Hayes This work is the intellectual.
Delivering Windows OS Updates at Yale with SUS EDUCAUSE Security Professionals Workshop May 17, 2004 Washington DC Ken Hoover, Systems Programmer

Delivering Windows OS Updates at Yale with SUS EDUCAUSE Security Professionals Workshop May 17, 2004 Washington DC Ken Hoover, Systems Programmer
Lynn McRae Stanford University Lynn McRae Stanford University Stanford Authority Manager Privilege management use.

Lynn McRae Stanford University Lynn McRae Stanford University Stanford Authority Manager Privilege management use.
Procurement From the 20 th to the 21 st Century Copyright Byron Honoré 2007. This work is the intellectual property of the author. Permission is granted.

Procurement From the 20 th to the 21 st Century Copyright Byron Honoré This work is the intellectual property of the author. Permission is granted.
David Sweeney, Director Brooke Woodruff, IT Manager

David Sweeney, Director Brooke Woodruff, IT Manager
Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.
Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, 2004. This work is the intellectual property of the.

Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, This work is the intellectual property of the.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,

Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
Sharing MU's SharePoint Experience 2005 Midwest Regional Conference Innovative Use of Technology: Getting IT Done Wednesday, March 23, 2005.

Sharing MU's SharePoint Experience 2005 Midwest Regional Conference Innovative Use of Technology: Getting IT Done Wednesday, March 23, 2005.

Similar presentations

Ads by Google